my screen is glitched I tried everything to fix it but nothing works only thing l can do is to delete the adapter it's an older pc so you know AMD Radeon TM R7 graphics driver is the name also not very good with pc
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Help pls
- Thread starter RESISTINGMONKEY
- Start date
- Status
let's get your PC specs...
download Speccy from here; https://www.piriform.com/speccy/builds
in Speccy, click File > Publish Snapshot > Copy to Clipboard > Close.
paste that link into a post.
One area Speccy doesn’t show is the Power Supply Unit, so also include the make/model of the PSU.
download Speccy from here; https://www.piriform.com/speccy/builds
in Speccy, click File > Publish Snapshot > Copy to Clipboard > Close.
paste that link into a post.
One area Speccy doesn’t show is the Power Supply Unit, so also include the make/model of the PSU.
http://speccy.piriform.com/results/oeEXCMYCaDUP6GkRXoplg8b i look it up it up its says 200-240v/2a (50-60hz) and i have the exact name of my pc if that's help full (hp envy 700 pc series)
how long has this being going on for?
when you delete the graphics adapter to fix the problem, what happens then - you reboot and it all comes good, or do you reinstall the graphics driver?
let's try removing the Hynix 4GB memory stick and just run the rig on the Samsung 8GB stick.
if the problem still occurs, swap those sticks and try again.
Speccy shows a SMART warning on your 2TB hard drive.
seems to be Uncorrectable Sector Count related.
how old is this drive?
run these from an elevated command prompt;
Speccy also shows your DNS pointing to Israel, are you running VPN software?
when you delete the graphics adapter to fix the problem, what happens then - you reboot and it all comes good, or do you reinstall the graphics driver?
let's try removing the Hynix 4GB memory stick and just run the rig on the Samsung 8GB stick.
if the problem still occurs, swap those sticks and try again.
Speccy shows a SMART warning on your 2TB hard drive.
seems to be Uncorrectable Sector Count related.
how old is this drive?
run these from an elevated command prompt;
- chkdsk /f
- sfc /scannow
- dism /online /cleanup-image /restorehealth
- dism /online /cleanup-image /startcomponentcleanup /resetbase
Speccy also shows your DNS pointing to Israel, are you running VPN software?
I think it's been going on for 2 weeks, and when I deleted it just go to the base Microsoft driver, and the app are all scrambled and nothing loads like for games I can still go to the internet
So to remove the Hynix 4 GB do I have to open my pc sorry if the question is stupid I think it's like 7 to 6 years old we got a per build and I don't know of having a VPN of any kind we do have Mc Cafea
yep, power off the PC, take off the side cover.
you'll have two memory sticks, doesn't matter which one you tackle first, but remove one.
start the PC and run it for a few days to still how it goes.
expect it to be a bit slower now it has less memory.
you'll have two memory sticks, doesn't matter which one you tackle first, but remove one.
start the PC and run it for a few days to still how it goes.
expect it to be a bit slower now it has less memory.
just confirming, you removed one stick at a time, then ran the PC for some time, and the screen still went stupid?
what actually does the screen do?
any error messages, or beeps?
can you post a screen shot?
did you do those 4 bullet points in post #4?
how long did it take for the screen to glitch when rebooted running on one stick?
with both sticks back in, now let's remove the Radeon graphics card and run the PC for some time without it, and see if all goes well.
I'll get @Malnutrition to check out the Speccy report, in case that DNS is worthy of further investigation.
what actually does the screen do?
any error messages, or beeps?
can you post a screen shot?
did you do those 4 bullet points in post #4?
how long did it take for the screen to glitch when rebooted running on one stick?
with both sticks back in, now let's remove the Radeon graphics card and run the PC for some time without it, and see if all goes well.
I'll get @Malnutrition to check out the Speccy report, in case that DNS is worthy of further investigation.
Your Speccy log shows signs of infection.
Please do the following.
Uninstall with Geek uninstaller the following programs.
ByteFence
Comodo GeekBuddy
Advanced-PC-Care
SlimCleaner Plus
DNSWAXHAW
DriverUpdate
Lavasoft\Web Companion
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post for review by our Security Team
Please do the following.
Uninstall with Geek uninstaller the following programs.
ByteFence
Comodo GeekBuddy
Advanced-PC-Care
SlimCleaner Plus
DNSWAXHAW
DriverUpdate
Lavasoft\Web Companion
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
- Accept the default whitelist options,
- If the additions.txt options box is not checked please select it.
- Then select Scan
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post for review by our Security Team
Last edited:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-03-2022
Ran by Home (24-03-2022 17:19:15)
Running from C:\Users\Home\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1620 (X64) (2021-02-09 06:13:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1362471941-3298207752-877008659-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1362471941-3298207752-877008659-503 - Limited - Disabled)
Guest (S-1-5-21-1362471941-3298207752-877008659-501 - Limited - Disabled)
Home (S-1-5-21-1362471941-3298207752-877008659-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-1362471941-3298207752-877008659-1006 - Limited - Enabled)
Romeo (S-1-5-21-1362471941-3298207752-877008659-1010 - Limited - Enabled) => C:\Users\Romeo
WDAGUtilityAccount (S-1-5-21-1362471941-3298207752-877008659-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {FE987762-0FB6-6BB6-1BF1-73F8ED8566FA}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {C6A3F647-45D9-6AEE-30AE-DACD13562181}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.)
4 Elements II (HKLM-x32\...\WTA-8d719622-b6f0-4d3f-a1f9-61b60c6f5f70) (Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}) (Version: 15.2.1 - Hewlett-Packard) Hidden
7D2D Launcher (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\0fa300cea2469b2c) (Version: 1.0.4.5 - SphereII Software)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.5.2 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-c304616f-c651-4cad-a6c8-260f30020150) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-fb0c6391-65df-4c9a-8775-fee6180796db) (Version: 3.0.2.48 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Bejeweled 3 (HKLM-x32\...\WTA-0e8877ff-9ac7-4cfc-8933-385f6145f061) (Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 99.1.36.119 - Brave Software Inc)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.232 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9130 - Broadcom Corporation)
Build-a-lot Mysteries (HKLM-x32\...\WTA-d2da086a-f58c-4890-b993-65fcf549aa34) (Version: 3.0.2.51 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Curse at Twilight (HKLM-x32\...\WTA-6c7299ce-85ad-45c5-98a7-09de4560ce51) (Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.2.5214 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-ab4ca43f-c752-40fe-b57b-77de30045383) (Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Restore (HKLM\...\Driver Restore) (Version: 2.8.4.0 - 383 Media, Inc.)
DriverUpdate (HKLM-x32\...\{055C7DA5-A1F5-41FB-932C-82474ED3487A}) (Version: 2.7.11 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-24c6ebf2-9e0e-40d6-893b-fd0247a13c36) (Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (HKLM-x32\...\WTA-ee1106e1-7f3d-41e9-b94a-1c34fbad54c6) (Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-0146a9a2-094d-4eba-8c6a-dfa275fc5c68) (Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (HKLM-x32\...\WTA-13ae2660-8f03-4594-866c-3d983e3908f7) (Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Game Jolt Client version 0.16.0 (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\game-jolt-client_is1) (Version: 0.16.0 - Lucent Web Creative, LLC)
GeekBuddy (HKLM\...\Geekbuddy) (Version: 4.32.247 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.82 - Google LLC)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-5b07a148-2cb8-4b73-ac6a-40f0ee515f9b) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{4B4EDB7B-4F54-4B86-8A4A-E1C5803CA374}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.18.34.21 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.422025.92 - Comodo)
Java 8 Update 321 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-89ce7676-7a02-4bac-95b7-ada4708434fd) (Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (HKLM-x32\...\WTA-3f2fb826-8cea-4fa6-a859-2f6d2502f967) (Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (HKLM-x32\...\WTA-d42e99f2-07a4-417a-a63e-900c56bbc3ea) (Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (HKLM-x32\...\WTA-fd3ada5c-e784-4e22-b474-a780f796674f) (Version: 3.0.2.48 - WildTangent) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LOOT version 0.13.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.13.1 - LOOT Team)
Lost in Reefs 2 (HKLM-x32\...\WTA-85feb104-af8c-4778-932f-22f0d8b21b58) (Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-536cea38-f3a1-4a9a-9591-2b0747df81ab) (Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R44 - McAfee, LLC)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.46 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.14931.20132 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MLWapp 2.5 (HKLM-x32\...\MLWapp_is1) (Version: 2.5.0.1 - mylivewallpapers.com)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-16670b71-3411-4d98-956e-05d247c13e94) (Version: 3.0.2.59 - WildTangent) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20072 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Opera Stable 48.0.2685.50 (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Opera 48.0.2685.50) (Version: 48.0.2685.50 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Paradox Launcher v2 (HKLM\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive)
Peggle Nights (HKLM-x32\...\WTA-f39e7916-c7f6-4969-a4cd-d44f7b63adf9) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-1638b54f-45da-40c5-8f36-80cf6d01b466) (Version: 3.0.2.59 - WildTangent) Hidden
Pivot Stickfigure Animator version 2.2.7 (HKLM-x32\...\Pivot Stickfigure Animator_is1) (Version: 2.2.7 - )
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-b4590a58-5872-455e-a207-e7d102f91fb8) (Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-7e895f06-2c75-4c14-99af-e73c3d059f2a) (Version: 3.0.2.59 - WildTangent) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Republic at War 1.1.5 (HKLM-x32\...\{1F3630F5-C636-49FF-9BF0-F9E2A221E60B}) (Version: 1.1.5 - Republic at War Modding Team)
Respondus LockDown Browser OEM (HKLM-x32\...\{00D779A4-92E4-404A-A502-045E1D6E3C34}) (Version: 2.00.609 - Respondus)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roads of Rome 3 (HKLM-x32\...\WTA-1d2e05b6-fb41-43c4-8ba3-8ad2d09a9e7a) (Version: 2.2.0.98 - WildTangent) Hidden
Roblox Player for Home (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\roblox-player) (Version: - Roblox Corporation)
SlimCleaner Plus (HKLM\...\{A1A7EC67-A7E5-4C9E-8EA1-EABA7FD51A07}) (Version: 2.5.6 - Slimware Utilities Holdings, Inc.) Hidden
Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-1fa43921-12bf-4eb4-8e09-d48f12465280) (Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-fd25ab7b-0f8d-462b-98d8-c9531df334cf) (Version: 3.0.2.51 - WildTangent) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Lagoona (HKLM-x32\...\WTA-69058a05-741e-4e4e-9fcb-bc54a6214741) (Version: 2.2.0.110 - WildTangent) Hidden
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
The Sims 4 Get Famous (HKLM-x32\...\The Sims 4 Get Famous_is1) (Version: - )
Twitch (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
VALORANT (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Viking Saga (HKLM-x32\...\WTA-499fd11e-8341-4760-afc4-11b8bb615efd) (Version: 3.0.2.48 - WildTangent) Hidden
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.3.22 - Black Tree Gaming Ltd.)
Web Companion (HKLM-x32\...\{6dcfe1eb-923e-481f-a411-bc96ff118bb4}) (Version: 7.0.2388.4219 - Lavasoft)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.685 - McAfee, LLC)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.9 - WildTangent) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
World of Tanks (HKLM-x32\...\World of Tanks) (Version: - )
WPS Office (11.2.0.11029) (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Kingsoft Office) (Version: 11.2.0.11029 - Kingsoft Corp.)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Youda Jewel Shop (HKLM-x32\...\WTA-838ee20b-1c49-4387-b943-787813ecbd05) (Version: 3.0.2.51 - WildTangent) Hidden
Zoom (HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\ZoomUMX) (Version: 5.2.2 (45108.0831) - Zoom Video Communications, Inc.)
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2231.1.0_x64__kgqvnymyfvs32 [2022-03-24] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.213.200.0_x64__kgqvnymyfvs32 [2022-03-14] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_6.7.12.0_x86__h6adky7gbf63m [2022-03-09] (Gameloft SE)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2016-07-25] (Hewlett-Packard Company)
HP Connected Drive -> C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_4.4.32.190_x64__v10z8vjag6ke6 [2016-07-25] (HP Inc.)
HP Connected Music -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedMusic_1.5.0.253_x86__v10z8vjag6ke6 [2016-07-25] (Hewlett-Packard Company)
HP Explore -> C:\Program Files\WindowsApps\AD2F1837.HPWelcome_0.1.50.0_x64__v10z8vjag6ke6 [2016-07-25] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2016-07-25] (Hewlett-Packard Company)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.14.42.0_x64__v10z8vjag6ke6 [2022-03-05] (HP Inc.)
Lively Wallpaper Metro -> C:\Program Files\WindowsApps\11990MediaHub.LivelyWallpaperMetro_2.0.2.0_x64__p7srzt1xreqg8 [2022-02-01] (MediaHub) [Startup Task]
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_5.0.177.1_x64__4ehj4w4frejdr [2018-04-05] (.-McAfee Inc-.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-23] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.2.3010.0_x64__8wekyb3d8bbwe [2022-03-19] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-24] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-07-25] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-07-25] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-07-25] (Microsoft Corporation) [MS Ad]
mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x64__c9d6r4qvva5x8 [2019-01-31] (Up to Eleven Digital Solutions GmbH)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-18] (Microsoft Corporation)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-13] (Snapfish)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-13] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1362471941-3298207752-877008659-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Home\AppData\Local\Kingsoft\WPS Office\11.2.0.11029\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1362471941-3298207752-877008659-1001_Classes\CLSID\{e925692c-dd0c-4825-b23a-6ce93408eae2}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-05-13] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2022-02-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-07] () [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2022-02-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1_S-1-5-21-1362471941-3298207752-877008659-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Home\AppData\Local\Kingsoft\WPS Office\11.2.0.11029\office6\kwpsmenushellext64.dll [2022-03-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1362471941-3298207752-877008659-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Home\AppData\Local\Kingsoft\WPS Office\11.2.0.11029\office6\kwpsmenushellext64.dll [2022-03-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Home\Desktop\World of Tanks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://cpm.wargaming.net/8jf5rtfg/?pub_id=100 --app-window-size=1920,1080
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://cpm.wargaming.net/8jf5rtfg/?pub_id=100 --app-window-size=1920,1080
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Camera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=hfhhnacclhffhdffklopdkcgdhifgngh
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Co_Writer Universal (App).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=lahlmdogjpblkonckkgbljegkiijjbag
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\HUNTERxHUNTER バトルコレクション[ChromeApps版].lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=pakflelekebmlebbomibeiadkfbdkbad
ShortcutWithArgument: C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\World of Tanks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://cpm.wargaming.net/8jf5rtfg/?pub_id=100 --app-window-size=1920,1080
==================== Loaded Modules (Whitelisted) =============
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 06:40 - 2020-03-19 06:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2014-03-28 13:31 - 2014-03-28 13:31 - 002110464 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2017-06-07 13:09 - 2017-06-07 13:09 - 000598528 _____ () [File not signed] C:\Users\Home\AppData\Local\MEGAsync\ShellExtX64.dll
2014-03-28 13:29 - 2014-03-28 13:29 - 000692224 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2014-03-28 13:32 - 2014-03-28 13:32 - 001107968 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-18 21:08 - 2016-10-04 07:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 000712080 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 000367504 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 000759184 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 001204112 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk:B021ADA33C [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk:8E766EDA31 [3018]
AlternateDataStreams: C:\Users\Home\Desktop\Epic Games Launcher.lnk:BE32D07BC5 [3018]
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D021619-A2D586A4510&form=CONMHP&conlogo=CT3335800
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://us.yahoo.com/?fr=fp-comodo&type=7096_33220005005_4.30.417569.226_u_hp
SearchScopes: HKLM -> {1E77D046-BE79-4F20-AA00-AE2F8ADCC571} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {1E77D046-BE79-4F20-AA00-AE2F8ADCC571} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=7096_33720002005_4.32.424047.239_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {1E77D046-BE79-4F20-AA00-AE2F8ADCC571} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {6E0C56FF-56C2-4D00-BFB6-CC0F059A4DEC} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {F4B72167-E815-4C1E-9F90-39058B9E6A46} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll [2022-02-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-03-10] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-02-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2022-02-25] (HP Inc. -> HP Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) [File not signed]
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-03-10] (McAfee, LLC -> McAfee, LLC)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2022-02-25] (HP Inc. -> HP Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2022-02-22] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2022-02-22] (McAfee, LLC -> McAfee, LLC)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2004-08-04 17:30 - 000000734 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2019-10-07 19:44 - 2022-02-16 22:25 - 000000437 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1362471941-3298207752-877008659-1010\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 82.163.143.171 - 82.163.142.173
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\StartupApproved\Run: => "SlimCleaner Plus"
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\StartupApproved\Run: => "MLWapp2"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9F9FF943-7D2B-4947-95D5-0FB3EF952C61}] => (Allow) C:\Users\Home\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5FAE642B-97FB-48FA-9612-2A44CA3EBF3F}] => (Allow) C:\Users\Home\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7AF31853-D2E5-45F4-BA07-C899AFC042B7}] => (Allow) C:\Users\Home\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8590A401-E7EE-440A-AFD6-FB846E227F3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2019 Editor\editor.exe (Sports Interactive) [File not signed]
FirewallRules: [{F3FC2A33-6A24-4551-BB9D-42BD28F88B2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2019 Editor\editor.exe (Sports Interactive) [File not signed]
FirewallRules: [{73D73593-DF75-43E6-85D7-935D5F4ADFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{DCA9A9D1-C179-46F4-9940-37E27A9B2237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{B8689569-F8DE-443C-9B02-88F90FC01D85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2020\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{C546886B-5C3C-42E5-B45C-47A9AA04B9CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2020\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{C7EA9CCB-F03F-4152-86F6-9C71DA2BE399}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Flipper\HouseFlipper.exe () [File not signed]
FirewallRules: [{C9C8FE8D-0E14-4FEE-AFE9-B758F2D4C50E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Flipper\HouseFlipper.exe () [File not signed]
FirewallRules: [UDP Query User{34AD6C35-4A84-41D6-961B-347A6D9041C9}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{7F89BD4C-BE44-45CC-9955-3AA1AE9A3B7F}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0F251DBC-92E1-4868-9241-D305A1C3CEAB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E7EFC4D7-BD11-40F9-A927-EACC7E25E20A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{0286545B-3E72-496D-8A3B-112ECC16893E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{3D0E7077-2C0B-41EF-87D0-BE7414C4DA28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{F86D960E-E514-42A0-9D2E-C81714413F1D}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_92\bin\javaw.exe => No File
FirewallRules: [TCP Query User{AD24E3AE-7C0A-4CFC-B797-11D4ACCA441A}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_92\bin\javaw.exe => No File
FirewallRules: [{4805B1E6-6536-4953-B720-54AA0015B6E4}] => (Allow) C:\Users\Home\AppData\Local\Programs\Opera\48.0.2685.50\opera.exe => No File
FirewallRules: [{54A769E9-7D7B-4500-A2C5-3B31D15E25D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{409C3C44-4AD8-4966-AC04-66AB8079011D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{D18DD371-3DDE-4364-BD51-BD3FF7032893}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe () [File not signed]
FirewallRules: [{4FF4FB23-20CB-4704-99FA-E8713747F7D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe () [File not signed]
FirewallRules: [{D59620DC-9D89-4008-BB25-E0446ADF9B41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{44B877C1-2DDD-4E35-95CD-1CA7464C6481}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe (Facepunch Studios Ltd -> Epic Games, Inc)
FirewallRules: [{348137BA-04AE-4C0C-B955-1FF4EA1E8A77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{831A0FA6-BE91-497C-8266-6983A991FA08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe ( Taleworlds Entertainment) [File not signed]
FirewallRules: [{28464085-8CDD-47A5-84FD-7179DC86E1D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{A705CEB1-D4D6-4883-8CF8-D91AACB50270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{96529D37-7012-4E1B-9D54-28CEAC825C7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reigns\Reigns.exe () [File not signed]
FirewallRules: [{CC92ADAB-B67E-4ECC-84CD-610BBDB4215A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Reigns\Reigns.exe () [File not signed]
FirewallRules: [{31C90568-70A8-471D-81FE-C66D6301B68C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ryse Son of Rome\Bin64\Ryse.exe (Crytek GmbH) [File not signed]
FirewallRules: [{FD81C4D9-89FF-4DB7-90D4-4AFBDF9C2206}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ryse Son of Rome\Bin64\Ryse.exe (Crytek GmbH) [File not signed]
FirewallRules: [{767EDC96-5B27-476F-9ABB-F93011607360}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{C7C0E081-7662-41C2-9EB5-804D930ADD3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{4AB23687-89F1-44B6-AD2A-5101C9264493}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{36388656-06E3-4796-88B5-6B6216742A18}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{67CFC457-4A3C-41D2-B965-63192B094ACA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{5E51A184-076A-4E3A-8EA9-95AD04ADB19F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{8B06A5B0-C25F-45D0-B9BA-6D9EE0FFE475}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{49339123-391C-4809-921E-1425B783E081}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{5442E2D9-A5F6-4F02-BDA9-8331F232AC6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{BC0B4860-7ACC-4EF4-BA70-1EE161E6BDAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{F9FAF42C-4D3C-4ACC-BA28-A3824DFCBE83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{D9A8AF50-D063-4B2F-B2D6-E28DD5F548B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{43CE6C0E-5D08-4DC5-B663-448C54D3B6A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Alexander\testappa.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{D780156E-3A4D-4A4C-8666-A89806A48999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Alexander\testappa.exe (The Creative Assembly Ltd) [File not signed]
FirewallRules: [{2C352338-5C74-45FE-9378-A49BE1FB08BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe (Telltale Games) [File not signed]
FirewallRules: [{A5265F78-BAFB-4638-A837-48161DCCF24A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe (Telltale Games) [File not signed]
FirewallRules: [{3BF26531-B4C9-4F2E-9F09-B03183947A1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{4A89F5DB-6543-4E63-9846-B61A3A0F8070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{927D7AE1-DE33-4C8E-8246-48FF292A780C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{059C951C-011D-4448-9D0E-CA0D3541D1BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{BFBA9980-658F-479C-A6D7-C52A4E5A4FBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{9DEBEC6E-1B67-423B-B8F9-A6DC14BF9845}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe (Digitalmindsoft) [File not signed]
FirewallRules: [UDP Query User{45E05A3C-1EEA-47AD-A060-ACF30A6D7585}C:\program files (x86)\steam\steamapps\common\star wars empire at war\corruption\swfoc.exe] => (Block) C:\program files (x86)\steam\steamapps\common\star wars empire at war\corruption\swfoc.exe (Disney Interactive Studios Inc -> )
FirewallRules: [TCP Query User{3AF6BF41-ACE7-4E00-87F9-B1D414BB4965}C:\program files (x86)\steam\steamapps\common\star wars empire at war\corruption\swfoc.exe] => (Block) C:\program files (x86)\steam\steamapps\common\star wars empire at war\corruption\swfoc.exe (Disney Interactive Studios Inc -> )
FirewallRules: [UDP Query User{84EF4332-43CD-438C-A828-EDD20033D558}C:\users\home\downloads\dbzeq2-f3\dragonballzeq2-f3.exe] => (Block) C:\users\home\downloads\dbzeq2-f3\dragonballzeq2-f3.exe => No File
FirewallRules: [TCP Query User{20B71606-2234-4D88-9CE1-CAB6FCAF32E4}C:\users\home\downloads\dbzeq2-f3\dragonballzeq2-f3.exe] => (Block) C:\users\home\downloads\dbzeq2-f3\dragonballzeq2-f3.exe => No File
FirewallRules: [{B430ED6A-13AC-4C3B-BDDB-8EE94E634E7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{F729A7C7-64E3-418F-B32A-F81ABF2FA9A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{EEE69985-AE17-452E-B745-211477940A3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{D13AD829-D24F-4788-B5D2-A4035458FCD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{DEB80878-3B7C-42D8-8B68-1DEE04E97125}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{4A001708-1270-411E-BBC9-28424995F1B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{6DD7CD81-6921-4792-8268-C179BA031972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe => No File
FirewallRules: [{D2759F45-C7D3-400E-84D5-DBF04FB098FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe => No File
FirewallRules: [{B5A4D2B3-407E-460D-AD07-7995EB579715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe => No File
FirewallRules: [{7C5AF8AD-4E6A-4440-9844-B849339DC5A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe => No File
FirewallRules: [{EF01059E-7765-47BD-9689-27DB1B67BD8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{C98BE1AB-D1D8-4602-B432-97131F553027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [UDP Query User{15104587-DCBF-41F8-AA66-14676EF567AE}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B8F6F4C0-07F4-4731-8DAC-05981AB05AC1}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe => No File
FirewallRules: [{65894F3D-49AD-47F2-AECE-8B520EE8BCCD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File
FirewallRules: [{0A83C68B-EDE5-4FC1-8354-A6DDC18D9D6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox) [File not signed]
FirewallRules: [{975106FC-63F7-4AB0-BEA6-362B95F425F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox) [File not signed]
FirewallRules: [{3FC4A558-BC6A-4DF6-B431-E1EF16F5E5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe (Obsidian Entertainment, Inc.) [File not signed]
FirewallRules: [{CD465BD5-ACF1-48A7-A999-D4C4A0D4F980}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe (Obsidian Entertainment, Inc.) [File not signed]
FirewallRules: [{E6ED34D6-8E91-4508-A818-8F517AECE326}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{F7520352-45CB-4E3F-AEA2-AEC9E0655330}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{1E4844FB-139A-4936-A3D7-FAF417696664}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{73AB4DC5-285D-41F3-A0C3-035930B656A1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{D15882AE-43F5-46EB-B4CC-C7A6ECF522F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe (Activision Blizzard, Inc.) [File not signed]
FirewallRules: [{76EF8451-CB9F-4F2C-B0FA-0A4185928D3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe (Activision Blizzard, Inc.) [File not signed]
FirewallRules: [{4332D5C2-C27C-44FB-BFC4-2B6F89C8F886}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe (Activision Blizzard, Inc.) [File not signed]
FirewallRules: [{361BCDBF-2C47-4E7F-8A33-3202C05F1094}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe (Activision Blizzard, Inc.) [File not signed]
FirewallRules: [UDP Query User{B2CF0C52-F636-4DB1-8664-FCCCD8B29EEB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4D1E72A3-230D-4F2D-9982-620A5A5990E7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [{8F180936-8E64-4172-B871-5EFD1DECD88D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{09DDD444-0F45-43AB-A610-828A5205F69F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{8F980A63-2C3E-4780-A0A1-70DD35C5DA8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{4888E581-57B4-484C-B3AA-3F309EC7CC40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{C6DD1E95-67F2-41D3-8831-5E421C7A00A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{A733A714-B760-4866-87EA-3929F56C3472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [UDP Query User{D7C5F8AB-6C70-4BD9-8622-A087709F282D}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe (Daybreak Game Company LLC -> )
FirewallRules: [TCP Query User{1DFEAC3E-0A91-4885-8679-EC12526D7491}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe (Daybreak Game Company LLC -> )
FirewallRules: [{7C7101B0-AE69-4DAF-8880-658223451FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{961AE951-207B-43AB-9DB9-7AC1F3E1D690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{8D6DC5D8-992E-404E-ADC2-1EC8467EAFE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS -> Reto-Moto ApS) [File not signed]
FirewallRules: [{5A14F372-074E-477B-9B5D-3231E007E7BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe (Reto-Moto ApS -> Reto-Moto ApS) [File not signed]
FirewallRules: [{4A2B36E2-44E2-4D8B-A0E8-D1EDDADF61BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{EAA35814-D0E4-4D71-85E3-E1A259BDE0FC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{D91094E0-1DF0-477A-B372-23BC816A1807}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D9CC8C1A-96ED-4727-96D3-41FDC2CEBBF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BA1FE18A-F8FE-48E8-A9AA-CB45F4228A17}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{89D4A03F-F86B-4BA4-B08E-E3F8712763D2}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{21C17C3A-07EB-464F-8960-1C9634981F4C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{8BCE48AA-FB17-485D-ACCB-D4C462D234BC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{4EF08BEE-1CDE-46BE-8C85-9C538D9029ED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{F71FF581-BFD8-4197-81C3-F37E2610B7B5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{33F2BE7A-5691-4781-BFFA-6A98EAB1132B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C8E176EB-0A9A-41AC-BCF9-19D3DCF19897}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{352D2B92-2668-40EF-A9A0-7AD9EFD18679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0DCF8505-2BBB-4B96-8165-2B2C91DC90BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{CB7CBEA6-278C-4238-9EA6-4D39B8E36773}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{97E24037-BE70-4767-8DBD-B0E5078E4D53}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{14626AA8-E8C8-4086-A1E3-8454BDEAF82D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{4DDD01D7-944A-487C-B892-42B02FCDC503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{56E50784-8724-46E7-B9F3-F289499E9978}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{AF391E13-8762-4F62-98B1-C0B39109F36A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{2A52C263-82FC-4DE6-B7F2-32804561A0BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe (Digitalmindsoft) [File not signed]
FirewallRules: [TCP Query User{826464B1-1AB6-477A-8965-9B6CEE71BED1}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe => No File
FirewallRules: [UDP Query User{211E1A19-C7F7-4921-A968-706830D8AF9E}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FA19801C-1ED6-47BD-9F24-7A2F6B05A074}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DABBDED9-8BC2-428D-A3B6-8D4E93CF3B9F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [{98EEB5EB-C6EA-48B0-B097-0B6BE692AFCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{A3403DF0-C327-4F4B-94E1-C4A0F2D4FDCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{1736B84E-AC62-4C42-9C88-E84CABA7E1B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [{62AC3DF7-340B-416B-B5A2-5BED8A934691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [TCP Query User{769941D2-39AC-42E6-9CE4-7E32C2E12A1A}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe => No File
FirewallRules: [UDP Query User{B144B9CC-05D0-418E-A2E3-C3FC15C133E7}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe => No File
FirewallRules: [{B8D1AA42-4917-4459-A384-674847981C3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe (Bohemia Interactive a.s. -> Bohemia Interactive) [File not signed]
FirewallRules: [{2AB0BB30-AF52-4D9C-A6DD-436935B8C789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe (Bohemia Interactive a.s. -> Bohemia Interactive) [File not signed]
FirewallRules: [{A91D2A52-7E20-462A-923B-369C9FEC0D7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{1EB0D12D-BB04-426B-BBCD-92893A75DC69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{B468ABB8-4C40-4DED-8730-7033F45A10CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{9167D3A2-3168-4FC0-AFA6-C0305EF8C325}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe (Bohemia Interactive a.s. -> Bohemia Interactive)
FirewallRules: [{669F8DB7-08BF-4E73-92AA-46FF1EFDB3E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe (Bohemia Interactive a.s. -> Bohemia Interactive) [File not signed]
FirewallRules: [{6F0E32B6-414C-4A24-BAC5-08D58C47199A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe (Bohemia Interactive a.s. -> Bohemia Interactive) [File not signed]
FirewallRules: [{9CD4752F-DF84-483D-9D5B-6E04735DAF61}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{11EBDD2B-9B18-4A1A-B9E6-CC674436F701}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{5E589B31-3438-4629-8C90-5B25571FC540}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8FD7CA37-588B-4F42-ADC1-73F9A4411772}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{218F48E2-AC0C-4A6B-A936-07F33E279074}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E853380D-0496-429D-B259-DC3A75866726}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{2AF81C5B-2EC2-4F4B-A38C-788C31558DA1}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{68D9EE45-4B56-44CE-A47C-AFBB83E19DB7}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{36F7EFB0-4501-485B-9D78-AF97CEA84E68}] => (Block) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{BFC7C1CE-AED9-486E-A226-F662019CDCB5}] => (Block) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{78E66242-9851-4259-8A1A-F85684BB4F65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZLauncher.exe (Bohemia Interactive a.s. -> Bohemia Interactive) [File not signed]
FirewallRules: [{A8D8D228-1424-4DCD-8364-AEACD49B2E6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZLauncher.exe (Bohemia Interactive a.s. -> Bohemia Interactive) [File not signed]
FirewallRules: [{73CA1D16-A933-456C-800C-78C3E28D1B21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{D3782085-1EA5-4809-8694-742A636B8E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{D39098BE-92F9-4F27-A2BD-E78DDA00CB48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{E874C396-975B-476F-ABDA-C6577CD18B69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{F2468ED1-063F-4432-A16C-D88532887667}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D3DDB5A5-5EB3-4C3E-8CDE-F761E08F2E26}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C362EB6D-288F-456D-860D-2F7929E3A5D3}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6024C98D-68A4-4AF9-91EB-1AD989925485}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{154D07EB-B5D5-469D-836B-F1C1B890EE5A}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{25D0566C-247E-468E-9A1D-72A0DE1659A7}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B9CC03E3-71B9-493D-8149-AB64838E7EBD}] => (Allow) C:\Users\Home\AppData\Local\Kingsoft\WPS Office\10.2.0.7646\office6\wpscloudsvr.exe => No File
FirewallRules: [{D79EAB44-D937-4A11-BE00-08FFFB5DCB66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{85E8D5A3-185C-44EA-BF4D-AC34336C03B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2019\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{6976E1F5-FB7B-485B-843D-FD3436B4D1E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2019 Touch\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{B87DF12B-4ABD-4A08-BDDD-A7B12EDA7A3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2019 Touch\fm.exe (Sports Interactive) [File not signed]
FirewallRules: [{1B0F4A7C-D0DE-4CE5-9CFB-947AF0715D46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{3A8A8D32-8830-43C0-A324-C6457DD67E4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [TCP Query User{F3C31087-2C2F-44D7-9502-0CB60D568335}C:\program files (x86)\minecraft\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{0B8D1A7C-17BA-430C-9C02-E41DE2E7CB5E}C:\program files (x86)\minecraft\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{0BEBC6AC-4E62-4C8C-A00B-1D35667DBB8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{81B7AF41-E3B1-44EE-B9E0-FE1DEF7C1863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{F8D8DAC8-65E4-4F57-ACC0-D4A2314C8DC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Medieval 1 Gold\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{7948777B-F7F1-4158-87C9-D4BDEF38FA93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Medieval 1 Gold\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{22395617-8F80-45C3-9174-CC778E570F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{8F3B669A-C16F-494C-839B-00CEC9B1C1E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{10E8507E-D470-42A3-A78C-F9BA004546AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe () [File not signed]
FirewallRules: [{6338DA93-C146-45DF-B17E-B30996C5A155}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe () [File not signed]
FirewallRules: [{5C1611B4-FA04-4246-AB6B-F8E71B357A8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe (America's Army, US Army) [File not signed]
FirewallRules: [{390DCBE2-61B6-4124-8D38-02A5086E2D47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe (America's Army, US Army) [File not signed]
FirewallRules: [{999C6F84-157D-44BB-8F30-AC2AE8FD4F8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{16259830-A70E-42B6-B386-5B3E2B86EE56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9DA46FF7-EB02-4846-9F15-46E33592A399}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1D76CE4A-BE2A-455D-AC0B-8023CAD8D943}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{844FB363-089F-411A-A910-4FBBB97E6128}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66F7E029-3938-47D7-90A4-FE3DAB1B65B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B9D77DAD-5A42-42CA-8F0E-6F4669C0A2D9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4058B162-E75B-42EE-B1A4-5E94DD8B279F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
14-03-2022 20:26:49 Scheduled Checkpoint
16-03-2022 20:00:33 Windows Modules Installer
19-03-2022 22:05:22 Windows Update
22-03-2022 20:15:19 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/24/2022 04:17:19 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (03/23/2022 09:35:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15516
Error: (03/23/2022 09:35:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15516
Error: (03/23/2022 09:35:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/23/2022 09:21:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (03/23/2022 09:21:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (03/23/2022 09:20:32 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (03/23/2022 06:30:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15454
System errors:
=============
Error: (03/23/2022 09:20:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Solutions Framework Service service hung on starting.
Error: (03/23/2022 09:15:34 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Resource-Exhaustion-Detector/Operational.
Error: (03/23/2022 09:15:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WCAssistantService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/23/2022 09:15:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the WCAssistantService service to connect.
Error: (03/23/2022 09:14:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error:
A device attached to the system is not functioning.
Error: (03/23/2022 09:13:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:22:45 PM on 3/23/2022 was unexpected.
Error: (03/23/2022 08:26:05 PM) (Source: DCOM) (EventID: 10010) (User: Personal)
Description: The server Microsoft.YourPhone_1.22022.147.0_x64__8wekyb3d8bbwe!App.AppXvctmff39365zg14pgmystcwtys462fpa.mca did not register with DCOM within the required timeout.
Error: (03/23/2022 08:23:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error:
A device attached to the system is not functioning.
CodeIntegrity:
===============
Date: 2022-03-24 16:17:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
Date: 2022-03-24 16:10:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: AMI 80.11 03/10/2015
Motherboard: Hewlett-Packard 2B17
Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 49%
Total physical RAM: 11188.84 MB
Available physical RAM: 5638.05 MB
Total Virtual: 13876.84 MB
Available Virtual: 6968.86 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1843.69 GB) (Free:615.62 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:17.01 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (The Sims 4 Get Famous) (CDROM) (Total:30.11 GB) (Free:0 GB) UDF
\\?\Volume{ca3d939d-af81-44e3-b99c-e79f3fb437fe}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{a885fd30-6f6b-48e7-86b4-614840acf834}\ () (Fixed) (Total:0.83 GB) (Free:0.4 GB) NTFS
\\?\Volume{e951995c-0278-46bf-8751-af05b9198468}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.28 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: ED833684)
Partition: GPT.
==================== End of Addition.txt =======================Your Speccy log shows signs of infection.
Please do the following.
Uninstall with Geek uninstaller the following programs.
ByteFence
Comodo GeekBuddy
Advanced-PC-Care
SlimCleaner Plus
DNSWAXHAW
DriverUpdate
Lavasoft\Web Companion
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
- Accept the default whitelist options,
- If the additions.txt options box is not checked please select it.
- Then select Scan
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post for review by our Security Team
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-03-2022
Ran by Home (administrator) on PERSONAL (Hewlett-Packard 700-406) (24-03-2022 17:15:27)
Running from C:\Users\Home\Desktop
Loaded Profiles: Home
Platform: Microsoft Windows 10 Home Version 21H2 19044.1620 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler64.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Users\Home\AppData\Local\kingsoft\WPS Office\11.2.0.11029\office6\wpscloudsvr.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Home\AppData\Local\kingsoft\WPS Office\11.2.0.11029\office6\wpscenter.exe <2>
(C:\Users\Home\AppData\Local\Temp\7zOC3FF5BC3\geek.exe ->) (CrystalBit Solutions -> Geek UnС–nstaller) C:\Users\Home\AppData\Local\Temp\geek64.exe
(C:\Users\Home\AppData\Local\Temp\Twitch\Twitch.exe ->) (Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Home\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe <8>
(C:\Users\Home\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe ->) (Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Home\AppData\Roaming\Twitch\Bin\TwitchAgent.exe
(cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe
(cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(CrystalBit Solutions -> Geek UnС–nstaller) C:\Users\Home\AppData\Local\Temp\7zOC3FF5BC3\geek.exe
(DriverStore\FileRepository\u0360518.inf_amd64_bb1458fc01b97b57\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360518.inf_amd64_bb1458fc01b97b57\B360357\atieclxx.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <17>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360518.inf_amd64_bb1458fc01b97b57\B360357\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(services.exe ->) (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\5.1.104.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_22_2\mcapexe.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(services.exe ->) (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Twitch Interactive, Inc. -> Twitch Interactive, Inc.) C:\Users\Home\AppData\Local\Temp\Twitch\Twitch.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Home\AppData\Local\kingsoft\WPS Office\11.2.0.11029\office6\wpscloudsvr.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Integrated Device Technology Inc. -> Hewlett-Packard) [File not signed]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe (No File)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3183328 2022-03-11] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485400 2017-08-29] (Comodo Security Solutions, Inc. -> Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4279208 2022-03-14] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33031648 2021-05-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8442464 2021-02-05] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Run: [MLWapp2] => C:\Program Files (x86)\MLWapp\MLWapp.exe [4185600 2021-10-25] (mylivewallpapers.com) [File not signed]
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\MountPoints2: {c74bdcc6-322a-11e9-8349-d85de2b2cec6} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\hpcpp155: C:\Windows\System32\spool\prtprocs\x64\hpcpp155.DLL [596256 2013-08-21] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP C011 Status Monitor: C:\WINDOWS\system32\hpinkstsC011LM.dll [336416 2013-09-09] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [423936 2014-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.82\Installer\chrmstp.exe [2022-03-20] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\99.1.36.119\Installer\chrmstp.exe [2022-03-22] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2017-09-03]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc. -> Comodo Security Solutions, Inc.)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-11-22]
ShortcutTarget: Twitch.lnk -> C:\Users\Home\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02FA819C-9576-4876-9F21-564A3D01A05E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [314032 2022-02-25] (HP Inc. -> HP Inc.)
Task: {08D18D4F-571D-4DDE-B9AB-702E87A133E7} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {0B7A9D7C-961E-47D6-9A60-78C01B2CA9B9} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.) <==== ATTENTION
Task: {0B80F4A2-32A2-457E-B470-744289DF4BBF} - System32\Tasks\WpsExternal_Home_20220308172319 => C:\Users\Home\AppData\Local\Kingsoft\WPS Office\11.2.0.11029\office6\wpscloudsvr.exe [1058504 2022-03-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {14A7F350-4E6F-4539-8A70-24BE70C27E7A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [339008 2013-03-12] (CyberLink Corp. -> CyberLink Corp.)
Task: {194E940D-1882-43BA-9B6D-5AF00E0F88B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1B202B0B-DBEC-49A3-86C3-DAE560D175CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {2675B749-6D2A-42C2-B4C6-34A921937250} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761976 2022-02-18] (McAfee, LLC -> McAfee, LLC)
Task: {281A3842-9778-4F38-9763-969E0A5471D3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [926064 2022-02-18] (McAfee, LLC -> McAfee, LLC)
Task: {29692CFD-2C93-46AC-8BB3-1C547D8DD983} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110968 2022-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {305C0139-423B-4AA6-94CF-A52FCDD3F803} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {30B07724-4BA4-4E86-837F-378032E1C140} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-02-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {31108886-40F3-4B2B-A864-D0E602750002} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-02-25] (HP Inc. -> HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {38901636-5308-4902-922A-03830F081242} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe /schedulescan (No File) <==== ATTENTION
Task: {448AD10B-E416-4BFC-9C32-508C0FB00494} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [926064 2022-02-18] (McAfee, LLC -> McAfee, LLC)
Task: {45CAF121-0D35-4FE4-9BCB-106D42BF43E9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580696 2022-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {50879F0C-FCAC-4C42-8990-381E29306A0A} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {53219766-8994-4C00-BBC9-8292328C1FD3} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-02-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {562F4935-BA7E-4910-B8B1-B5949146747C} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {65DF8227-26BF-4D90-8E94-DC73D5303E9E} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe -dailyScan (No File) <==== ATTENTION
Task: {686F6670-B0C4-4815-87F2-6B3D56DA21B8} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe /a (No File) <==== ATTENTION
Task: {6A093AFA-63B9-41F4-BFDA-1DDE04003121} - System32\Tasks\DNSWAXHAW => dnswaxhaw.exe /Scheduled (No File) <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {793D75DE-5E9E-4F60-8B03-7982F8BF2F87} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110968 2022-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {837C3030-FCF0-4119-83AC-AC46C23DBCE3} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-02-03] (McAfee, Inc. -> McAfee, LLC.)
Task: {85553577-BBEC-4CC6-8052-B14BEEE9D479} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {86322359-800E-49C1-8742-D22EA409EE59} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8DAAD975-B933-479C-8083-5175D21F1250} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /doScheduledScan (No File)
Task: {8F279014-A0FC-43B1-B962-3B1577507755} - System32\Tasks\HomeMusicallyDoggerV2 => rundll32.exe CreditGeneric.dll,main 7 1 <==== ATTENTION
Task: {91993843-3DD1-4766-A27F-6859C3474651} - System32\Tasks\Advanced-PC-Care_Logon => C:\Program Files\Advanced-PC-Care\apc.exe startuplaunch (No File) <==== ATTENTION
Task: {9532D7E5-EAAE-425F-9E5A-DDE0CE209D60} - \WPD\SqmUpload_S-1-5-21-1362471941-3298207752-877008659-1001 -> No File <==== ATTENTION
Task: {9B12E4BF-D4F2-4DA1-81FC-B672715C58F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-02-25] (HP Inc. -> HP Inc.)
Task: {9F93FFF6-9B15-4A9D-82CE-1971B37C7012} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B5189ECB-4DE8-432D-91CB-5BFADE28DC7D} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B6EE3932-485F-48FD-9D2A-49168D9E4AE6} - System32\Tasks\HPCheckDropBoxStatus => c:\hp\HPQWare\DropBox\HPAppDetector.exe #launch (No File)
Task: {B9F376AF-2000-45FD-AC47-586E6A8FC872} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BD42C330-B81F-488A-A111-CD1DC1708A57} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BDF0FDA7-4443-47C3-9082-354A16719EC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {BF39019A-37FD-4F2D-A87D-3A9A10567F9D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2021-06-07] (Adobe Inc. -> Adobe)
Task: {C1B1DB89-1BCC-40C0-8BD6-E260C8CC09B2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-06-07] (Adobe Inc. -> Adobe)
Task: {C463490F-C62D-43CF-BBC9-BDFC82C5793B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CEDC8117-FD14-4BA7-96A5-ABAA66FC2A4F} - System32\Tasks\WpsUpdateTask_Home => C:\Users\Home\AppData\Local\Kingsoft\WPS Office\11.2.0.11029\office6\wpsupdate.exe [169672 2022-03-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D0CFF2B6-BF90-4505-9BF7-5ED5E7FE67C6} - System32\Tasks\{9EB1E11A-2B6D-4EA9-8A17-0618EB9B971A} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Home\Downloads\SuperMario64.exe -d C:\Users\Home\Downloads
Task: {D71AE5F6-7C27-497D-B7D1-EAD3F3807D80} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4557960 2022-02-07] (McAfee, LLC -> McAfee, LLC)
Task: {DA8B3BF6-26DC-4B7E-AA68-71FB7B847E7B} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4089168 2022-02-08] (McAfee, LLC -> McAfee, LLC)
Task: {DCA6AA10-7AE9-4E05-A096-6846D4D39276} - System32\Tasks\{ED5E31C4-AC10-2186-59C1-78BCCE3C3156} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\7adbea9a\2294f08d.dll" <==== ATTENTION
Task: {E263BF26-CA2A-4C1A-8D92-F883149BCD85} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.) <==== ATTENTION
Task: {EB34F583-4A52-4972-B6C8-57F4718D0207} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580696 2022-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {F672DF9E-CD7D-4BA0-A541-E414C7DF0C14} - System32\Tasks\{4DF3122E-B569-475E-9DF6-A2713C96B2B3} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Home\AppData\Local\{5A436C1F-7EEB-00A7-1373-254F371BD9D7}\uninstall.exe -c /Uninstall /s /noun /DelSelfDir
Task: {F7BA5560-CA5F-40E6-B447-097749F0F5C2} - System32\Tasks\{5AE2E1F4-B4B5-42B5-9F7F-78FBB61C877A} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Home\Downloads\nazi_zombie_Hells_Field_V2.exe -d C:\Users\Home\Downloads
Task: {FB060E64-AA40-45F2-8944-FF86A2F46C54} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCAC3F4F-5408-416C-8914-4EAFB4E4C54B} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe -scheduled (No File) <==== ATTENTION
Task: {FEA5A1C9-B292-407F-A1A9-2597B8F0D47D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-20] (Google Inc -> Google Inc.)
Task: {FF899FE5-AACD-4182-A19E-B9AE13EBA1AD} - System32\Tasks\Opera scheduled Autoupdate 1513740553 => C:\Users\Home\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {FFA07FC6-BFC7-47B6-A466-1EBE26C3286F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{66caa6a7-0fa6-4799-9a05-dc92a8d9b557}: [NameServer] 82.163.143.171,82.163.142.173
Tcpip\..\Interfaces\{66caa6a7-0fa6-4799-9a05-dc92a8d9b557}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{67e88f71-0545-4369-a69e-bd88236228ff}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a15ca902-8928-4cb6-bcd9-9425c859e0fc}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{a15ca902-8928-4cb6-bcd9-9425c859e0fc}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{c81c8dd9-efed-460b-aa13-7f4787e4778d}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{c81c8dd9-efed-460b-aa13-7f4787e4778d}: [DhcpNameServer] 82.163.143.171
Edge:
=======
Edge Notifications: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> hxxp://play.pokemonshowdown.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Home\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-19]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2022-03-10] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-02-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-02-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2022-02-22] (McAfee, LLC -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32.dll [2016-11-24] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] (Foxit Corporation -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2022-02-22] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] (WildTangent Inc -> )
Chrome:
=======
CHR DefaultProfile: Profile 5
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2022-03-06]
CHR Notifications: Default -> hxxps://myquickconverter.com; hxxps://play.pokemonshowdown.com
CHR StartupUrls: Default -> "hxxp://googl.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://dmpblnkpaodeeghpbefimokkpldhejjf/start/index.html", Not-active:"chrome-extension://nlccbfofdgkhefnadicieoobmkeogcef/newtab/slim_product.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1264G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-20]
CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-20]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-03]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-20]
CHR Extension: (uBlock Origin) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-10-15]
CHR Extension: (greatnewtabtheme) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpblnkpaodeeghpbefimokkpldhejjf [2018-12-18]
CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-15]
CHR Extension: (Cartoon Strike: Lite) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfemhhabidncpdojhkecgbjpfmhgddmh [2020-01-24]
CHR Extension: (My Quick Converter) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlccbfofdgkhefnadicieoobmkeogcef [2018-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR Extension: (HUNTERxHUNTER バトルコレクション[ChromeApps版]) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakflelekebmlebbomibeiadkfbdkbad [2017-11-20]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-03]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-02-02]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-09-30]
CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-29]
CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-29]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-14]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-29]
CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-14]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-14]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3 [2021-08-30]
CHR DefaultSearchURL: Profile 3 -> hxxps://search.yahoo.com/yhs/search?p={searchTerms}&hspart=comodo&hsimp=yhs-ccs&type=default
CHR DefaultSearchKeyword: Profile 3 -> Yahoo
CHR DefaultSuggestURL: Profile 3 -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-07]
CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-07]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-30]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-07]
CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-07]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-30]
CHR Extension: (Yahoo Partner) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2020-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-30]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-30]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5 [2022-02-02]
CHR StartupUrls: Profile 5 -> "hxxp://googl.com/"
CHR DefaultSearchURL: Profile 5 -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US1264G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 5 -> McAfee
CHR DefaultSuggestURL: Profile 5 -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-01]
CHR Extension: (Privacy Pass) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2022-02-01]
CHR Extension: (Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-01]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-01]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-01]
CHR Extension: (uBlock Origin) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-02-01]
CHR Extension: (Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-01]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-01]
CHR Extension: (Cartoon Strike: Lite) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jfemhhabidncpdojhkecgbjpfmhgddmh [2022-02-01]
CHR Extension: (zen temple) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee [2022-02-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-01]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-01]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\System Profile [2022-02-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-1362471941-3298207752-877008659-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
Brave:
=======
BRA Profile: C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-03-24]
BRA DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}&source=desktop
BRA DefaultSearchKeyword: Default -> :br
BRA DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
BRA Extension: (Privacy Pass) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2022-02-22]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-03-19]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-03-22]
BRA Extension: (Brave NTP background images) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-19]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-03-17]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-03-20]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-03-24]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Home\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-03-17]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2021-06-07] (Adobe Inc. -> Adobe)
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [60704 2021-05-11] (Advanced Micro Devices, Inc. -> AMD)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-02-11] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-02-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-02-02] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11649952 2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [77472 2017-08-29] (Comodo Security Solutions, Inc. -> Comodo Security Solutions, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-02-02] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent Inc -> WildTangent)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485400 2017-08-29] (Comodo Security Solutions, Inc. -> Comodo Security Solutions, Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [761856 2022-02-25] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [760864 2022-02-25] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [756720 2022-02-25] (HP Inc. -> HP Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [760304 2022-02-25] (HP Inc. -> HP Inc.)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (Comodo Security Solutions, Inc. -> COMODO)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [972936 2022-03-10] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_22_2\McApExe.exe [816296 2022-02-18] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\5.1.104.0\\McCSPServiceHost.exe [3378048 2022-02-17] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1217800 2022-02-04] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1217800 2022-02-04] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1217800 2022-02-04] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546144 2022-02-18] (McAfee, LLC -> McAfee, LLC)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4235968 2022-02-19] (McAfee, LLC -> McAfee, LLC)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2015-10-27] (Even Balance, Inc. -> )
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10401912 2022-03-11] (Riot Games, Inc. -> Riot Games, Inc.)
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29280 2021-02-05] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 AODDriver4.3.0; C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [60104 2015-02-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Comodo Security Solutions, Inc. -> Windows (R) Win 7 DDK provider)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72224 2022-02-09] (McAfee, Inc. -> McAfee, LLC)
S3 cpuz149; C:\Users\Home\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2022-03-22] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
S3 DrvAgent64; C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-12-16] (eSupport.com, Inc -> Phoenix Technologies)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (Comodo Security Solutions, Inc. -> COMODO)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [469528 2022-02-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [344088 2022-02-09] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83400 2022-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [439320 2022-02-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [911904 2022-02-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [645656 2022-02-10] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [111136 2022-02-10] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [107040 2022-02-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [228888 2022-02-09] (McAfee, Inc. -> McAfee, LLC)
S3 ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [10112 2015-06-29] (support.com, Inc. -> support.com, Inc)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2014-03-28] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2022-03-24] (SlimWare Utilities Inc. -> )
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8508504 2022-03-11] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-10-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [434424 2021-10-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-15] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-24 17:04 - 2022-03-24 17:18 - 000049279 _____ C:\Users\Home\Desktop\FRST.txt
2022-03-24 17:02 - 2022-03-24 17:17 - 000000000 ____D C:\FRST
2022-03-24 17:00 - 2022-03-24 17:00 - 002365440 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2022-03-24 16:54 - 2022-03-24 16:54 - 002722717 _____ C:\Users\Home\Desktop\geek (1).zip
2022-03-24 16:48 - 2022-03-24 16:48 - 000039449 _____ C:\Users\Home\Documents\bytefence.html
2022-03-24 16:47 - 2022-03-24 16:57 - 000000000 ____D C:\Users\Home\AppData\Roaming\Geek Uninstaller
2022-03-24 16:46 - 2022-03-24 16:46 - 002722717 _____ C:\Users\Home\Desktop\geek.zip
2022-03-24 16:25 - 2022-03-24 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2022-03-23 00:25 - 2022-03-23 00:25 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-03-23 00:25 - 2022-03-23 00:25 - 000011791 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-23 00:24 - 2022-03-23 00:24 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-03-23 00:23 - 2022-03-23 00:23 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-03-22 23:40 - 2022-03-22 23:40 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-03-22 23:40 - 2022-03-22 23:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2022-03-22 23:40 - 2022-03-22 23:40 - 000000000 ____D C:\Program Files\Speccy
2022-03-22 23:39 - 2022-03-22 23:39 - 008234296 _____ (Piriform Software Ltd) C:\Users\Home\Desktop\spsetup132.exe
2022-03-22 20:19 - 2022-03-22 20:19 - 000000000 ___HD C:\$WinREAgent
2022-03-22 19:56 - 2022-03-22 19:58 - 329701425 _____ C:\Users\Home\Desktop\60731a82-6a2b-427d-9a43-6f72166081eb.tmp
2022-03-22 19:55 - 2022-03-22 19:56 - 329701425 _____ C:\Users\Home\Downloads\amd-catalyst-15.7.1-with-dotnet45-win8.1-64bit.zip
2022-03-22 19:48 - 2022-03-22 19:48 - 008970773 _____ C:\Users\Home\Downloads\DriverPack-17-Online_undefined__vby6lsy6k8vztu6.exe
2022-03-22 19:43 - 2020-10-29 13:33 - 001783920 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-03-22 19:43 - 2020-10-29 13:33 - 001783920 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-03-22 19:43 - 2020-10-29 13:33 - 001374320 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-03-22 19:43 - 2020-10-29 13:33 - 001374320 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-03-22 19:43 - 2020-10-29 13:33 - 001085360 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-03-22 19:43 - 2020-10-29 13:33 - 001085360 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-03-22 19:43 - 2020-10-29 13:33 - 000944208 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-03-22 19:43 - 2020-10-29 13:33 - 000944208 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-03-22 19:43 - 2020-10-29 13:33 - 000736880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2022-03-22 19:43 - 2020-10-29 13:33 - 000046704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2022-03-22 19:43 - 2020-10-29 13:33 - 000043632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 064809072 _____ C:\WINDOWS\system32\amd_comgr.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 053684848 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 004630640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 004141168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 001774192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000760432 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2022-03-22 19:43 - 2020-10-29 13:32 - 000621168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000496752 _____ C:\WINDOWS\system32\GameManager64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000493168 _____ C:\WINDOWS\system32\dgtrayicon.exe
2022-03-22 19:43 - 2020-10-29 13:32 - 000468592 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000456304 _____ C:\WINDOWS\system32\atieah64.exe
2022-03-22 19:43 - 2020-10-29 13:32 - 000432752 _____ C:\WINDOWS\system32\EEURestart.exe
2022-03-22 19:43 - 2020-10-29 13:32 - 000380016 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000351856 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2022-03-22 19:43 - 2020-10-29 13:32 - 000339568 _____ C:\WINDOWS\system32\clinfo.exe
2022-03-22 19:43 - 2020-10-29 13:32 - 000245360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000213104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000186992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000182392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000167024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000166512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000158656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000156784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000142448 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000140912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000135792 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000134768 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000125552 _____ C:\WINDOWS\system32\atidxx64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000122480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000120432 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000107632 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000107120 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000090736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000075376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000070256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000019784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2022-03-22 19:43 - 2020-10-29 13:32 - 000019784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 071030384 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 001686016 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 001365368 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000941168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000768624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000553584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000546800 _____ C:\WINDOWS\system32\amdmiracast.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000489584 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000466544 _____ C:\WINDOWS\system32\amdlogum.exe
2022-03-22 19:43 - 2020-10-29 13:31 - 000383600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000380016 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000198312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000167400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000135928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000120264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2022-03-22 19:43 - 2020-10-29 13:31 - 000097392 _____ C:\WINDOWS\system32\amdverag.dll
2022-03-22 19:43 - 2020-10-29 12:29 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2022-03-22 19:43 - 2020-10-29 12:29 - 000138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2022-03-22 19:43 - 2020-10-29 12:29 - 000125488 _____ C:\WINDOWS\system32\kapp_ci.sbin
2022-03-22 19:43 - 2020-10-29 12:29 - 000121168 _____ C:\WINDOWS\system32\kapp_si.sbin
2022-03-22 19:43 - 2020-10-29 12:28 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2022-03-22 19:43 - 2020-10-29 12:28 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2022-03-22 19:43 - 2020-10-29 12:28 - 000544256 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2022-03-22 19:43 - 2020-10-29 12:28 - 000544256 _____ C:\WINDOWS\system32\atiapfxx.blb
2022-03-22 19:43 - 2020-10-29 12:28 - 000204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2022-03-22 19:43 - 2020-10-29 12:28 - 000204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2022-03-22 19:43 - 2020-10-29 12:28 - 000157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2022-03-22 19:43 - 2020-10-29 12:28 - 000157144 _____ C:\WINDOWS\system32\ativvsva.dat
2022-03-22 19:43 - 2020-10-29 12:28 - 000069770 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2022-03-22 19:43 - 2020-10-29 12:28 - 000020790 _____ C:\WINDOWS\SysWOW64\ativvsnl.dat
2022-03-22 19:43 - 2020-10-29 12:28 - 000020790 _____ C:\WINDOWS\system32\ativvsnl.dat
2022-03-22 19:43 - 2020-10-29 12:28 - 000000025 _____ C:\WINDOWS\SysWOW64\ativvsny.dat
2022-03-22 19:43 - 2020-10-29 12:28 - 000000025 _____ C:\WINDOWS\system32\ativvsny.dat
2022-03-22 19:26 - 2022-03-22 19:26 - 000000000 ____D C:\Users\Home\AppData\Local\AMD_Common
2022-03-22 14:16 - 2022-03-22 14:16 - 006392680 _____ (Geek UnС–nstaller) C:\Users\Home\Desktop\geek.exe
2022-03-20 15:55 - 2022-03-20 15:55 - 000003304 _____ C:\WINDOWS\system32\Tasks\StartCNBM
2022-03-20 15:47 - 2022-03-24 16:12 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-03-20 15:45 - 2022-03-20 15:45 - 000003488 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2022-03-20 15:45 - 2022-03-20 15:45 - 000003080 _____ C:\WINDOWS\system32\Tasks\StartDVR
2022-03-20 15:45 - 2022-03-20 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Link For Windows
2022-03-20 15:45 - 2022-03-20 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2022-03-20 15:44 - 2022-03-20 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2022-03-20 15:42 - 2022-03-20 15:42 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2022-03-20 15:37 - 2022-03-20 15:54 - 000000000 ____D C:\ProgramData\AMD
2022-03-20 15:37 - 2022-03-20 15:53 - 000000000 ____D C:\Program Files\AMD
2022-03-20 15:37 - 2021-05-11 11:00 - 002260008 _____ (AMD Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe
2022-03-20 15:29 - 2022-03-20 15:29 - 000000000 ____D C:\Users\Home\AppData\Local\RadeonInstaller
2022-03-20 15:26 - 2022-03-20 15:27 - 483208432 _____ (AMD Inc.) C:\Users\Home\Downloads\radeon-software-adrenalin-2020-21.5.2-win10-64bit-legacyasics-june21-legacy (1).exe
2022-03-19 23:07 - 2022-03-22 23:40 - 000000000 ____D C:\Users\Romeo
2022-03-19 23:07 - 2022-03-19 23:07 - 000000020 ___SH C:\Users\Romeo\ntuser.ini
2022-03-19 23:07 - 2022-03-19 23:07 - 000000000 ____D C:\Users\Romeo\AppData\Local\Packages
2022-03-19 23:07 - 2022-03-19 23:07 - 000000000 ____D C:\Users\Romeo\AppData\Local\ConnectedDevicesPlatform
2022-03-19 23:07 - 2022-03-19 23:07 - 000000000 ____D C:\Users\Romeo\AppData\Local\AMD
2022-03-19 23:07 - 2019-12-07 02:10 - 000001105 _____ C:\Users\Romeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-19 23:07 - 2016-08-09 12:11 - 000000000 ____D C:\Users\Romeo\Documents\hp.system.package.metadata
2022-03-19 23:07 - 2016-08-09 12:11 - 000000000 ____D C:\Users\Romeo\Documents\hp.applications.package.appdata
2022-03-19 23:07 - 2016-08-09 12:11 - 000000000 ____D C:\Users\Romeo\AppData\Roaming\ATI
2022-03-19 23:07 - 2016-08-09 12:11 - 000000000 ____D C:\Users\Romeo\AppData\Local\ATI
2022-03-19 21:43 - 2022-03-19 21:43 - 000000000 ____D C:\WINDOWS\pss
2022-03-17 23:48 - 2022-03-19 21:26 - 000001569 _____ C:\Users\Home\Desktop\Riot Client.lnk
2022-03-17 23:32 - 2022-03-17 23:33 - 483208432 _____ (AMD Inc.) C:\Users\Home\Downloads\radeon-software-adrenalin-2020-21.5.2-win10-64bit-legacyasics-june21-legacy.exe
2022-03-14 21:04 - 2022-03-20 15:44 - 000000000 ____D C:\WINDOWS\system32\AMD
2022-03-14 19:59 - 2022-03-14 19:59 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-03-14 19:59 - 2022-03-14 19:59 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-14 19:58 - 2022-03-14 19:58 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-14 19:58 - 2022-03-14 19:58 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-03-14 18:36 - 2022-03-19 21:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-03-08 18:24 - 2022-03-08 18:24 - 000003736 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Home
2022-03-08 18:23 - 2022-03-08 18:23 - 000004054 _____ C:\WINDOWS\system32\Tasks\WpsExternal_Home_20220308172319
2022-02-22 12:47 - 2022-02-22 12:47 - 000000000 ____D C:\Users\Home\Documents\FeedbackHub
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-24 17:13 - 2017-11-20 20:45 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-24 16:59 - 2015-09-27 18:26 - 000000000 ____D C:\Program Files (x86)\Steam
2022-03-24 16:52 - 2017-08-01 23:54 - 000000000 ____D C:\Program Files (x86)\DriverUpdate
2022-03-24 16:43 - 2021-02-08 22:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-24 16:24 - 2016-07-25 15:46 - 000000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
2022-03-24 16:22 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-24 16:22 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-24 16:17 - 2021-02-08 23:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2022-03-24 16:14 - 2019-08-08 00:17 - 000000000 ____D C:\Users\Home\AppData\Roaming\Twitch
2022-03-24 16:13 - 2017-02-27 20:03 - 000000434 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
2022-03-24 16:12 - 2017-02-27 20:03 - 000013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2022-03-23 21:34 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-23 21:24 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-23 21:21 - 2021-02-08 22:45 - 000006884 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-23 21:15 - 2016-06-02 20:56 - 000000258 __RSH C:\ProgramData\ntuser.pol
2022-03-23 21:13 - 2021-02-08 23:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-23 21:13 - 2021-02-08 22:22 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-23 18:53 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-03-23 18:51 - 2021-02-08 22:30 - 000000000 ____D C:\Users\Home
2022-03-23 18:43 - 2022-02-03 00:44 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2022-03-23 18:27 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-03-23 17:33 - 2021-02-08 23:12 - 000004150 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{66FAF945-47C5-4EC4-951B-E5710B6DD2DD}
2022-03-23 17:22 - 2021-02-08 22:22 - 000330112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-23 17:20 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-03-23 17:20 - 2017-10-12 16:46 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-23 17:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-23 17:19 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-22 19:23 - 2015-09-27 12:05 - 000000000 ____D C:\Users\Home\AppData\Local\AMD
2022-03-22 19:17 - 2021-02-11 17:25 - 000000000 ____D C:\Users\Home\AppData\Local\cache
2022-03-22 19:16 - 2022-02-02 02:04 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-03-22 19:16 - 2022-02-02 02:04 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-03-20 15:33 - 2018-06-11 20:26 - 000000000 ____D C:\Users\Home\AppData\Roaming\ATI
2022-03-20 15:33 - 2015-09-27 11:46 - 000000000 ____D C:\AMD
2022-03-20 14:58 - 2017-11-20 20:45 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-20 14:58 - 2017-11-20 20:45 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-19 21:45 - 2022-02-03 00:01 - 000000000 ____D C:\Program Files\Riot Vanguard
2022-03-19 21:37 - 2022-01-26 15:52 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-03-19 21:37 - 2018-09-14 19:06 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-03-19 21:37 - 2015-07-13 18:20 - 000002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2022-03-19 21:36 - 2022-02-02 23:59 - 000000000 ____D C:\ProgramData\Riot Games
2022-03-19 21:01 - 2020-06-25 15:23 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-17 22:44 - 2022-02-03 00:19 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1362471941-3298207752-877008659-1001
2022-03-17 22:44 - 2021-02-08 23:12 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1362471941-3298207752-877008659-1001
2022-03-17 22:44 - 2021-02-08 22:30 - 000002422 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-14 20:58 - 2018-08-13 01:17 - 000000000 ____D C:\Users\Home\AppData\Local\D3DSCache
2022-03-14 20:47 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-14 20:47 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-14 20:47 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-14 20:12 - 2015-07-13 18:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-03-14 19:58 - 2021-02-08 22:27 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-14 18:37 - 2016-07-25 15:41 - 000255784 _____ C:\WINDOWS\ntbtlog.txt
2022-03-14 18:27 - 2020-08-20 16:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-10 18:14 - 2021-02-08 23:12 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2022-03-10 18:04 - 2018-09-14 19:06 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-03-10 18:04 - 2018-09-14 19:06 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-03-10 18:04 - 2018-09-01 22:02 - 000001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2022-03-10 00:29 - 2016-08-06 17:02 - 000000000 ____D C:\Program Files\Common Files\McAfee
2022-03-10 00:27 - 2021-02-08 23:12 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2022-03-10 00:23 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-10 00:23 - 2016-08-06 17:21 - 000000000 ____D C:\Program Files\McAfee
2022-03-08 17:43 - 2015-09-28 11:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-08 17:22 - 2015-09-28 11:25 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-08 17:12 - 2021-02-25 18:13 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6fea696c0a4d4
2022-03-08 17:12 - 2021-02-08 23:12 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-06 00:18 - 2022-02-03 20:04 - 000000000 ____D C:\Program Files\HP
2022-03-01 22:56 - 2021-02-05 17:32 - 000000000 __RSD C:\Users\Home\Documents\McAfee Vaults
2022-02-25 13:25 - 2017-12-19 20:50 - 000001270 _____ C:\Users\Home\Desktop\Epic Games Launcher.lnk
2022-02-22 12:23 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-02-22 11:14 - 2020-09-02 08:07 - 000000000 ____D C:\Users\Home\AppData\Roaming\Zoom
==================== Files in the root of some directories ========
2016-06-03 13:57 - 2016-06-04 08:57 - 000000073 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
2020-03-18 17:38 - 2020-03-25 20:22 - 000000081 _____ () C:\Users\Home\AppData\Local\.bidstack.fault
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Last edited by a moderator:
sorry i dont know how to send it and two of the flies didnt show dnswaxhaw lavasoft web conpanionYour Speccy log shows signs of infection.
Please do the following.
Uninstall with Geek uninstaller the following programs.
ByteFence
Comodo GeekBuddy
Advanced-PC-Care
SlimCleaner Plus
DNSWAXHAW
DriverUpdate
Lavasoft\Web Companion
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
- Accept the default whitelist options,
- If the additions.txt options box is not checked please select it.
- Then select Scan
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
Please Attach the contents of these logs in your next post for review by our Security Team
Ok, I'll have a look at these logs, please do the following.
===================================================================
Adware Cleaner Scan.
Please download AdwCleaner by Xplode onto your desktop.
===================================================================
Adware Cleaner Scan.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Right Click on adwcleaner.exe and run as admin to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-11-18.1 (Local)
# Support: [URL]https://www.malwarebytes.com/support[/URL]
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-24-2022
# Duration: 00:00:36
# OS: Windows 10 Home
# Cleaned: 168
# Failed: 0
***** [ Services ] *****
Deleted GeekBuddyRSP
Deleted WCAssistantService
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Common Files\supportdotcom
Deleted C:\Program Files (x86)\DriverRestore
Deleted C:\Program Files (x86)\DriverUpdate
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\Yahoo!\yset
Deleted C:\ProgramData\Advancedpccare.net
Deleted C:\ProgramData\AppApcVerifier
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-PC-Care
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
Deleted C:\Users\Home\AppData\Local\Downloaded Installers
Deleted C:\Users\Home\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Home\AppData\Local\YSearchUtil
Deleted C:\Users\Home\AppData\Local\slimware utilities inc
Deleted C:\Users\Home\AppData\Roaming\Advancedpccare.net
Deleted C:\Users\Home\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\Home\AppData\Roaming\efo
Deleted C:\Users\Home\AppData\Roaming\supportdotcom
Deleted C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
Deleted C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booking .lnk
Deleted C:\Windows\System32\drivers\swdumon.sys
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\ADVANCED-PC-CARE_LOGON
Deleted C:\Windows\System32\Tasks\DNSWAXHAW
Deleted C:\Windows\System32\Tasks\DRIVERRESTORE_DAILYSCAN
Deleted C:\Windows\System32\Tasks\DRIVERRESTORE_SCHEDULEDSCAN
Deleted C:\Windows\System32\Tasks\DRIVERUPDATE SCAN
Deleted C:\Windows\System32\Tasks\DRIVERUPDATE STARTUP
Deleted C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home)
Deleted C:\Windows\Tasks\DRIVERUPDATE SCAN.JOB
Deleted C:\Windows\Tasks\DRIVERUPDATE STARTUP.JOB
Deleted C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job
***** [ Registry ] *****
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pricepeep.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\re-markit.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.pricepeep00.pricepeep.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\[URL='http://www.driverupdate.net']www.driverupdate.net[/URL]
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pricepeep.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\re-markit.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.pricepeep00.pricepeep.net
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.re-markit00.re-markit.co
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\[URL='http://www.driverupdate.net']www.driverupdate.net[/URL]
Deleted HKCU\Software\DriverRestore
Deleted HKCU\Software\ICSW1.22
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cmptch.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.cmptch.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6E0C56FF-56C2-4D00-BFB6-CC0F059A4DEC}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SlimCleaner Plus
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\SlimWare Utilities Inc
Deleted HKCU\Software\System Healer
Deleted HKCU\Software\advancedpccare.net
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6A093AFA-63B9-41F4-BFDA-1DDE04003121}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65DF8227-26BF-4D90-8E94-DC73D5303E9E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DAAD975-B933-479C-8083-5175D21F1250}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E263BF26-CA2A-4C1A-8D92-F883149BCD85}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCAC3F4F-5408-416C-8914-4EAFB4E4C54B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B7A9D7C-961E-47D6-9A60-78C01B2CA9B9}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65DF8227-26BF-4D90-8E94-DC73D5303E9E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A093AFA-63B9-41F4-BFDA-1DDE04003121}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DAAD975-B933-479C-8083-5175D21F1250}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91993843-3DD1-4766-A27F-6859C3474651}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E263BF26-CA2A-4C1A-8D92-F883149BCD85}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCAC3F4F-5408-416C-8914-4EAFB4E4C54B}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced-PC-Care_Logon
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSWAXHAW
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverRestore_DailyScan
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverRestore_ScheduledScan
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Startup
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - Home)
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
Deleted HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{055C7DA5-A1F5-41FB-932C-82474ED3487A}|DisplayName
Deleted HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{055C7DA5-A1F5-41FB-932C-82474ED3487A}|Publisher
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
Deleted HKLM\Software\5da059a482fd494db3f252126fbc3d5b
Deleted HKLM\Software\AppApcVerifier
Deleted HKLM\Software\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Deleted HKLM\Software\Classes\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}
Deleted HKLM\Software\Classes\CLSID\{959D527D-6C27-4879-A644-065526D6969C}
Deleted HKLM\Software\Classes\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted HKLM\Software\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Deleted HKLM\Software\DriverRestore
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WebBar Toolbar
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Driver Restore
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Deleted HKLM\Software\SLIMWARE UTILITIES, INC.
Deleted HKLM\Software\WebBar
Deleted HKLM\Software\Wow6432Node\5da059a482fd494db3f252126fbc3d5b
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6dcfe1eb-923e-481f-a411-bc96ff118bb4}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6dcfe1eb-923e-481f-a411-bc96ff118bb4}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6dcfe1eb-923e-481f-a411-bc96ff118bb4}|UninstallString
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7adbea9a}
Deleted HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Deleted HKLM\Software\advancedpccare.net
Deleted HKLM\Software\pcv-var
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{66caa6a7-0fa6-4799-9a05-dc92a8d9b557}|NameServer - "82.163.143.171,82.163.142.173"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a15ca902-8928-4cb6-bcd9-9425c859e0fc}|DhcpNameServer - "82.163.143.171"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a15ca902-8928-4cb6-bcd9-9425c859e0fc}|NameServer - "82.163.142.173"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a15ca902-8928-4cb6-bcd9-9425c859e0fc}|NameServer - "82.163.143.171"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c81c8dd9-efed-460b-aa13-7f4787e4778d}|DhcpNameServer - "82.163.143.171"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c81c8dd9-efed-460b-aa13-7f4787e4778d}|NameServer - "82.163.142.173"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c81c8dd9-efed-460b-aa13-7f4787e4778d}|NameServer - "82.163.143.171"
Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted HKLM\System\Setup\FirstBoot\Services\geekbuddyrsp
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
Deleted My Quick Converter - nlccbfofdgkhefnadicieoobmkeogcef
Deleted nladljmabboanhihfkjacnnkgjhnokhj
Deleted nladljmabboanhihfkjacnnkgjhnokhj
Deleted nladljmabboanhihfkjacnnkgjhnokhj
Deleted nlccbfofdgkhefnadicieoobmkeogcef
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [32795 octets] - [24/03/2022 17:49:36]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########[code]Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Code:
start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\MountPoints2: {c74bdcc6-322a-11e9-8349-d85de2b2cec6} - "F:\setup.exe"
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Home).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
C:\Program Files\SlimCleaner Plus
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{66caa6a7-0fa6-4799-9a05-dc92a8d9b557}: [NameServer] 82.163.143.171,82.163.142.173
Tcpip\..\Interfaces\{66caa6a7-0fa6-4799-9a05-dc92a8d9b557}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{67e88f71-0545-4369-a69e-bd88236228ff}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a15ca902-8928-4cb6-bcd9-9425c859e0fc}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{a15ca902-8928-4cb6-bcd9-9425c859e0fc}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{c81c8dd9-efed-460b-aa13-7f4787e4778d}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{c81c8dd9-efed-460b-aa13-7f4787e4778d}: [DhcpNameServer] 82.163.143.171
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (HUNTERxHUNTER バトルコレクション[ChromeApps版]) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakflelekebmlebbomibeiadkfbdkbad [2017-11-20]
CHR DefaultSearchURL: Profile 3 -> hxxps://search.yahoo.com/yhs/search?p={searchTerms}&hspart=comodo&hsimp=yhs-ccs&type=default
CHR DefaultSearchKeyword: Profile 3 -> Yahoo
CHR DefaultSuggestURL: Profile 3 -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Yahoo Partner) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm [2020-04-07]
C:\Program Files (x86)\Lavasoft
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29280 2021-02-05] (LAVASOFT SOFTWARE CANADA INC -> )
C:\Users\Home\AppData\Local\Temp\cpuz149
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2022-03-24] (SlimWare Utilities Inc. -> )
C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
2022-03-22 19:56 - 2022-03-22 19:58 - 329701425 _____ C:\Users\Home\Desktop\60731a82-6a2b-427d-9a43-6f72166081eb.tmp
C:\WINDOWS\Tasks\DriverUpdate Startup.job
DriverUpdate (HKLM-x32\...\{055C7DA5-A1F5-41FB-932C-82474ED3487A}) (Version: 2.7.11 - Slimware Utilities Holdings, Inc.) Hidden <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk:B021ADA33C [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3018]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk:8E766EDA31 [3018]
AlternateDataStreams: C:\Users\Home\Desktop\Epic Games Launcher.lnk:BE32D07BC5 [3018]
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FirewallRules: [{9F9FF943-7D2B-4947-95D5-0FB3EF952C61}] => (Allow) C:\Users\Home\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5FAE642B-97FB-48FA-9612-2A44CA3EBF3F}] => (Allow) C:\Users\Home\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{F86D960E-E514-42A0-9D2E-C81714413F1D}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_92\bin\javaw.exe => No File
FirewallRules: [TCP Query User{AD24E3AE-7C0A-4CFC-B797-11D4ACCA441A}C:\program files\java\jre1.8.0_92\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_92\bin\javaw.exe => No File
FirewallRules: [{4805B1E6-6536-4953-B720-54AA0015B6E4}] => (Allow) C:\Users\Home\AppData\Local\Programs\Opera\48.0.2685.50\opera.exe => No File
FirewallRules: [UDP Query User{84EF4332-43CD-438C-A828-EDD20033D558}C:\users\home\downloads\dbzeq2-f3\dragonballzeq2-f3.exe] => (Block) C:\users\home\downloads\dbzeq2-f3\dragonballzeq2-f3.exe => No File
FirewallRules: [TCP Query User{20B71606-2234-4D88-9CE1-CAB6FCAF32E4}C:\users\home\downloads\dbzeq2-f3\dragonballzeq2-f3.exe] => (Block) C:\users\home\downloads\dbzeq2-f3\dragonballzeq2-f3.exe => No File
FirewallRules: [{6DD7CD81-6921-4792-8268-C179BA031972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe => No File
FirewallRules: [{D2759F45-C7D3-400E-84D5-DBF04FB098FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe => No File
FirewallRules: [{B5A4D2B3-407E-460D-AD07-7995EB579715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe => No File
FirewallRules: [{7C5AF8AD-4E6A-4440-9844-B849339DC5A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe => No File
FirewallRules: [UDP Query User{15104587-DCBF-41F8-AA66-14676EF567AE}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B8F6F4C0-07F4-4731-8DAC-05981AB05AC1}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe => No File
FirewallRules: [{65894F3D-49AD-47F2-AECE-8B520EE8BCCD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File
FirewallRules: [UDP Query User{B2CF0C52-F636-4DB1-8664-FCCCD8B29EEB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{4D1E72A3-230D-4F2D-9982-620A5A5990E7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [{4A2B36E2-44E2-4D8B-A0E8-D1EDDADF61BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{EAA35814-D0E4-4D71-85E3-E1A259BDE0FC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{BA1FE18A-F8FE-48E8-A9AA-CB45F4228A17}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [{21C17C3A-07EB-464F-8960-1C9634981F4C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{4EF08BEE-1CDE-46BE-8C85-9C538D9029ED}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{0DCF8505-2BBB-4B96-8165-2B2C91DC90BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{CB7CBEA6-278C-4238-9EA6-4D39B8E36773}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{97E24037-BE70-4767-8DBD-B0E5078E4D53}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{14626AA8-E8C8-4086-A1E3-8454BDEAF82D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [TCP Query User{826464B1-1AB6-477A-8965-9B6CEE71BED1}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe => No File
FirewallRules: [UDP Query User{211E1A19-C7F7-4921-A968-706830D8AF9E}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FA19801C-1ED6-47BD-9F24-7A2F6B05A074}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DABBDED9-8BC2-428D-A3B6-8D4E93CF3B9F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{769941D2-39AC-42E6-9CE4-7E32C2E12A1A}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe => No File
FirewallRules: [UDP Query User{B144B9CC-05D0-418E-A2E3-C3FC15C133E7}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe => No File
FirewallRules: [{B9CC03E3-71B9-493D-8149-AB64838E7EBD}] => (Allow) C:\Users\Home\AppData\Local\Kingsoft\WPS Office\10.2.0.7646\office6\wpscloudsvr.exe => No File
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=7096_33720002005_4.32.424047.239_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {1E77D046-BE79-4F20-AA00-AE2F8ADCC571} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {6E0C56FF-56C2-4D00-BFB6-CC0F059A4DEC} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1362471941-3298207752-877008659-1001 -> {F4B72167-E815-4C1E-9F90-39058B9E6A46} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
C:\WINDOWS\system32\drivers\etc\hosts
hosts:
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1362471941-3298207752-877008659-1001\...\StartupApproved\Run: => "SlimCleaner Plus"
FirewallRules: [{F2468ED1-063F-4432-A16C-D88532887667}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D3DDB5A5-5EB3-4C3E-8CDE-F761E08F2E26}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C362EB6D-288F-456D-860D-2F7929E3A5D3}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6024C98D-68A4-4AF9-91EB-1AD989925485}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{154D07EB-B5D5-469D-836B-F1C1B890EE5A}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{25D0566C-247E-468E-9A1D-72A0DE1659A7}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {0B7A9D7C-961E-47D6-9A60-78C01B2CA9B9} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.) <==== ATTENTION
Task: {8F279014-A0FC-43B1-B962-3B1577507755} - System32\Tasks\HomeMusicallyDoggerV2 => rundll32.exe CreditGeneric.dll,main 7 1 <==== ATTENTION
Task: {DCA6AA10-7AE9-4E05-A096-6846D4D39276} - System32\Tasks\{ED5E31C4-AC10-2186-59C1-78BCCE3C3156} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\7adbea9a\2294f08d.dll" <==== ATTENTION
Task: {E263BF26-CA2A-4C1A-8D92-F883149BCD85} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.) <==== ATTENTION
S3 cpuz149; C:\Users\Home\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2022-03-22] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
C:\Program Files (x86)\DriverUpdate
C:\PROGRA~3\7adbea9a\2294f08d.dll
C:\PROGRA~3\7adbea9a
C:\Program Files\SlimCleaner Plus
C:\Program Files\Advanced-PC-Care
C:\Program Files (x86)\DriverRestore
Task: {E263BF26-CA2A-4C1A-8D92-F883149BCD85} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [29619384 2017-07-19] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.) <==== ATTENTION
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe (No File)
Task: {194E940D-1882-43BA-9B6D-5AF00E0F88B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {38901636-5308-4902-922A-03830F081242} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe /schedulescan (No File) <==== ATTENTION
Task: {65DF8227-26BF-4D90-8E94-DC73D5303E9E} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe -dailyScan (No File) <==== ATTENTION
Task: {686F6670-B0C4-4815-87F2-6B3D56DA21B8} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe /a (No File) <==== ATTENTION
Task: {6A093AFA-63B9-41F4-BFDA-1DDE04003121} - System32\Tasks\DNSWAXHAW => dnswaxhaw.exe /Scheduled (No File) <==== ATTENTION
Task: {85553577-BBEC-4CC6-8052-B14BEEE9D479} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {86322359-800E-49C1-8742-D22EA409EE59} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8DAAD975-B933-479C-8083-5175D21F1250} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Home) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /doScheduledScan (No File)
Task: {91993843-3DD1-4766-A27F-6859C3474651} - System32\Tasks\Advanced-PC-Care_Logon => C:\Program Files\Advanced-PC-Care\apc.exe startuplaunch (No File) <==== ATTENTION
Task: {9532D7E5-EAAE-425F-9E5A-DDE0CE209D60} - \WPD\SqmUpload_S-1-5-21-1362471941-3298207752-877008659-1001 -> No File <==== ATTENTION
Task: {B6EE3932-485F-48FD-9D2A-49168D9E4AE6} - System32\Tasks\HPCheckDropBoxStatus => c:\hp\HPQWare\DropBox\HPAppDetector.exe #launch (No File)
Task: {B9F376AF-2000-45FD-AC47-586E6A8FC872} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BD42C330-B81F-488A-A111-CD1DC1708A57} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BDF0FDA7-4443-47C3-9082-354A16719EC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {FB060E64-AA40-45F2-8944-FF86A2F46C54} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FCAC3F4F-5408-416C-8914-4EAFB4E4C54B} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe -scheduled (No File) <==== ATTENTION
Task: {FF899FE5-AACD-4182-A19E-B9AE13EBA1AD} - System32\Tasks\Opera scheduled Autoupdate 1513740553 => C:\Users\Home\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {FFA07FC6-BFC7-47B6-A466-1EBE26C3286F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
StartBatch:
del /s /q C:\Windows\SoftwareDistribution\download\*.*
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\temp\*.*"
ipconfig /flushdns
endbatch:
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End:- Status