Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer and some programs seem slow to start up [Solved]

Started by nedesigns.nebraska , Jun 11 2023 04:26 PM

  • This topic is locked This topic is locked

#1
nedesigns.nebraska
Posted 11 June 2023 - 04:26 PM

nedesigns.nebraska

    New Member

  • Member
  • Pip
  • 7 posts

The computer has seemed to slow down over the last months and takes longer to get some of the programs up and running like Affinity Designer. The hard disk seems to be running a lot.

 

Here is FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2023
Ran by Andrea (administrator) on LAPTOP-BOJT2U1K (HP HP Laptop 15-bs0xx) (11-06-2023 15:34:04)
Running from C:\Users\Andrea\Desktop\FRST64.exe
Loaded Profiles: Andrea
Platform: Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\HP\HP Enabling Services\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe <2>
(C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxEM.exe
(explorer.exe ->) (Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\Andrea\AppData\Local\Amazon Music\Amazon Music Helper.exe
(explorer.exe ->) (Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\Andrea\AppData\Local\Amazon Music\Amazon Music.exe <5>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6>
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\IntelCpHeciSvc.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe
(services.exe ->) (Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21472.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21472.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366944 2022-09-27] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709160 2018-05-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [78176 2020-01-14] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1976160 2020-01-14] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [189320 2021-12-29] (MIXBYTE, INC. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [Amazon Music Helper] => C:\Users\Andrea\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107496 2023-04-12] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [Amazon Music] => C:\Users\Andrea\AppData\Local\Amazon Music\Amazon Music.exe [22915176 2023-04-12] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3231512 2023-06-04] (Google LLC -> Google LLC)
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [MicrosoftEdgeAutoLaunch_2BCE45D4A4484E0003ED7A100E569D69] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4113872 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS6400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDH8.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6400 series: C:\WINDOWS\system32\CNMLMH8.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP BC11 Status Monitor: C:\WINDOWS\system32\hpinkstsBC11LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Photosmart 7520 series): C:\WINDOWS\system32\HPDiscoPMBC11.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\sawl0ilm: C:\WINDOWS\system32\sawl0ilm.dll [123392 2018-12-19] (Sawgrass Technologies, Inc. -> RICOH CO., LTD.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.110\Installer\chrmstp.exe [2023-06-05] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS Thermal Printing.lnk [2019-11-20]
ShortcutTarget: UPS Thermal Printing.lnk -> C:\Program Files (x86)\UPS\Thermal Printing\UPSISJavaStarter.exe (United Parcel Service) [File not signed]
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2018-12-28]
ShortcutAndArgument: Monitor Ink Alerts - .lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Photosmart 7520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN38F490MK05YY;CONNECTION=NW;MONITOR=1;
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {111B4347-802E-4100-8503-9DADB89D34B6} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {16377777-F2C0-42B3-B543-A76221B3E58B} - System32\Tasks\HP AR Program Upload - 689fa6d443a04ce69fb6af133cafd792bda201f8bb0342f8908628987f0bc680 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {17530B6F-24B6-4A37-B753-01FCFF9AF853} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {20F7BF8D-B51B-45D5-A581-4D058DD94974} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe  /DeviceScanR6 (No File)
Task: {22554D47-D0E9-42D7-B922-F921292511E2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {24B80863-A6F4-41AE-865A-9EE365E63827} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-07] (Google Inc -> Google Inc.)
Task: {280174F0-DDB0-4310-81CB-1E006D8AE41C} - System32\Tasks\HP AR Program Upload - ab8aba70b31942d581890da74f127b2e84a91ad2091e4491b536419b11b1fa52 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {352C0AB0-2C06-40FB-ACE9-B553A6A014BF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {38E8E70C-CE1F-4DA4-ADED-D07ABD8F77D5} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPDeviceCheck\HPDeviceCheck.exe [316488 2023-05-30] (HP Inc. -> )
Task: {3B811D9E-46CF-4993-86E2-A3473E0977F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-05-30] (HP Inc. -> HP Inc.)
Task: {3C626949-1D22-4540-82F5-E3DAD2BC8BD4} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-28] (Dropbox, Inc -> DropboxOEM)
Task: {4DC4DB98-8A89-4BF6-9A43-BC9A31C88208} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-05-03] (HP Inc. -> HP Inc.)
Task: {5D237991-2254-4C70-8505-F3EBD5BFD19B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {61C33AED-AE30-4190-A4C8-17CD5BF2FA9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6CDB3905-AA70-4ECE-B7C9-4FFAE6299B41} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123872 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {7317EF6B-091D-4924-9122-74F3A7DAB132} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {77EA6941-5F3A-416C-BDC3-8137A81ADDCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-05-30] (HP Inc. -> HP Inc.)
Task: {77F1A988-0508-4172-8C9B-1948E376417F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1135128 2023-05-30] (HP Inc. -> HP Inc.)
Task: {7CE88213-A5FD-48EE-AB39-1F6AC5017B39} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {82065198-7630-475D-8B0F-2371117F7EE2} - System32\Tasks\GoogleUpdateTaskMachineCore1d3f11346995b1c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-07] (Google Inc -> Google Inc.)
Task: {83905423-80BC-4349-AD90-D216ED48DDBF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {861164FC-A99A-465D-917E-50854D3CDE16} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459264 2017-02-01] (HP Inc. -> )
Task: {913FEB57-2F59-4783-B14C-9E014A382FC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-07] (Google Inc -> Google Inc.)
Task: {A0A70F9B-063E-4E5A-9D79-D7FCD8D54EB4} - System32\Tasks\DropboxUpdateTaskMachineCore1d3f1132c67caab => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A96C1164-5141-4BC3-82C9-4449FC12A955} - System32\Tasks\HP AR Program Upload - 05e0633b5acd4e7e813775522cad707c64f14871a8384bdb8ef56b240b866346 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {B57EE225-18C7-4617-B368-0D32CFB886F3} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-05-03] (HP Inc. -> HP Inc.)
Task: {B720601E-6E8C-4CC7-9CF3-CD7AAE306165} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123872 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B84F792D-6475-4835-8E18-B137372330C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {BBDE72F3-149D-4F92-AA27-01654E2B5A1E} - System32\Tasks\HP AR Program Upload - f3cdf7d09341415fb895e14acc2b66724e8d6e97f2f94a7e8106996f1a68a06d => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {C4D12AA4-C770-4271-A839-C974F159FD2A} - System32\Tasks\HP AR Program Upload - a6874bdd951c43d29361a283feca920036581f81f5214e57bd41041330c84072 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {D6A57077-A673-4215-A6C7-73A844BF7CF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  /f (No File)
Task: {D85C29E5-F3F4-42DB-825F-F22759B43AB0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {D9B0D591-1DE2-472F-B27D-D8788F857081} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [228888 2023-05-30] (HP Inc. -> HP Inc.)
Task: {DC2BAFA2-84B7-4B1D-83CF-F4CE853C66DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {DCFC152E-98AC-431E-B8E9-DD3B7E701B8C} - System32\Tasks\HP AR Program Upload - a94a4e4a6e7e459ab2446a101619838aa0b3bd901eee4556a23723591c380060 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {E6D14915-1CF1-41BE-867D-A8FC2FF600AD} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {EDB64711-9367-4653-B614-C8D6AB83AEFA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F4BD3112-E5BA-4A77-B13C-7A4C09BFFC48} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [310856 2023-05-30] (HP Inc. -> HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d3f1132c67caab.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{6f6cac8a-6dc0-42fc-a28b-81d2a1b46229}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{767e2216-d76f-41ba-8197-89f2a0092327}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-11]
Edge Extension: (Norton Safe Web) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2023-05-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-30]
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-03-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-03-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default [2023-06-11]
CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://discountdance.com; hxxps://highercaptcha-settle.com; hxxps://music.amazon.com; hxxps://www.chiefs.com; hxxps://www.facebook.com; hxxps://www.ticketmaster.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-05-13]
CHR Extension: (Norton Safe Web) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2023-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-02]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2017-07-18]
CHR Extension: (Norton Privacy Builder) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpognpnpncelknkahlngpojfjgdmkodn [2021-10-27]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2023-06-10]
CHR Extension: (Norton Home Page) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2023-06-10]
CHR Extension: (Norton Safe) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2023-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-06]
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\System Profile [2023-03-24]
CHR HKU\S-1-5-21-49734549-2778740961-242884094-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflanjgoamglnnocilcllegbbbfogfjc]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103264 2022-10-08] (Apple Inc. -> Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [134080 2017-05-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749376 2023-05-12] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [87432 2021-12-29] (MIXBYTE, INC. -> Freemake)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [859024 2023-05-30] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [857536 2023-05-30] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [854464 2023-05-30] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229328 2023-05-03] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [858560 2023-05-30] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [332640 2020-01-14] (Pro Softnet Corporation -> Prosoftnet)
R2 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-24] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-05-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe [105064 2018-03-21] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Andrea\AppData\Roaming\Zoom"
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 MpKsl8899bea3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3510292F-9EA3-4CE2-8BE0-2F44F1BE99AE}\MpKslDrv.sys [213288 2023-06-11] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498984 2023-05-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-31] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-06-11 15:34 - 2023-06-11 15:37 - 000032900 _____ C:\Users\Andrea\Desktop\FRST.txt
2023-06-11 15:33 - 2023-06-11 15:33 - 000000000 ____D C:\Users\Andrea\Desktop\FRST-OlderVersion
2023-06-11 15:32 - 2023-06-11 15:35 - 000000000 ____D C:\FRST
2023-06-11 15:29 - 2023-06-11 15:33 - 002383360 _____ (Farbar) C:\Users\Andrea\Desktop\FRST64.exe
2023-06-10 11:20 - 2023-06-10 11:20 - 000000000 ___HD C:\ProgramData\temp
2023-06-10 00:53 - 2023-06-10 00:53 - 000086061 _____ C:\Users\Andrea\Downloads\Blank W-9.pdf
2023-05-28 12:10 - 2023-05-28 12:10 - 002998976 _____ C:\Users\Andrea\Downloads\MarylandSil2.zip
2023-05-24 23:34 - 2023-05-24 23:34 - 000019198 _____ C:\Users\Andrea\Downloads\student_transactions_20230524.xls
2023-05-24 16:53 - 2023-05-30 21:00 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2023-05-23 22:31 - 2023-03-20 05:48 - 001350600 _____ (HP Inc.) C:\WINDOWS\system32\HPScanTEDrv_x64_DiscoveryLibDyn.dll
2023-05-23 22:31 - 2023-03-20 05:48 - 000698784 _____ (HP Inc., LP) C:\WINDOWS\system32\HPWia2Drv.dll
2023-05-23 22:31 - 2023-03-20 05:47 - 007676872 _____ (HP Inc.) C:\WINDOWS\system32\HPScanTEDrv_x64.dll
2023-05-23 22:31 - 2023-03-20 05:47 - 005375952 _____ (HP Inc.) C:\WINDOWS\SysWOW64\HPScanTEDrv.dll
2023-05-23 22:31 - 2023-03-20 05:47 - 000992208 _____ (HP Inc.) C:\WINDOWS\SysWOW64\DiscoveryLibDyn.dll
2023-05-22 10:03 - 2023-05-22 10:03 - 000020364 _____ C:\Users\Andrea\Downloads\receipt (1).pdf
2023-05-20 23:21 - 2023-05-20 23:21 - 000369689 _____ C:\Users\Andrea\Downloads\7975078 Backstage 2023.pdf
2023-05-16 22:59 - 2023-05-16 22:59 - 000012275 _____ C:\Users\Andrea\Downloads\names2023.xlsx
2023-05-14 20:13 - 2023-05-14 20:13 - 008707462 _____ C:\Users\Andrea\Downloads\BLG-0047 (1).zip
2023-05-12 11:57 - 2023-05-12 11:57 - 000000000 ___HD C:\$WinREAgent
2023-05-12 11:44 - 2023-05-12 12:32 - 002113844 _____ C:\WINDOWS\Minidump\051223-87218-01.dmp
2023-05-12 11:44 - 2023-05-12 11:44 - 1743978396 _____ C:\WINDOWS\MEMORY.DMP
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-06-11 15:27 - 2017-07-07 19:55 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-11 15:01 - 2020-09-16 22:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-06-11 14:27 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-11 13:13 - 2017-03-17 09:19 - 000000000 ____D C:\Program Files\HP
2023-06-11 13:12 - 2020-09-16 23:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2023-06-11 13:10 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-11 13:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-06-11 13:01 - 2018-01-19 16:02 - 000000000 ____D C:\ProgramData\IDrive
2023-06-10 12:00 - 2017-07-07 20:21 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Publisher
2023-06-10 11:54 - 2018-03-02 21:08 - 000000000 ____D C:\Users\Andrea\Documents\CHS
2023-06-10 11:53 - 2017-07-07 20:23 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Word
2023-06-10 11:46 - 2020-06-15 17:51 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-10 11:46 - 2020-06-15 17:51 - 000002243 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-10 11:41 - 2018-03-02 21:06 - 000000000 ____D C:\Users\Andrea\Documents\Backstage_Omaha
2023-06-10 11:34 - 2020-09-16 23:25 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-10 11:34 - 2020-09-16 23:25 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-10 11:26 - 2020-09-16 23:05 - 000934898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-06-10 11:26 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-06-10 11:22 - 2017-07-07 16:47 - 000000000 __SHD C:\Users\Andrea\IntelGraphicsProfiles
2023-06-10 11:18 - 2020-09-16 23:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-06-10 11:18 - 2020-09-16 22:37 - 000008192 ___SH C:\DumpStack.log.tmp
2023-06-10 11:18 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-06-10 01:03 - 2021-12-10 22:41 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-49734549-2778740961-242884094-1001
2023-06-10 01:03 - 2020-09-16 23:25 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-49734549-2778740961-242884094-1001
2023-06-10 01:03 - 2020-09-16 22:45 - 000002385 _____ C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-06 22:24 - 2017-12-22 18:10 - 000000000 ____D C:\Users\Andrea\AppData\Local\Packages
2023-06-05 18:07 - 2017-07-07 19:56 - 000002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-05 18:07 - 2017-07-07 19:56 - 000002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-06-05 18:04 - 2021-12-17 23:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-06-05 00:34 - 2018-03-02 21:08 - 000000000 ____D C:\Users\Andrea\Documents\coloring pages
2023-06-03 10:53 - 2017-07-07 20:21 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Office
2023-06-03 10:50 - 2017-11-13 22:32 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Excel
2023-06-03 09:19 - 2018-01-12 23:15 - 000000000 ____D C:\Users\Andrea\Documents\Andrea
2023-06-03 00:52 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-06-02 12:56 - 2022-06-20 18:54 - 000000000 ____D C:\Users\Andrea\AppData\Local\Amazon Music
2023-05-31 19:43 - 2018-02-15 00:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-05-31 17:48 - 2018-09-23 18:10 - 000000000 ____D C:\Users\Andrea\Documents\aLLaCreations
2023-05-30 08:28 - 2018-03-02 21:31 - 000000000 ____D C:\Users\Andrea\Documents\Taxes
2023-05-29 18:54 - 2018-01-12 23:10 - 000000000 ____D C:\Users\Andrea\Documents\AKG Designs
2023-05-28 13:35 - 2021-08-17 19:26 - 000000000 ____D C:\Users\Andrea\AppData\Local\CrashDumps
2023-05-19 12:02 - 2016-07-16 06:47 - 000000244 _____ C:\WINDOWS\system.ini
2023-05-19 12:02 - 2016-07-16 06:47 - 000000226 _____ C:\WINDOWS\win.ini
2023-05-19 10:57 - 2020-09-16 23:25 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-05-19 10:57 - 2020-09-16 23:25 - 000003620 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d3f11346995b1c
2023-05-13 17:59 - 2020-09-16 23:25 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-05-13 17:58 - 2022-10-13 10:40 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-05-13 17:58 - 2022-10-13 10:40 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-05-13 08:23 - 2022-06-20 18:55 - 000001267 _____ C:\Users\Andrea\Desktop\Amazon Music.lnk
2023-05-13 08:18 - 2020-09-16 22:45 - 000000000 ____D C:\Users\Andrea
2023-05-13 00:56 - 2020-09-16 22:38 - 000729504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-05-13 00:54 - 2019-12-07 04:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2023-05-13 00:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-05-13 00:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-05-13 00:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-05-13 00:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2023-05-13 00:45 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-05-13 00:45 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-05-13 00:45 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-05-12 13:36 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-05-12 13:11 - 2020-09-16 22:44 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-05-12 12:33 - 2021-04-22 10:54 - 000000000 ____D C:\WINDOWS\Minidump
2023-05-12 12:09 - 2017-03-17 09:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-05-12 11:49 - 2021-01-22 11:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-05-12 11:44 - 2018-05-21 09:51 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d3f1132c67caab.job
2023-05-12 11:44 - 2017-03-17 09:23 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
 
==================== Files in the root of some directories ========
 
2021-01-09 19:24 - 2021-01-09 19:25 - 054133456 _____ (Brother Industries, Ltd.                                    ) C:\Users\Andrea\AppData\Local\Brother_CanvasWorkspace_Setup.exe
2017-07-07 16:47 - 2017-12-31 16:43 - 000220851 _____ () C:\Users\Andrea\AppData\Local\BTServer.log
2019-02-02 16:33 - 2019-02-02 16:33 - 000003584 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-04-06 19:29 - 2022-04-06 19:29 - 000007605 _____ () C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Here is Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by Andrea (11-06-2023 15:42:10)
Running from C:\Users\Andrea\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) (2020-09-17 04:26:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-49734549-2778740961-242884094-500 - Administrator - Disabled)
Andrea (S-1-5-21-49734549-2778740961-242884094-1001 - Administrator - Enabled) => C:\Users\Andrea
DefaultAccount (S-1-5-21-49734549-2778740961-242884094-503 - Limited - Disabled)
Guest (S-1-5-21-49734549-2778740961-242884094-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-49734549-2778740961-242884094-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.001.20174 - Adobe)
Adobe AIR (HKLM-x32\...\{19687AD5-7E54-4C5E-A796-125C95079C1D}) (Version: 21.0.0.215 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Affinity Designer (HKLM\...\{3CA63F54-85C0-4077-8336-B795B90E9B7E}) (Version: 1.7.3.481 - Serif (Europe) Ltd)
Amazon Music (HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Amazon Amazon Music) (Version: 9.4.3.2420 - Amazon.com Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{44325855-D4CA-4994-A27A-39FE50CE6A8E}) (Version: 16.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bay ROES (HKLM-x32\...\{d4b70026-de82-45b4-b13e-4d0745a4f6ea}) (Version: 2.2.0 - SoftWorks Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother CanvasWorkspace (HKLM\...\{560F5904-8482-4BAC-BEB8-6AC2E21AB4A0}_is1) (Version: 2.4.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cool Edit 2000 (HKLM-x32\...\Cool Edit 2000) (Version:  - )
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
Desktop Interface to Online Converter version 1.0.11 (HKLM-x32\...\{548734C0-8452-4B65-8850-5CDC02F49095}_is1) (Version: 1.0.11 - Ideas R Us Software)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.761.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Freemake Video Converter version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)
Google Chrome (HKLM\...\{B24F0A95-6C38-3CA4-AFC8-7BDD38B8C51D}) (Version: 114.0.5735.110 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{7F27A5CB-3C0B-4104-B0C9-288038093F3A}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{8F55398C-0F24-4950-8C7B-A0195469393C}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{A12996E4-B1A8-49A9-A7E3-488C21268ED7}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{A2707859-3D7E-460E-A19F-84128CA1B4B9}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{31A8CE98-EB9B-497F-8C17-C7089D8B1639}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5f8ec28f-ae40-408e-b950-1da32237e007}) (Version: 5.3.21679 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{90F34553-7DC3-46D9-BE03-848E1FEBA0FE}) (Version: 5.3.21679 - HP Inc.) Hidden
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Orbit (HKLM\...\{1A083C69-5382-4CF9-8074-80EC050D9FC8}) (Version: 3.5.171.271 - HP) Hidden
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Orbit Service (HKLM\...\{B384505E-0FE1-4A0F-9E92-7C592276E0A4}) (Version: 2.5.171.271 - HP Inc) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{9DD60999-A4F0-4333-9D00-E45C718EA6C1}) (Version: 1.4.30 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDrive version 6.7.3.2 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.2 - Pro Softnet Corp)
Intel® Chipset Device Software (HKLM\...\{631C57C3-B765-4327-822A-057C34D691CC}) (Version: 10.1.17695.8086 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.11000.6436 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1824.12.0.1140 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{C9597022-A6BB-42C5-A1CB-2226DA2A9614}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{D0402E4E-7103-4FD6-B610-BE6CB10F38F5}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{6AEC805A-422A-44BE-80F9-53EC0E0AFDC1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.0.1027 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{49F223FE-D3BD-4FB9-96BF-41361123804A}) (Version: 16.5.0.1027 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{3b132227-4567-48a1-9f85-0d0dad4346ee}) (Version: 1.49.213.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{E848D060-9C53-4138-A2BC-F3357EDD3C91}) (Version: 12.12.6.1 - Apple Inc.)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.16327.20248 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\OneDriveSetup.exe) (Version: 23.107.0521.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{415A5D1A-F5CB-4707-91D0-2489E8687BEE}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{D24D2291-46A5-4E32-A859-962778199D23}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.73 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.28.615.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.104 - REALTEK Semiconductor Corp.)
Sawgrass Print Manager (HKLM\...\Cassandra) (Version: v10.2.0 - Sawgrass Technologies, Inc.)
TurboTax Business 2021 (HKLM-x32\...\{C43C3986-140A-45CB-8611-248356E30CD0}) (Version: 021.000.0452 - Intuit Inc.)
TurboTax Business 2022 (HKLM-x32\...\{6AE1B334-44CF-4B4E-8864-E04F988EC719}) (Version: 022.000.0419 - Intuit Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
UPS Thermal Printing (HKLM-x32\...\{5468B610-354E-4ED3-B274-535F8F0AE2C0}) (Version: 2.0.0.0 - United Parcel Service)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.04 - NCH Software)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
wnepbpmStateIS (HKLM-x32\...\{99F9E76D-2EF8-44CB-91C0-78CAEB9137CC}) (Version: 021.000.0100 - Intuit Inc.) Hidden
wnepbpmStateIS (HKLM-x32\...\{B89AEA05-7086-4771-B6BB-63FC2FEA4049}) (Version: 022.000.0101 - Intuit Inc.) Hidden
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare Video Converter Ultimate(Build 10.2.3.163) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.2.3.163 - Wondershare Software)
Zoom(32bit) (HKLM-x32\...\{70FE33F1-5051-49F9-BA58-BE3648A35D5A}) (Version: 5.10.4420 - Zoom)
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-20] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-01-29] (Canon Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.283.0_x64__v10z8vjag6ke6 [2018-04-21] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_145.3.1086.0_x64__v10z8vjag6ke6 [2023-05-21] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.26.74.0_x64__v10z8vjag6ke6 [2023-06-11] (HP Inc.)
Inkscape -> C:\Program Files\WindowsApps\25415Inkscape.Inkscape_1.2.0.0_x64__9waqn51p1ttv2 [2022-06-10] (Inkscape)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-10] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-19] (Microsoft Studios) [MS Ad]
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-14] (Synaptics Incorporated)
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.1.10.0_x64__r1b4jsc7ddp3p [2022-12-20] (Total PC Cleaner)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-04-21] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-01-14] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-01-14] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-01-14] (Pro-Softnet Corporation, U.S.A) [File not signed]
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-01-14] () [File not signed]
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-01-14] () [File not signed]
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-01-14] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxDTCM.dll [2020-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Watch Family-Friendly TV Live and On Demand _ FRNDLY TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=kfppijmellgejdilnmnkkakgkfiddhmk
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
 
==================== Loaded Modules (Whitelisted) =============
 
2018-01-19 16:02 - 2020-01-14 18:19 - 005034496 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2018-01-19 16:02 - 2020-01-14 18:19 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2022-06-20 18:54 - 2022-08-19 11:50 - 003126272 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\av.dll
2022-06-20 18:54 - 2020-10-23 19:26 - 100699136 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\libcef.dll
2022-06-20 18:54 - 2020-10-23 11:56 - 000310784 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\libegl.dll
2022-06-20 18:54 - 2020-10-23 11:56 - 006972416 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\libglesv2.dll
2022-06-20 18:54 - 2020-03-10 17:51 - 001693184 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\tag.dll
2023-02-19 18:01 - 2023-02-19 18:01 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\7c0462f0e7adc64124e14e8b45d14958\Interop.IWshRuntimeLibrary.ni.dll
2022-06-20 18:54 - 2022-08-19 11:50 - 019901440 _____ (Amazon Services LLC) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\dmengine.dll
2022-06-20 18:54 - 2020-04-02 11:29 - 000099840 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\imageformats\qgif4.dll
2022-06-20 18:54 - 2020-04-02 11:29 - 000286720 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\imageformats\qjpeg4.dll
2022-06-20 18:54 - 2020-04-02 11:30 - 000391680 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\imageformats\qtiff4.dll
2022-06-20 18:54 - 2020-04-02 11:15 - 002266624 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\QtCore4.dll
2022-06-20 18:54 - 2020-04-02 11:25 - 006267392 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\QtGui4.dll
2022-06-20 18:54 - 2020-04-02 11:16 - 000802816 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\QtNetwork4.dll
2022-06-20 18:54 - 2022-08-19 11:50 - 007793664 _____ (Google LLC) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\widevine_cdm_secured_win.dll
2023-02-19 18:01 - 2023-02-19 18:01 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\72ee0a7c21c1edacd8084854e8a78e86\Hardcodet.Wpf.TaskbarNotification.ni.dll
2023-02-19 18:01 - 2023-02-19 18:01 - 001701888 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\8bde3b7cf9b8de436f92f11cab199c86\NAudio.ni.dll
2020-04-20 12:01 - 2020-04-20 12:01 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-20 12:01 - 2020-04-20 12:01 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2023-02-19 18:01 - 2023-02-19 18:01 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\cd913adf0579b6150cec55f2cac995e9\Newtonsoft.Json.ni.dll
2018-01-19 16:03 - 2020-01-14 18:19 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2023-02-19 18:01 - 2023-02-19 18:01 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\6aa016480a0ff3a46d40756f700eb748\log4net.ni.dll
2022-06-20 18:54 - 2020-10-23 12:14 - 000822272 _____ (The Chromium Authors) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\chrome_elf.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-49734549-2778740961-242884094-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-49734549-2778740961-242884094-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {EEE1A59B-DFC7-4F21-AE4F-FAABD7964C93} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {EEE1A59B-DFC7-4F21-AE4F-FAABD7964C93} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-49734549-2778740961-242884094-1001 -> {EEE1A59B-DFC7-4F21-AE4F-FAABD7964C93} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-01-30] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-05-30] (HP Inc. -> HP Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll [2022-03-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-03-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-05-30] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
2020-03-23 16:18 - 2023-01-13 17:53 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
92.168.137.1 LAPTOP-BOJT2U1K.mshome.net # 2026 6 1 22 16 18 49 976
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL
HKU\S-1-5-21-49734549-2778740961-242884094-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "UPS Thermal Printing.lnk"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5BD21715-DBB1-4DE7-982B-4105D2FD08A1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{0D23D608-D1E9-4542-BCD3-2F0DEDA06B02}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{48BBC787-7CEA-4EAF-B277-ED4BE72B7862}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FC8A0DBC-A413-4BA8-A2AD-FE79D7EB6D0E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{451D8176-ED2D-4D9B-81BA-58EB1D711856}] => (Allow) C:\Users\Andrea\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B05AD71E-03A3-4B8C-AAC3-F1951208C918}] => (Allow) C:\Users\Andrea\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [UDP Query User{9298E465-0574-4D4C-873C-EF3DA6B70FE6}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [TCP Query User{7968A705-6750-4113-B88B-BB60A5B33B35}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [UDP Query User{6F2D37E3-9A38-4D8E-96F8-0D827DE8B702}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [TCP Query User{FF6A01EB-203E-47C3-8739-419A232C35BA}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [{422D597A-F2F3-490A-84E2-8103843F42AB}] => (Block) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [{FA62D517-B9BD-4F90-8F83-0E4E32F9E47C}] => (Block) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{B75AE0B7-4B2D-4050-982B-6197BE1E0D05}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [TCP Query User{3E2EEF88-4ECC-4468-B0C8-96419141AFEB}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{C26BA311-57A9-4A25-AFB9-6E37CF58E443}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Allow) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [TCP Query User{A4A1EF2D-5294-4376-84EA-A8794F529EAA}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Allow) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [{DCC94602-B4AC-4385-9B41-C4E1E6B6810C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24397FF4-6F49-49B4-926B-9FD7F4E95C33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{99719D6F-9F53-4A11-A2BA-597F39E22120}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3BD33C50-48D0-4C20-A8ED-032EAA7D2772}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9125DC8D-8D44-4536-941F-A68E9861EE1E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B13B55B9-E24A-445E-8960-BFD979788E23}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{98A47F5E-7362-489B-82E4-2D5461932246}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{A942C652-7325-4787-98E6-39AD851F9507}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{CAA2C730-2BA9-40AB-A096-2CB52C2FD416}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{47AE9131-5909-49EA-B630-22158BC3B70B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A217D03-54B7-405C-8ACB-4733679EA5AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{130B899A-9F04-42A7-85C1-72878B0C09CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7782187F-6D4F-4761-9CC0-24EC6BC68293}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9BFFD4A8-0622-4BC2-ABE7-F4DAF2553DD8}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{23629E4B-FB36-4933-A071-DD15C7E9E211}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C51B33FF-82CC-45D5-8B89-017EE63C13C8}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2518DAA4-A762-45A5-9808-FA4ABF1AD286}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{EED9A017-5EB3-4EC5-A069-B3D282282C63}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9BBD18A6-6D34-4EDD-9190-52B166D6C9F0}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{DF965FDA-B7C5-4434-9B24-B64AE018548C}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{3023E1B3-8657-49C2-89E4-3E2AB9196964}] => (Allow) LPort=13148
FirewallRules: [TCP Query User{0BDE1A80-6AE7-495E-AF33-9711A0ED67A5}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [UDP Query User{62DF9C6A-EFAF-441F-ACAA-F328E213F2E6}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [{9B8948D4-DCA9-461D-81B3-0FBF3B10B6F3}] => (Allow) C:\Program Files (x86)\TurboTax\Business 2021\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [TCP Query User{6946B3A0-7172-4F45-895A-BA8EF05B7E49}C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe
FirewallRules: [UDP Query User{4A646E5F-3E29-4C73-80F4-A47EF3751992}C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe
FirewallRules: [{3B9D102C-1210-4251-A409-DB13DEF6AED4}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F3C34C3D-8B47-4522-BD6A-A81BBA995B41}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{86482697-EB5B-42AD-BB19-7DB032F1D3CA}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{F90C8A56-21CC-4F90-B300-AF169AFF3163}C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe
FirewallRules: [UDP Query User{4EE289D9-7D11-480B-88C0-AAD255E9107F}C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe
FirewallRules: [{D1155AB7-B563-4553-8205-67B1925519A3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A6F890DD-504B-4076-8589-C43843A35CBD}] => (Allow) C:\Program Files (x86)\TurboTax\Business 2022\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{53A72D70-074F-44E1-9162-8CB7A33B7129}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{1032A83F-71F4-482B-BB5F-128192A2F96A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{DC269D7C-9E29-4D8D-AA85-E1D6AF2A9148}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{6FF9C98C-25F4-4C50-ACED-F3757B879911}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{9CA6CCFD-3507-4A47-AFDF-C6A4E6AD9D7C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{1D8427D2-9D73-4062-8CDF-FF7BA93A1A22}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{97EB8446-A2A3-4187-914D-92807510CD45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{38778F2A-026E-4F65-8A53-C2BA3C4DD3DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3A4C5283-6E8F-4A25-BA84-8BF2C5FDBE4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{707CBCC5-9D68-4874-904C-4EBC4720FA6B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FF5C850E-FCBF-4AF1-9A01-4CDFD66035DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A737BF9-7E63-42D0-9928-13ACD8590AAD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
29-05-2023 21:01:31 Scheduled Checkpoint
09-06-2023 16:47:57 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/10/2023 11:34:41 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: HP Support Solutions Framework -- This application could not be uninstalled, because HP Support Assistant requires it.
 
Error: (06/10/2023 11:34:24 AM) (Source: MsiInstaller) (EventID: 1013) (User: LAPTOP-BOJT2U1K)
Description: Product: HP Support Solutions Framework -- This application could not be uninstalled, because HP Support Assistant requires it.
 
Error: (06/10/2023 12:09:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23194609
 
Error: (06/10/2023 12:09:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23194609
 
Error: (06/10/2023 12:09:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/06/2023 10:39:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 16.0.16327.20248 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3168
 
Start Time: 01d998f17dedf6c0
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
 
Report Id: 37913fc2-90d4-497f-bf84-944e3e7c6eb7
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (06/03/2023 08:50:05 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: HP Support Solutions Framework -- This application could not be uninstalled, because HP Support Assistant requires it.
 
Error: (06/03/2023 08:50:03 AM) (Source: MsiInstaller) (EventID: 1013) (User: LAPTOP-BOJT2U1K)
Description: Product: HP Support Solutions Framework -- This application could not be uninstalled, because HP Support Assistant requires it.
 
 
System errors:
=============
Error: (06/11/2023 01:11:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/11/2023 01:11:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/11/2023 01:11:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/11/2023 01:11:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/11/2023 01:11:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/11/2023 01:11:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/11/2023 01:11:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/11/2023 01:11:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
================
Date: 2023-06-10 12:50:37
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-09 16:32:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-06 22:45:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-05 23:35:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-04 22:55:42
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-06-11 12:44:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1035.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2023-06-11 12:44:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1035.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2023-06-10 00:33:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.680.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-06-10 00:33:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.680.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-06-10 00:33:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.680.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
CodeIntegrity:
===============
Date: 2023-06-11 15:33:10
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-06-10 12:50:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.32 11/23/2017
Motherboard: HP 832A
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 64%
Total physical RAM: 8108.91 MB
Available physical RAM: 2842.94 MB
Total Virtual: 11180.91 MB
Available Virtual: 4725.97 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:918.31 GB) (Free:444.38 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.97 GB) (Free:1.03 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{b0634047-3d83-4c0a-b49c-6eeb04b79a51}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.35 GB) NTFS
\\?\Volume{5fa183f8-bdc1-4a3e-bf69-3e119db426bc}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1D6D7475)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
DR M
Posted 12 June 2023 - 06:00 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
==============================
 
My first comments/instructions regarding your logs:
 
 
1. Microsoft Office 2007 Enterprise
 
Enterprise edition is for big companies and not for individuals. Therefore, the license used here is not legal, unless the computer belongs to a company.  In addition, have in mind that Office 2007 has reached the end of its support lifecycle, meaning there are no new security updates, non-security updates, free or paid assisted support options, or online technical content updates. Thus, it is recommended to uninstall it.
 
If you want to try free Office alternatives (with my preferable order):

Home | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft
www.freeoffice.com - Download
Apache OpenOffice - Official Site - The Free and Open Productivity Suite
WPS Office - Free Office Download for PC & Mobile, Alternative to MS Office


2. Uninstall Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads.
 
For now, just uninstall the outdated versions you have installed:
 
Java 8 Update 231
Java 8 Update 321
 
 
3. Uninstall Chrome extensions

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find the following extensions, and remove them, one by one, clicking on Remove. 
    Norton Safe Web
Norton Privacy Builder
Norton Home Page
Norton Safe
  • Confirm the action by clicking Remove once again.

 

 

4. Notifications in Chrome

Did you intentionally set these notifications from sites?

hxxps://business.facebook.com; 
hxxps://discountdance.com; 
hxxps://highercaptcha-settle.com; 
hxxps://music.amazon.com; 
hxxps://www.chiefs.com; 
hxxps://www.facebook.com; 
hxxps://www.ticketmaster.com

 

In your next reply please post:

  • What did you do with Office
  • If uninstalling Java and Chrome extensions ran smoothly
  • A reply about the notifications

  • 0

#3
nedesigns.nebraska
Posted 12 June 2023 - 07:08 PM

nedesigns.nebraska

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

That version of Office was purchased long time ago for my company.  Since it is so out of date, will delete it and have decided to Buy Microsoft 365 in order to be up to date.

The uninstall of Java and chrome extension went OK.

Have removed the notification, don't even remember setting these up!!!


  • 0

#4
DR M
Posted 13 June 2023 - 01:57 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi.

Thanks for the clarifications. :)
 
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Extension: (Norton Safe Web) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2023-05-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-30]
CHR NewTab: Default ->  Not-active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR HKU\S-1-5-21-49734549-2778740961-242884094-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflanjgoamglnnocilcllegbbbfogfjc]
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{5BD21715-DBB1-4DE7-982B-4105D2FD08A1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{0D23D608-D1E9-4542-BCD3-2F0DEDA06B02}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{48BBC787-7CEA-4EAF-B277-ED4BE72B7862}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FC8A0DBC-A413-4BA8-A2AD-FE79D7EB6D0E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{451D8176-ED2D-4D9B-81BA-58EB1D711856}] => (Allow) C:\Users\Andrea\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B05AD71E-03A3-4B8C-AAC3-F1951208C918}] => (Allow) C:\Users\Andrea\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [UDP Query User{9298E465-0574-4D4C-873C-EF3DA6B70FE6}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [TCP Query User{7968A705-6750-4113-B88B-BB60A5B33B35}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [UDP Query User{6F2D37E3-9A38-4D8E-96F8-0D827DE8B702}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [TCP Query User{FF6A01EB-203E-47C3-8739-419A232C35BA}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [{422D597A-F2F3-490A-84E2-8103843F42AB}] => (Block) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [{FA62D517-B9BD-4F90-8F83-0E4E32F9E47C}] => (Block) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{B75AE0B7-4B2D-4050-982B-6197BE1E0D05}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [TCP Query User{3E2EEF88-4ECC-4468-B0C8-96419141AFEB}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{C26BA311-57A9-4A25-AFB9-6E37CF58E443}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Allow) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [TCP Query User{A4A1EF2D-5294-4376-84EA-A8794F529EAA}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Allow) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [{98A47F5E-7362-489B-82E4-2D5461932246}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{A942C652-7325-4787-98E6-39AD851F9507}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [TCP Query User{0BDE1A80-6AE7-495E-AF33-9711A0ED67A5}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [UDP Query User{62DF9C6A-EFAF-441F-ACAA-F328E213F2E6}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha 
CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://discountdance.com; hxxps://highercaptcha-settle.com; hxxps://music.amazon.com; hxxps://www.chiefs.com; hxxps://www.facebook.com; hxxps://www.ticketmaster.com
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

 

3. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

 

  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

 

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#5
DR M
Posted 15 June 2023 - 12:41 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hello.

 

Do you still need assistance? 


  • 0

#6
nedesigns.nebraska
Posted 15 June 2023 - 05:27 PM

nedesigns.nebraska

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2023
Ran by Andrea (15-06-2023 15:42:58) Run:1
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Extension: (Norton Safe Web) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2023-05-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-30]
CHR NewTab: Default -> Not-active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR HKU\S-1-5-21-49734549-2778740961-242884094-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflanjgoamglnnocilcllegbbbfogfjc]
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{5BD21715-DBB1-4DE7-982B-4105D2FD08A1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{0D23D608-D1E9-4542-BCD3-2F0DEDA06B02}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{48BBC787-7CEA-4EAF-B277-ED4BE72B7862}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FC8A0DBC-A413-4BA8-A2AD-FE79D7EB6D0E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{451D8176-ED2D-4D9B-81BA-58EB1D711856}] => (Allow) C:\Users\Andrea\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{B05AD71E-03A3-4B8C-AAC3-F1951208C918}] => (Allow) C:\Users\Andrea\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [UDP Query User{9298E465-0574-4D4C-873C-EF3DA6B70FE6}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [TCP Query User{7968A705-6750-4113-B88B-BB60A5B33B35}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [UDP Query User{6F2D37E3-9A38-4D8E-96F8-0D827DE8B702}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [TCP Query User{FF6A01EB-203E-47C3-8739-419A232C35BA}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe => No File
FirewallRules: [{422D597A-F2F3-490A-84E2-8103843F42AB}] => (Block) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [{FA62D517-B9BD-4F90-8F83-0E4E32F9E47C}] => (Block) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{B75AE0B7-4B2D-4050-982B-6197BE1E0D05}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [TCP Query User{3E2EEF88-4ECC-4468-B0C8-96419141AFEB}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe => No File
FirewallRules: [UDP Query User{C26BA311-57A9-4A25-AFB9-6E37CF58E443}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Allow) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [TCP Query User{A4A1EF2D-5294-4376-84EA-A8794F529EAA}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Allow) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [{98A47F5E-7362-489B-82E4-2D5461932246}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{A942C652-7325-4787-98E6-39AD851F9507}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [TCP Query User{0BDE1A80-6AE7-495E-AF33-9711A0ED67A5}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
FirewallRules: [UDP Query User{62DF9C6A-EFAF-441F-ACAA-F328E213F2E6}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe] => (Block) C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe => No File
C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha
CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://discountdance.com; hxxps://highercaptcha-settle.com; hxxps://music.amazon.com; hxxps://www.chiefs.com; hxxps://www.facebook.com; hxxps://www.ticketmaster.com
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
Edge Extension: (Norton Safe Web) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2023-05-14] => Error: No automatic fix found for this entry.
Edge Extension: (Edge relevant text changes) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-30] => Error: No automatic fix found for this entry.
"Chrome NewTab" => removed successfully
HKU\S-1-5-21-49734549-2778740961-242884094-1001\SOFTWARE\Google\Chrome\Extensions\cflanjgoamglnnocilcllegbbbfogfjc => removed successfully
"AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}" => removed successfully
"FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BD21715-DBB1-4DE7-982B-4105D2FD08A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D23D608-D1E9-4542-BCD3-2F0DEDA06B02}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48BBC787-7CEA-4EAF-B277-ED4BE72B7862}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC8A0DBC-A413-4BA8-A2AD-FE79D7EB6D0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{451D8176-ED2D-4D9B-81BA-58EB1D711856}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B05AD71E-03A3-4B8C-AAC3-F1951208C918}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9298E465-0574-4D4C-873C-EF3DA6B70FE6}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7968A705-6750-4113-B88B-BB60A5B33B35}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6F2D37E3-9A38-4D8E-96F8-0D827DE8B702}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FF6A01EB-203E-47C3-8739-419A232C35BA}C:\program files (x86)\common files\oracle\java\javapath_target_682576953\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{422D597A-F2F3-490A-84E2-8103843F42AB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA62D517-B9BD-4F90-8F83-0E4E32F9E47C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B75AE0B7-4B2D-4050-982B-6197BE1E0D05}C:\program files (x86)\cricut-craft room\ccrbridge.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3E2EEF88-4ECC-4468-B0C8-96419141AFEB}C:\program files (x86)\cricut-craft room\ccrbridge.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C26BA311-57A9-4A25-AFB9-6E37CF58E443}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A4A1EF2D-5294-4376-84EA-A8794F529EAA}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98A47F5E-7362-489B-82E4-2D5461932246}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A942C652-7325-4787-98E6-39AD851F9507}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0BDE1A80-6AE7-495E-AF33-9711A0ED67A5}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{62DF9C6A-EFAF-441F-ACAA-F328E213F2E6}C:\users\andrea\appdata\roaming\cricutdesignspace3\bridge\cricutbridge4.exe" => removed successfully
C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha => moved successfully
"Chrome Notifications" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 234832664 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 59297920 B
Edge => 3117559 B
Chrome => 1106715895 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 165898 B
NetworkService => 731612812 B
Andrea => 865184276 B

RecycleBin => 158130777 B
EmptyTemp: => 2.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:01:48 ====

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-15-2023
# Duration: 00:01:24
# OS: Windows 10 (Build 19045.3086)
# Scanned: 32095
# Detected: 48


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.FreeMakeConverter HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s-usweb.dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s-usweb.dotomi.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6D14915-1CF1-41BE-867D-A8FC2FF600AD}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPJumpStartApps Folder C:\Program Files (x86)\HP\HP JUMPSTART APPS
Preinstalled.HPJumpStartApps Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\HP JumpStart Apps
Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Preinstalled.HPJumpStartBridge Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}
Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{861164FC-A99A-465D-917E-50854D3CDE16}
Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Preinstalled.HPOrbit Folder C:\Program Files\HP\HP ORBIT
Preinstalled.HPOrbit Folder C:\Program Files\HP\HP ORBIT SERVICE
Preinstalled.HPOrbit Folder C:\ProgramData\HP\HP ORBIT
Preinstalled.HPOrbit Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1A083C69-5382-4CF9-8074-80EC050D9FC8}
Preinstalled.HPOrbit Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B384505E-0FE1-4A0F-9E92-7C592276E0A4}
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Andrea\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{00612F78-52C4-46C0-97F0-F50B6036B5E2}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4780AF24-213D-4187-86F2-0014A6D6077B}
Preinstalled.HPSureConnect Folder C:\Program Files (x86)\HP INC\HP SURE CONNECT
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-vegasworld
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-freegames
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-main



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/15/23
Scan Time: 5:02 PM
Log File: 6088dbf4-0bc8-11ee-909e-f430b9379c4e.json

-Software Information-
Version: 4.5.30.269
Components Version: 1.0.2037
Update Package Version: 1.0.70928
License: Trial

-System Information-
OS: Windows 10 (Build 19045.3086)
CPU: x64
File System: NTFS
User: LAPTOP-BOJT2U1K\Andrea

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 307767
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 1 hr, 18 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.VeryFast, C:\USERS\ANDREA\DOWNLOADS\SETUP.EXE, No Action By User, 6861, 1112751, 1.0.70928, , ame, , 8BA3860D24A1883D5895EFD8EDA05EFA, A7B80239732C37A4C631044FBC5F13D0E04B3BE8FAA7D91D2F4A879098DCF08F

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
  • 0

#7
DR M
Posted 16 June 2023 - 12:03 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Several things are detected and we must clean them now.

 

1. AdwCleaner (Clean mode)

The findings in Registry are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

3. Fresh FRST logs

 

Please run FRST tool once more and attach for me fresh FRST logs to check. 

 

 


In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The Malwarebytes report
  • Fresh FRST logs, Addition and FRST

  • 0

#8
nedesigns.nebraska
Posted 16 June 2023 - 07:07 PM

nedesigns.nebraska

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-16-2023
# Duration: 00:00:44
# OS:       Windows 10 (Build 19045.3086)
# Cleaned:  48
# Awaiting reboot:1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s-usweb.dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s-usweb.dotomi.com
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.HPAudioSwitch   Folder   C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted       Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6D14915-1CF1-41BE-867D-A8FC2FF600AD} 
Deleted       Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted       Preinstalled.HPAudioSwitch   Task   C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted       Preinstalled.HPJumpStartApps   Folder   C:\Program Files (x86)\HP\HP JUMPSTART APPS
Deleted       Preinstalled.HPJumpStartApps   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\HP JumpStart Apps
Deleted       Preinstalled.HPJumpStartBridge   Folder   C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Deleted       Preinstalled.HPJumpStartBridge   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}
Deleted       Preinstalled.HPJumpStartLaunch   Folder   C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Deleted       Preinstalled.HPJumpStartLaunch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{861164FC-A99A-465D-917E-50854D3CDE16} 
Deleted       Preinstalled.HPJumpStartLaunch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Deleted       Preinstalled.HPJumpStartLaunch   Task   C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Deleted       Preinstalled.HPOrbit   Folder   C:\Program Files\HP\HP ORBIT
Deleted       Preinstalled.HPOrbit   Folder   C:\Program Files\HP\HP ORBIT SERVICE
Deleted       Preinstalled.HPOrbit   Folder   C:\ProgramData\HP\HP ORBIT
Deleted       Preinstalled.HPOrbit   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1A083C69-5382-4CF9-8074-80EC050D9FC8}
Deleted       Preinstalled.HPOrbit   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B384505E-0FE1-4A0F-9E92-7C592276E0A4}
Deleted       Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Andrea\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{00612F78-52C4-46C0-97F0-F50B6036B5E2}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4780AF24-213D-4187-86F2-0014A6D6077B}
Deleted       Preinstalled.HPSureConnect   Folder   C:\Program Files (x86)\HP INC\HP SURE CONNECT
Deleted       Preinstalled.HPSureConnect   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-vegasworld
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-freegames
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-main
Needs Reboot  Preinstalled.HPSureConnect   Folder   C:\Program Files\HPCOMMRECOVERY
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
***** Reboot Required to Complete *****
 
 
***** [ Folders ] *****
 
Cleaning failed   C:\Program Files\HPCOMMRECOVERY
 
*************************
 
AdwCleaner[S00].txt - [7480 octets] - [15/06/2023 16:49:58]
AdwCleaner[S01].txt - [7541 octets] - [16/06/2023 15:40:25]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/16/23
Scan Time: 5:53 PM
Log File: 92eb3044-0c98-11ee-ba8f-f430b9379c4e.json
 
-Software Information-
Version: 4.5.30.269
Components Version: 1.0.2037
Update Package Version: 1.0.70986
License: Trial
 
-System Information-
OS: Windows 10 (Build 19045.3086)
CPU: x64
File System: NTFS
User: LAPTOP-BOJT2U1K\Andrea
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 307773
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 hr, 27 min, 2 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2023
Ran by Andrea (administrator) on LAPTOP-BOJT2U1K (HP HP Laptop 15-bs0xx) (16-06-2023 17:55:59)
Running from C:\Users\Andrea\Desktop\FRST64.exe
Loaded Profiles: Andrea
Platform: Microsoft Windows 10 Home Version 22H2 19045.3086 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\HP\HP Enabling Services\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\Andrea\AppData\Local\Amazon Music\Amazon Music Helper.exe
(explorer.exe ->) (Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\Andrea\AppData\Local\Amazon Music\Amazon Music.exe <5>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\IntelCpHeciSvc.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe
(services.exe ->) (Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366944 2022-09-27] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709160 2018-05-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [78176 2020-01-14] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1976160 2020-01-14] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [Amazon Music Helper] => C:\Users\Andrea\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107496 2023-04-12] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [Amazon Music] => C:\Users\Andrea\AppData\Local\Amazon Music\Amazon Music.exe [22915176 2023-04-12] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Run: [MicrosoftEdgeAutoLaunch_2BCE45D4A4484E0003ED7A100E569D69] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4113872 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS6400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDH8.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6400 series: C:\WINDOWS\system32\CNMLMH8.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP BC11 Status Monitor: C:\WINDOWS\system32\hpinkstsBC11LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Photosmart 7520 series): C:\WINDOWS\system32\HPDiscoPMBC11.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\sawl0ilm: C:\WINDOWS\system32\sawl0ilm.dll [123392 2018-12-19] (Sawgrass Technologies, Inc. -> RICOH CO., LTD.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.134\Installer\chrmstp.exe [2023-06-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS Thermal Printing.lnk [2019-11-20]
ShortcutTarget: UPS Thermal Printing.lnk -> C:\Program Files (x86)\UPS\Thermal Printing\UPSISJavaStarter.exe (United Parcel Service) [File not signed]
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2018-12-28]
ShortcutAndArgument: Monitor Ink Alerts - .lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Photosmart 7520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN38F490MK05YY;CONNECTION=NW;MONITOR=1;
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {111B4347-802E-4100-8503-9DADB89D34B6} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {16377777-F2C0-42B3-B543-A76221B3E58B} - System32\Tasks\HP AR Program Upload - 689fa6d443a04ce69fb6af133cafd792bda201f8bb0342f8908628987f0bc680 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {1868B85A-FE7C-4CD2-8290-98ABBD76D94A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123752 2023-06-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {20F7BF8D-B51B-45D5-A581-4D058DD94974} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe  /DeviceScanR6 (No File)
Task: {22554D47-D0E9-42D7-B922-F921292511E2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {24B80863-A6F4-41AE-865A-9EE365E63827} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-07] (Google Inc -> Google Inc.)
Task: {280174F0-DDB0-4310-81CB-1E006D8AE41C} - System32\Tasks\HP AR Program Upload - ab8aba70b31942d581890da74f127b2e84a91ad2091e4491b536419b11b1fa52 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {309E05BA-F765-48F7-BB76-7D1A04E64497} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {352C0AB0-2C06-40FB-ACE9-B553A6A014BF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {38E8E70C-CE1F-4DA4-ADED-D07ABD8F77D5} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPDeviceCheck\HPDeviceCheck.exe [316488 2023-05-30] (HP Inc. -> )
Task: {3B811D9E-46CF-4993-86E2-A3473E0977F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-05-30] (HP Inc. -> HP Inc.)
Task: {3C626949-1D22-4540-82F5-E3DAD2BC8BD4} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-28] (Dropbox, Inc -> DropboxOEM)
Task: {5D40537B-52D9-4EC7-BE6C-94D56C18D90A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-06-15] (HP Inc. -> HP Inc.)
Task: {77EA6941-5F3A-416C-BDC3-8137A81ADDCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-05-30] (HP Inc. -> HP Inc.)
Task: {77F1A988-0508-4172-8C9B-1948E376417F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1135128 2023-05-30] (HP Inc. -> HP Inc.)
Task: {7CE88213-A5FD-48EE-AB39-1F6AC5017B39} - System32\Tasks\HPEA3JOBS => C:\Program  -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {82065198-7630-475D-8B0F-2371117F7EE2} - System32\Tasks\GoogleUpdateTaskMachineCore1d3f11346995b1c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-07] (Google Inc -> Google Inc.)
Task: {83905423-80BC-4349-AD90-D216ED48DDBF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {86CFC67B-F4B4-49C5-A222-F82B5C70FCE9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C508D03-5738-43B7-AB53-4929429F0E2B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123752 2023-06-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {913FEB57-2F59-4783-B14C-9E014A382FC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-07] (Google Inc -> Google Inc.)
Task: {A0A70F9B-063E-4E5A-9D79-D7FCD8D54EB4} - System32\Tasks\DropboxUpdateTaskMachineCore1d3f1132c67caab => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A96C1164-5141-4BC3-82C9-4449FC12A955} - System32\Tasks\HP AR Program Upload - 05e0633b5acd4e7e813775522cad707c64f14871a8384bdb8ef56b240b866346 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {B84F792D-6475-4835-8E18-B137372330C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {BBDE72F3-149D-4F92-AA27-01654E2B5A1E} - System32\Tasks\HP AR Program Upload - f3cdf7d09341415fb895e14acc2b66724e8d6e97f2f94a7e8106996f1a68a06d => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {C4D12AA4-C770-4271-A839-C974F159FD2A} - System32\Tasks\HP AR Program Upload - a6874bdd951c43d29361a283feca920036581f81f5214e57bd41041330c84072 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {CAE3BBEE-D703-49E9-B240-8A60F159BCCD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D15B532D-289A-49AE-B1A7-921FE511F923} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {D6A57077-A673-4215-A6C7-73A844BF7CF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  /f (No File)
Task: {D9B0D591-1DE2-472F-B27D-D8788F857081} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [228888 2023-05-30] (HP Inc. -> HP Inc.)
Task: {DC2BAFA2-84B7-4B1D-83CF-F4CE853C66DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {DCFC152E-98AC-431E-B8E9-DD3B7E701B8C} - System32\Tasks\HP AR Program Upload - a94a4e4a6e7e459ab2446a101619838aa0b3bd901eee4556a23723591c380060 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [3513960 2012-10-17] (Hewlett Packard -> TODO: <Company name>)
Task: {E5D1CA72-4164-412B-8AEE-EEE6A10A775C} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-06-15] (HP Inc. -> HP Inc.)
Task: {F2A8E4E5-56A3-4E3F-9E83-100637B915E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F4BD3112-E5BA-4A77-B13C-7A4C09BFFC48} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\HP\HP Support Framework\Modules\HPWPD.exe [310856 2023-05-30] (HP Inc. -> HP Inc.)
Task: {F8AFA804-A1E1-4B25-A3C5-92C78E0238B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d3f1132c67caab.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{6f6cac8a-6dc0-42fc-a28b-81d2a1b46229}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{767e2216-d76f-41ba-8197-89f2a0092327}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-16]
Edge Extension: (Norton Safe Web) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2023-05-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-15]
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default [2023-06-16]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Google Docs Offline) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-02]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2017-07-18]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2023-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-06-15]
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\System Profile [2023-06-15]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103264 2022-10-08] (Apple Inc. -> Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [134080 2017-05-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11774392 2023-05-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [87432 2021-12-29] (MIXBYTE, INC. -> Freemake)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [859024 2023-05-30] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [857536 2023-05-30] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [854464 2023-05-30] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-06-15] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [858560 2023-05-30] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [332640 2020-01-14] (Pro Softnet Corporation -> Prosoftnet)
R2 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-24] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9258016 2023-06-15] (Malwarebytes Inc. -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe [3232576 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe [133592 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe [105064 2018-03-21] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 HP Orbit Service; "C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe" [X]
S2 HPJumpStartBridge; "C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Andrea\AppData\Roaming\Zoom"
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-06-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [199640 2023-06-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-06-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-06-16] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKslccd9fde9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A2B1BF8-870B-489B-A589-2D7936B11A30}\MpKslDrv.sys [213288 2023-06-16] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2023-06-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-06-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99568 2023-06-15] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-06-16 18:01 - 2023-06-16 18:01 - 000000000 ____D C:\Users\Andrea\AppData\LocalLow\IGDump
2023-06-16 16:00 - 2023-06-16 16:00 - 000008340 _____ C:\Users\Andrea\Desktop\AdwCleaner[C01].txt
2023-06-16 15:47 - 2023-06-16 15:47 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-06-15 16:59 - 2023-06-15 16:59 - 000000000 ____D C:\Users\Andrea\AppData\Local\mbam
2023-06-15 16:58 - 2023-06-16 15:53 - 000000000 ____D C:\Users\Andrea\AppData\Local\Malwarebytes
2023-06-15 16:58 - 2023-06-15 16:58 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-06-15 16:58 - 2023-06-15 16:58 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-06-15 16:56 - 2023-06-15 16:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-06-15 16:56 - 2023-06-15 16:56 - 000000000 ____D C:\Program Files\Malwarebytes
2023-06-15 16:53 - 2023-06-15 16:53 - 002645944 _____ (Malwarebytes) C:\Users\Andrea\Desktop\MBSetup.exe
2023-06-15 16:53 - 2023-06-15 16:53 - 000007480 _____ C:\Users\Andrea\Desktop\AdwCleaner[S00].txt
2023-06-15 16:48 - 2023-06-16 15:43 - 000000000 ____D C:\AdwCleaner
2023-06-15 16:47 - 2023-06-15 16:47 - 008791352 _____ (Malwarebytes) C:\Users\Andrea\Desktop\AdwCleaner.exe
2023-06-15 16:11 - 2023-06-15 16:11 - 000000000 ___HD C:\ProgramData\temp
2023-06-15 15:42 - 2023-06-15 16:01 - 000013611 _____ C:\Users\Andrea\Desktop\Fixlog.txt
2023-06-15 14:04 - 2023-06-15 14:04 - 000000000 ___HD C:\$WinREAgent
2023-06-12 21:56 - 2023-06-12 21:56 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Bibliography
2023-06-12 21:53 - 2023-06-12 21:53 - 000000000 ____D C:\Users\Andrea\Documents\Custom Office Templates
2023-06-12 21:48 - 2023-06-12 21:49 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Publisher Building Blocks
2023-06-12 21:01 - 2023-06-12 21:01 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-06-12 21:01 - 2023-06-12 21:01 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-06-12 21:01 - 2023-06-12 21:01 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-06-11 15:42 - 2023-06-11 15:49 - 000062579 _____ C:\Users\Andrea\Desktop\Addition.txt
2023-06-11 15:34 - 2023-06-16 18:01 - 000029617 _____ C:\Users\Andrea\Desktop\FRST.txt
2023-06-11 15:33 - 2023-06-15 15:42 - 000000000 ____D C:\Users\Andrea\Desktop\FRST-OlderVersion
2023-06-11 15:32 - 2023-06-16 17:59 - 000000000 ____D C:\FRST
2023-06-11 15:29 - 2023-06-15 15:42 - 002383360 _____ (Farbar) C:\Users\Andrea\Desktop\FRST64.exe
2023-06-10 00:53 - 2023-06-10 00:53 - 000086061 _____ C:\Users\Andrea\Downloads\Blank W-9.pdf
2023-05-28 12:10 - 2023-05-28 12:10 - 002998976 _____ C:\Users\Andrea\Downloads\MarylandSil2.zip
2023-05-24 23:34 - 2023-05-24 23:34 - 000019198 _____ C:\Users\Andrea\Downloads\student_transactions_20230524.xls
2023-05-23 22:31 - 2023-03-20 05:48 - 001350600 _____ (HP Inc.) C:\WINDOWS\system32\HPScanTEDrv_x64_DiscoveryLibDyn.dll
2023-05-23 22:31 - 2023-03-20 05:48 - 000698784 _____ (HP Inc., LP) C:\WINDOWS\system32\HPWia2Drv.dll
2023-05-23 22:31 - 2023-03-20 05:47 - 007676872 _____ (HP Inc.) C:\WINDOWS\system32\HPScanTEDrv_x64.dll
2023-05-23 22:31 - 2023-03-20 05:47 - 005375952 _____ (HP Inc.) C:\WINDOWS\SysWOW64\HPScanTEDrv.dll
2023-05-23 22:31 - 2023-03-20 05:47 - 000992208 _____ (HP Inc.) C:\WINDOWS\SysWOW64\DiscoveryLibDyn.dll
2023-05-22 10:03 - 2023-05-22 10:03 - 000020364 _____ C:\Users\Andrea\Downloads\receipt (1).pdf
2023-05-20 23:21 - 2023-05-20 23:21 - 000369689 _____ C:\Users\Andrea\Downloads\7975078 Backstage 2023.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-06-16 17:53 - 2021-12-17 23:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-06-16 17:53 - 2017-07-07 19:55 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-16 17:51 - 2020-09-16 22:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-06-16 17:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-06-16 17:13 - 2017-03-17 09:20 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2023-06-16 16:22 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-16 16:02 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-16 15:53 - 2020-09-16 23:05 - 000934898 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-06-16 15:53 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2023-06-16 15:53 - 2017-07-07 16:47 - 000000000 __SHD C:\Users\Andrea\IntelGraphicsProfiles
2023-06-16 15:52 - 2017-03-17 09:20 - 000000000 ____D C:\ProgramData\HP
2023-06-16 15:46 - 2020-09-16 23:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-06-16 15:46 - 2020-09-16 22:37 - 000008192 ___SH C:\DumpStack.log.tmp
2023-06-16 15:46 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-06-16 15:45 - 2019-12-07 04:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2023-06-16 15:43 - 2017-07-07 16:51 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Hewlett-Packard
2023-06-16 15:43 - 2017-03-17 09:23 - 000000000 ____D C:\Program Files (x86)\HP Inc
2023-06-16 15:43 - 2017-03-17 09:19 - 000000000 ____D C:\Program Files\HP
2023-06-16 15:43 - 2017-03-17 09:19 - 000000000 ____D C:\Program Files (x86)\HP
2023-06-16 15:43 - 2017-03-17 09:19 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2023-06-16 15:43 - 2017-03-07 15:54 - 000000000 ___HD C:\hp
2023-06-16 15:39 - 2017-07-07 20:23 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Word
2023-06-16 15:05 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-06-15 21:11 - 2021-08-17 19:26 - 000000000 ____D C:\Users\Andrea\AppData\Local\CrashDumps
2023-06-15 18:25 - 2017-07-07 19:56 - 000002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-15 18:25 - 2017-07-07 19:56 - 000002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-06-15 16:58 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-06-15 16:50 - 2021-05-10 09:42 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-06-15 16:50 - 2021-03-26 10:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-06-15 16:11 - 2020-09-16 22:38 - 000743680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-06-15 16:09 - 2020-09-16 22:45 - 000000000 ____D C:\Users\Andrea
2023-06-15 16:07 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-06-15 16:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-06-15 16:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-06-15 16:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-06-15 16:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-06-15 16:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-06-15 16:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-06-15 16:07 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-06-15 15:59 - 2018-06-18 17:09 - 000000000 ____D C:\Users\Andrea\AppData\LocalLow\Temp
2023-06-15 15:34 - 2018-02-15 00:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-06-15 15:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-06-15 15:12 - 2020-09-16 22:44 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-06-15 14:02 - 2017-07-18 13:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-06-15 13:53 - 2017-07-18 13:19 - 170078616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-06-15 12:50 - 2017-03-17 09:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-06-15 12:46 - 2018-01-19 16:02 - 000000000 ____D C:\ProgramData\IDrive
2023-06-15 12:13 - 2020-09-16 23:25 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-06-15 12:13 - 2020-09-16 23:25 - 000003620 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d3f11346995b1c
2023-06-12 21:55 - 2017-11-13 22:32 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Excel
2023-06-12 20:17 - 2018-07-06 17:04 - 000000000 ____D C:\Users\Andrea\AppData\Local\D3DSCache
2023-06-12 20:13 - 2020-09-17 00:47 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-06-12 20:11 - 2016-07-16 06:47 - 000000135 _____ C:\WINDOWS\win.ini
2023-06-12 20:10 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-06-11 13:12 - 2020-09-16 23:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2023-06-10 12:00 - 2017-07-07 20:21 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Publisher
2023-06-10 11:54 - 2018-03-02 21:08 - 000000000 ____D C:\Users\Andrea\Documents\CHS
2023-06-10 11:46 - 2020-06-15 17:51 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-10 11:46 - 2020-06-15 17:51 - 000002243 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-10 11:41 - 2018-03-02 21:06 - 000000000 ____D C:\Users\Andrea\Documents\Backstage_Omaha
2023-06-10 11:34 - 2020-09-16 23:25 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-10 11:34 - 2020-09-16 23:25 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-10 01:03 - 2021-12-10 22:41 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-49734549-2778740961-242884094-1001
2023-06-10 01:03 - 2020-09-16 23:25 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-49734549-2778740961-242884094-1001
2023-06-10 01:03 - 2020-09-16 22:45 - 000002385 _____ C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-06 22:24 - 2017-12-22 18:10 - 000000000 ____D C:\Users\Andrea\AppData\Local\Packages
2023-06-05 00:34 - 2018-03-02 21:08 - 000000000 ____D C:\Users\Andrea\Documents\coloring pages
2023-06-03 10:53 - 2017-07-07 20:21 - 000000000 ____D C:\Users\Andrea\AppData\Roaming\Microsoft\Office
2023-06-03 09:19 - 2018-01-12 23:15 - 000000000 ____D C:\Users\Andrea\Documents\Andrea
2023-06-02 12:56 - 2022-06-20 18:54 - 000000000 ____D C:\Users\Andrea\AppData\Local\Amazon Music
2023-05-31 17:48 - 2018-09-23 18:10 - 000000000 ____D C:\Users\Andrea\Documents\aLLaCreations
2023-05-30 08:28 - 2018-03-02 21:31 - 000000000 ____D C:\Users\Andrea\Documents\Taxes
2023-05-29 18:54 - 2018-01-12 23:10 - 000000000 ____D C:\Users\Andrea\Documents\AKG Designs
2023-05-19 12:02 - 2016-07-16 06:47 - 000000244 _____ C:\WINDOWS\system.ini
 
==================== Files in the root of some directories ========
 
2021-01-09 19:24 - 2021-01-09 19:25 - 054133456 _____ (Brother Industries, Ltd.                                    ) C:\Users\Andrea\AppData\Local\Brother_CanvasWorkspace_Setup.exe
2017-07-07 16:47 - 2017-12-31 16:43 - 000220851 _____ () C:\Users\Andrea\AppData\Local\BTServer.log
2019-02-02 16:33 - 2019-02-02 16:33 - 000003584 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-04-06 19:29 - 2022-04-06 19:29 - 000007605 _____ () C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2023
Ran by Andrea (16-06-2023 18:12:24)
Running from C:\Users\Andrea\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3086 (X64) (2020-09-17 04:26:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-49734549-2778740961-242884094-500 - Administrator - Disabled)
Andrea (S-1-5-21-49734549-2778740961-242884094-1001 - Administrator - Enabled) => C:\Users\Andrea
DefaultAccount (S-1-5-21-49734549-2778740961-242884094-503 - Limited - Disabled)
Guest (S-1-5-21-49734549-2778740961-242884094-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-49734549-2778740961-242884094-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.001.20174 - Adobe)
Adobe AIR (HKLM-x32\...\{19687AD5-7E54-4C5E-A796-125C95079C1D}) (Version: 21.0.0.215 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Affinity Designer (HKLM\...\{3CA63F54-85C0-4077-8336-B795B90E9B7E}) (Version: 1.7.3.481 - Serif (Europe) Ltd)
Amazon Music (HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\Amazon Amazon Music) (Version: 9.4.3.2420 - Amazon.com Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{44325855-D4CA-4994-A27A-39FE50CE6A8E}) (Version: 16.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bay ROES (HKLM-x32\...\{d4b70026-de82-45b4-b13e-4d0745a4f6ea}) (Version: 2.2.0 - SoftWorks Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother CanvasWorkspace (HKLM\...\{560F5904-8482-4BAC-BEB8-6AC2E21AB4A0}_is1) (Version: 2.4.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cool Edit 2000 (HKLM-x32\...\Cool Edit 2000) (Version:  - )
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
Desktop Interface to Online Converter version 1.0.11 (HKLM-x32\...\{548734C0-8452-4B65-8850-5CDC02F49095}_is1) (Version: 1.0.11 - Ideas R Us Software)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.761.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Freemake Video Converter version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)
Google Chrome (HKLM\...\{B24F0A95-6C38-3CA4-AFC8-7BDD38B8C51D}) (Version: 114.0.5735.134 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{7F27A5CB-3C0B-4104-B0C9-288038093F3A}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{8F55398C-0F24-4950-8C7B-A0195469393C}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{A12996E4-B1A8-49A9-A7E3-488C21268ED7}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{A2707859-3D7E-460E-A19F-84128CA1B4B9}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{31A8CE98-EB9B-497F-8C17-C7089D8B1639}) (Version: 5.3.21679 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5f8ec28f-ae40-408e-b950-1da32237e007}) (Version: 5.3.21679 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{90F34553-7DC3-46D9-BE03-848E1FEBA0FE}) (Version: 5.3.21679 - HP Inc.) Hidden
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP System Event Utility (HKLM-x32\...\{9DD60999-A4F0-4333-9D00-E45C718EA6C1}) (Version: 1.4.30 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDrive version 6.7.3.2 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.2 - Pro Softnet Corp)
Intel® Chipset Device Software (HKLM\...\{631C57C3-B765-4327-822A-057C34D691CC}) (Version: 10.1.17695.8086 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.11000.6436 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1824.12.0.1140 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{C9597022-A6BB-42C5-A1CB-2226DA2A9614}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{D0402E4E-7103-4FD6-B610-BE6CB10F38F5}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{6AEC805A-422A-44BE-80F9-53EC0E0AFDC1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.0.1027 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{49F223FE-D3BD-4FB9-96BF-41361123804A}) (Version: 16.5.0.1027 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{3b132227-4567-48a1-9f85-0d0dad4346ee}) (Version: 1.49.213.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{E848D060-9C53-4138-A2BC-F3357EDD3C91}) (Version: 12.12.6.1 - Apple Inc.)
Malwarebytes version 4.5.30.269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.30.269 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16501.20196 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.16501.20196 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\OneDriveSetup.exe) (Version: 23.107.0521.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{415A5D1A-F5CB-4707-91D0-2489E8687BEE}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{D24D2291-46A5-4E32-A859-962778199D23}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.73 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.28.615.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.104 - REALTEK Semiconductor Corp.)
Sawgrass Print Manager (HKLM\...\Cassandra) (Version: v10.2.0 - Sawgrass Technologies, Inc.)
TurboTax Business 2021 (HKLM-x32\...\{C43C3986-140A-45CB-8611-248356E30CD0}) (Version: 021.000.0452 - Intuit Inc.)
TurboTax Business 2022 (HKLM-x32\...\{6AE1B334-44CF-4B4E-8864-E04F988EC719}) (Version: 022.000.0419 - Intuit Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
UPS Thermal Printing (HKLM-x32\...\{5468B610-354E-4ED3-B274-535F8F0AE2C0}) (Version: 2.0.0.0 - United Parcel Service)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.04 - NCH Software)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
wnepbpmStateIS (HKLM-x32\...\{99F9E76D-2EF8-44CB-91C0-78CAEB9137CC}) (Version: 021.000.0100 - Intuit Inc.) Hidden
wnepbpmStateIS (HKLM-x32\...\{B89AEA05-7086-4771-B6BB-63FC2FEA4049}) (Version: 022.000.0101 - Intuit Inc.) Hidden
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare Video Converter Ultimate(Build 10.2.3.163) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.2.3.163 - Wondershare Software)
Zoom(32bit) (HKLM-x32\...\{70FE33F1-5051-49F9-BA58-BE3648A35D5A}) (Version: 5.10.4420 - Zoom)
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-20] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-01-29] (Canon Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.283.0_x64__v10z8vjag6ke6 [2018-04-21] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_146.2.1055.0_x64__v10z8vjag6ke6 [2023-06-15] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.26.74.0_x64__v10z8vjag6ke6 [2023-06-11] (HP Inc.)
Inkscape -> C:\Program Files\WindowsApps\25415Inkscape.Inkscape_1.2.0.0_x64__9waqn51p1ttv2 [2022-06-10] (Inkscape)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-10] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-19] (Microsoft Studios) [MS Ad]
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-14] (Synaptics Incorporated)
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.1.10.0_x64__r1b4jsc7ddp3p [2022-12-20] (Total PC Cleaner)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-06] (Microsoft Corporation)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2018-04-21] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-01-14] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-01-14] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-01-14] (Pro-Softnet Corporation, U.S.A) [File not signed]
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-01-14] () [File not signed]
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-01-14] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-01-14] () [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxDTCM.dll [2020-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-15] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Watch Family-Friendly TV Live and On Demand _ FRNDLY TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=kfppijmellgejdilnmnkkakgkfiddhmk
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
 
==================== Loaded Modules (Whitelisted) =============
 
2022-06-20 18:54 - 2022-08-19 11:50 - 003126272 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\av.dll
2022-06-20 18:54 - 2020-10-23 19:26 - 100699136 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\libcef.dll
2022-06-20 18:54 - 2020-10-23 11:56 - 000310784 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\libegl.dll
2022-06-20 18:54 - 2020-10-23 11:56 - 006972416 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\libglesv2.dll
2022-06-20 18:54 - 2020-03-10 17:51 - 001693184 _____ () [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\tag.dll
2022-06-20 18:54 - 2022-08-19 11:50 - 019901440 _____ (Amazon Services LLC) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\dmengine.dll
2022-06-20 18:54 - 2020-04-02 11:29 - 000099840 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\imageformats\qgif4.dll
2022-06-20 18:54 - 2020-04-02 11:29 - 000286720 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\imageformats\qjpeg4.dll
2022-06-20 18:54 - 2020-04-02 11:30 - 000391680 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\imageformats\qtiff4.dll
2022-06-20 18:54 - 2020-04-02 11:15 - 002266624 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\QtCore4.dll
2022-06-20 18:54 - 2020-04-02 11:25 - 006267392 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\QtGui4.dll
2022-06-20 18:54 - 2020-04-02 11:16 - 000802816 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\QtNetwork4.dll
2022-06-20 18:54 - 2022-08-19 11:50 - 007793664 _____ (Google LLC) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\widevine_cdm_secured_win.dll
2018-01-19 16:03 - 2020-01-14 18:19 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2022-06-20 18:54 - 2020-10-23 12:14 - 000822272 _____ (The Chromium Authors) [File not signed] C:\Users\Andrea\AppData\Local\Amazon Music\chrome_elf.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-49734549-2778740961-242884094-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-49734549-2778740961-242884094-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {EEE1A59B-DFC7-4F21-AE4F-FAABD7964C93} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {EEE1A59B-DFC7-4F21-AE4F-FAABD7964C93} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-49734549-2778740961-242884094-1001 -> {EEE1A59B-DFC7-4F21-AE4F-FAABD7964C93} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-01-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-12] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
2020-03-23 16:18 - 2023-01-13 17:53 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
92.168.137.1 LAPTOP-BOJT2U1K.mshome.net # 2026 6 1 22 16 18 49 976
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL
HKU\S-1-5-21-49734549-2778740961-242884094-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "UPS Thermal Printing.lnk"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKU\S-1-5-21-49734549-2778740961-242884094-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DCC94602-B4AC-4385-9B41-C4E1E6B6810C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24397FF4-6F49-49B4-926B-9FD7F4E95C33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{99719D6F-9F53-4A11-A2BA-597F39E22120}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3BD33C50-48D0-4C20-A8ED-032EAA7D2772}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9125DC8D-8D44-4536-941F-A68E9861EE1E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B13B55B9-E24A-445E-8960-BFD979788E23}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{CAA2C730-2BA9-40AB-A096-2CB52C2FD416}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{47AE9131-5909-49EA-B630-22158BC3B70B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A217D03-54B7-405C-8ACB-4733679EA5AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{130B899A-9F04-42A7-85C1-72878B0C09CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7782187F-6D4F-4761-9CC0-24EC6BC68293}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9BFFD4A8-0622-4BC2-ABE7-F4DAF2553DD8}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{23629E4B-FB36-4933-A071-DD15C7E9E211}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C51B33FF-82CC-45D5-8B89-017EE63C13C8}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2518DAA4-A762-45A5-9808-FA4ABF1AD286}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{EED9A017-5EB3-4EC5-A069-B3D282282C63}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9BBD18A6-6D34-4EDD-9190-52B166D6C9F0}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{DF965FDA-B7C5-4434-9B24-B64AE018548C}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe => No File
FirewallRules: [{3023E1B3-8657-49C2-89E4-3E2AB9196964}] => (Allow) LPort=13148
FirewallRules: [{9B8948D4-DCA9-461D-81B3-0FBF3B10B6F3}] => (Allow) C:\Program Files (x86)\TurboTax\Business 2021\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [TCP Query User{6946B3A0-7172-4F45-895A-BA8EF05B7E49}C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe => No File
FirewallRules: [UDP Query User{4A646E5F-3E29-4C73-80F4-A47EF3751992}C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe => No File
FirewallRules: [{3B9D102C-1210-4251-A409-DB13DEF6AED4}] => (Allow) C:\Program Files (x86)\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F3C34C3D-8B47-4522-BD6A-A81BBA995B41}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{86482697-EB5B-42AD-BB19-7DB032F1D3CA}] => (Allow) C:\Program Files (x86)\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{F90C8A56-21CC-4F90-B300-AF169AFF3163}C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe => No File
FirewallRules: [UDP Query User{4EE289D9-7D11-480B-88C0-AAD255E9107F}C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2992078\java.exe => No File
FirewallRules: [{D1155AB7-B563-4553-8205-67B1925519A3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A6F890DD-504B-4076-8589-C43843A35CBD}] => (Allow) C:\Program Files (x86)\TurboTax\Business 2022\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{53A72D70-074F-44E1-9162-8CB7A33B7129}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{1032A83F-71F4-482B-BB5F-128192A2F96A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{DC269D7C-9E29-4D8D-AA85-E1D6AF2A9148}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{6FF9C98C-25F4-4C50-ACED-F3757B879911}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{9CA6CCFD-3507-4A47-AFDF-C6A4E6AD9D7C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{1D8427D2-9D73-4062-8CDF-FF7BA93A1A22}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{6A737BF9-7E63-42D0-9928-13ACD8590AAD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A80572E-A902-4481-94FF-2ADA393304A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{08B8C321-626C-45D5-A52D-163759242C47}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{76667DFB-2D29-4EFD-9596-3666C8D4DA7B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A1309B62-F6DF-425E-8279-E8F276E4799D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6BBBD01E-BF14-4B92-94D9-450ECE64E1D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{411B7684-8E89-4F6C-86A8-08E69C3B9DD4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
12-06-2023 12:36:30 Removed Java 8 Update 231
15-06-2023 13:41:09 Windows Modules Installer
16-06-2023 15:41:12 AdwCleaner_BeforeCleaning_16/06/2023_15:41:01
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/16/2023 04:07:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.3031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 33ec
 
Start Time: 01d9a096410fa0a3
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: 391ff94f-db6e-44f2-b335-40b5c3c57068
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Activation
 
Error: (06/16/2023 03:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-BOJT2U1K.local already in use; will try LAPTOP-BOJT2U1K-2.local instead
 
Error: (06/16/2023 03:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 LAPTOP-BOJT2U1K.local. Addr 192.168.0.129
 
Error: (06/16/2023 03:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.129:5353   16 LAPTOP-BOJT2U1K.local. AAAA 2600:8804:0407:4F00:0000:0000:0000:0113
 
Error: (06/15/2023 09:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3086, time stamp: 0xe1ac3f79
Exception code: 0xc000027b
Fault offset: 0x000000000012d8b2
Faulting process id: 0x2c20
Faulting application start time: 0x01d99ff7c3bfdfaa
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2ceff20a-9ee3-430e-b64a-7eb6dcb5e375
Faulting package full name: Microsoft.YourPhone_1.23042.108.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (06/15/2023 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-BOJT2U1K.local already in use; will try LAPTOP-BOJT2U1K-2.local instead
 
Error: (06/15/2023 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 LAPTOP-BOJT2U1K.local. Addr 192.168.0.129
 
Error: (06/15/2023 04:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.129:5353   16 LAPTOP-BOJT2U1K.local. AAAA 2600:8804:0407:4F00:0000:0000:0000:0113
 
 
System errors:
=============
Error: (06/16/2023 04:07:19 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-BOJT2U1K)
Description: The server windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
 
Error: (06/16/2023 03:49:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/16/2023 03:47:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Intel® Audio Service service terminated with the following service-specific error: 
The operation completed successfully.
 
Error: (06/16/2023 03:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XTU3SERVICE service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/16/2023 03:47:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the XTU3SERVICE service to connect.
 
Error: (06/16/2023 03:47:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/16/2023 03:47:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Freemake Improver service to connect.
 
Error: (06/16/2023 03:46:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Orbit Service service failed to start due to the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
================
Date: 2023-06-12 22:31:54
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-12 13:27:14
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-10 12:50:37
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-09 16:32:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-06-06 22:45:33
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-06-15 12:33:09
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1275.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-06-15 12:33:09
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1275.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-06-15 12:33:09
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1275.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-06-15 12:29:29
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1275.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-06-15 12:29:29
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1275.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
CodeIntegrity:
===============
Date: 2023-06-16 17:54:54
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2023-06-16 17:26:35
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-06-16 16:05:09
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.32 11/23/2017
Motherboard: HP 832A
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 8108.91 MB
Available physical RAM: 3268.53 MB
Total Virtual: 11180.91 MB
Available Virtual: 5520.94 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:918.31 GB) (Free:444.99 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.97 GB) (Free:1.03 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{b0634047-3d83-4c0a-b49c-6eeb04b79a51}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.35 GB) NTFS
\\?\Volume{5fa183f8-bdc1-4a3e-bf69-3e119db426bc}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1D6D7475)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#9
DR M
Posted 17 June 2023 - 03:44 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hello.
 
Check if you have Norton Safe Web in your Edge extensions. If yes, remove it. You will find your extensions if you click on the 3 horizontal dots at the top right and choose extensions. You can remove an extension by clicking the 3 dots beside it and choose Remove from Microsoft Edge.
 
After that,       
 
 
1. Uninstall an app
 
Select Start , then select Settings  > Apps > Apps & features. 
 
Select Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System, and then select Uninstall.
 
 
2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
S2 HP Orbit Service; "C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe" [X]
S2 HPJumpStartBridge; "C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo
C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. If you uninstalled the app and the Norton extension
  2. The fixlog.txt
  3. Feedback: how is the computer running now? Any remaining issues/questions/concerns? 

  • 0

#10
nedesigns.nebraska
Posted 17 June 2023 - 04:44 PM

nedesigns.nebraska

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Uninstalled Total PC Cleaner 

Removed Norton Safe Web extension out of Edge

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2023
Ran by Andrea (17-06-2023 12:23:53) Run:2
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
S2 HP Orbit Service; "C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe" [X]
S2 HPJumpStartBridge; "C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo
C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\HP Orbit Service => removed successfully
HP Orbit Service => service removed successfully
HKLM\System\CurrentControlSet\Services\HPJumpStartBridge => removed successfully
HPJumpStartBridge => service removed successfully
HKLM\System\CurrentControlSet\Services\HPSupportSolutionsFrameworkService => removed successfully
HPSupportSolutionsFrameworkService => service removed successfully
"C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo" => not found
C:\Users\Andrea\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A5141D4-47DB-4302-9B1C-272BE585BC8A} => removed successfully
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Fixing is terminated due to reaching maximum fixing time of 60 minutes. <==== ATTENTION
 
 
Do I need to be concerned about the Fix terminating early????
 
Do I need to keep Malware Bytes?  I turn off my computer at night and when I start in morning it seems to want to do scan and seems to take up my resource so still running slow??? Does that make any sense???
 
Do you have any recommendation on extensions for web protection?
 
Only using Defender on rest of computer.
 
Does seem to be running better.  Sometimes IDrive runs when I turn on computer and that also seems to be eating up resources.  Any comments on that?
 
Thanks for everything.

  • 0

Advertisements

#11
DR M
Posted 18 June 2023 - 02:34 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hello.
 
Let's first complete the scans which didn't run. We 'll take care of anything else, after that.

Run Deployment Image Servicing and Management (DISM)

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot).

 

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation
    Please post the result you got (a screenshot).

  • 0

#12
nedesigns.nebraska
Posted 18 June 2023 - 02:53 PM

nedesigns.nebraska

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I did not know how to paste up above .

In summary the DISM got to 100% and the operation completed successfully.

 

The sfc  /scannow  found corrupt files and successfully repaired them.

 

Thanks


  • 0

#13
DR M
Posted 19 June 2023 - 06:16 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Good!

 

Let's see if I can answer to your questions:

 

Do I need to keep Malware Bytes?  I turn off my computer at night and when I start in morning it seems to want to do scan and seems to take up my resource so still running slow??? Does that make any sense???

 

 

Yes, I recommend you to keep Malwarebytes. It works well with Defender, and it's an excellent anti-malware solution. After the trial period ends, you can de-activate it and keep its free version. You can use it every now and then, depending on how often you use your computer.

 

 
Do you have any recommendation on extensions for web protection? Only using Defender on rest of computer.
 
Windows Defender, together with Malwarebytes is more than enough. 
 
 
Sometimes IDrive runs when I turn on computer and that also seems to be eating up resources.  Any comments on that?

 

You can disable it from running on Start-up.

 

 

Is there anything else regarding this computer? 


  • 0

#14
nedesigns.nebraska
Posted 19 June 2023 - 09:16 PM

nedesigns.nebraska

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Thanks!   When I'm waiting for a website to load, I get a "not responding" message frequently.  Any suggestions?  I'm using Chrome.


  • 0

#15
DR M
Posted 21 June 2023 - 07:15 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Thanks!   When I'm waiting for a website to load, I get a "not responding" message frequently.  Any suggestions?  I'm using Chrome.

 

Have you tried to visit these websites using a different browser? Are you getting the same issues? 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP