Solved Tricky Malware/virus that I can't remove

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
I'm not the best at computer security, usually quite lazy about it but I try to be careful but clicked on something that I shouldn't have. I tried a few Malware removal programs (Avast, MalwareBytes and BitDefender) but none of them worked. I keep getting popups saying the computer is infected and to run system scan, etc.
I would appreciate any assistance that could be provided.

I have done the pre-work, downloaded the FRST 64 and ran the system scan. All have been downloaded/saved to the desktop.

I will copy and paste the contents of the FRST and addition txt files in my reply to this initial post.
 

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-04-2021
Ran by Samantha Karnes (administrator) on SAMANTHA (TOSHIBA Satellite C55D-B) (16-04-2021 08:38:05)
Running from C:\Users\Samantha Karnes\Desktop
Loaded Profiles: Samantha Karnes
Platform: Windows 10 Home Version 2004 19041.928 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Bose Corporation -> Bose Corporation) C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE
(Compal Electronics, Inc. -> TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe <2>
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google) C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\SwReporter\89.259.200\software_reporter_tool.exe <4>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Samantha Karnes\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-06-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (Compal Electronics, Inc. -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\Run: [Bose Updater] => C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE [414552 2021-03-27] (Bose Corporation -> Bose Corporation)
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Samantha Karnes\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Samantha Karnes\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\RunOnce: [Uninstall 21.052.0314.0001\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samantha Karnes\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\amd64"
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\RunOnce: [Uninstall 21.052.0314.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samantha Karnes\AppData\Local\Microsoft\OneDrive\21.052.0314.0001"
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\MountPoints2: {b8fb6b3e-0f51-11eb-8323-4cbb5866d705} - "E:\OnePlus_setup.exe" /s
HKLM\...\Windows x64\Print Processors\Canon MX490 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCK.DLL [30208 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX490 series: C:\WINDOWS\system32\CNCALCK.DLL [303104 2014-09-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX490 series: C:\WINDOWS\system32\CNMLMCK.DLL [406528 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON WF-2540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMIUE.DLL [120320 2015-01-06] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.72\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BDF9F0-72F8-43DD-98D7-2357923F8C00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-13] (Google Inc -> Google Inc.)
Task: {104E543A-DAB9-4779-B595-8AEC0B77D247} - \WPD\SqmUpload_S-1-5-21-316880295-4286440006-4187134797-1001 -> No File <==== ATTENTION
Task: {17BDE72D-73AC-4B64-8BF6-C86D521BDB9E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2763E001-CF8D-432A-9D8B-87EB4D4A621E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38E4C892-700E-413C-9B9F-3181F47A154E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {3B244C4E-942A-4C37-B537-222484FC2408} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4C77DABD-BC2C-4ABD-87B4-89F29BD6003E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4F33D887-7D1E-4D4E-8BD2-A39F920C0F01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-13] (Google Inc -> Google Inc.)
Task: {4FBE1633-37C9-40D6-A2A7-860515D0E76D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {6172A990-3C78-4E71-B197-01B43205C717} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {6497BC44-9271-445D-BF1D-7D6E3F6E7AAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {66CCAF17-0997-41D6-A177-4BA55115A843} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [699496 2013-09-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {700A4F00-4433-4EF6-9F59-A8EF9FADC4E0} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {70A7D578-496B-4176-A2EF-0C9B0BE8CE44} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {741CED75-6E12-4CCE-B18E-96CA43706AC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7F92E1B2-04E2-4538-8EA4-CB0ECC2A0F95} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {851F745D-7E2A-4804-B640-E867C7C8E191} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {85825ECF-F972-40F9-B74F-FF0B0A6C6DDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {94180BDD-2A23-4EC0-8F43-C3D059897F5C} - System32\Tasks\{8FBC408D-7A98-49A0-B52F-ABD4D2DA31C3} => "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {B1816D01-D227-4783-A8B2-45C56E2DCAFB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B48B9F69-8581-40BA-B351-06BC99E0935B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BC7EB884-DF6B-4B59-AB6D-4D0B211B91CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)
Task: {C73F12F8-8144-4655-B68E-80DEFD36EDF3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {CCE89503-2E05-465A-B9AA-C2A723F45359} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D84F54C6-ACE2-4728-85F9-9409D7A1A3CA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D8D09AAC-7220-47C9-ACF5-833EC074CCF6} - System32\Tasks\Pokki => C:\Users\Samantha Karnes\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {E4A77E7F-DD03-4980-9D8B-E5948D3DEF08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{37c530e7-186d-44b4-b753-6b27bcd6789a}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{e301b961-b921-494f-b828-e0c62aa8ca74}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-16]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (Read&Write for Microsoft Edge™) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjglhpoliipklkfjcahfefdlfpifcinb [2021-04-14]
Edge Extension: (Skype Calling) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2020-08-27]
Edge Extension: (Save to Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2021-04-14]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-04-14]
Edge Extension: ((Deprecated) G Suite Training) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2020-08-27]
Edge Extension: (uBlock Plus Adblocker) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2020-08-27]

FireFox:
========
FF DefaultProfile: 2ymu52ic.default
FF ProfilePath: C:\Users\Samantha Karnes\AppData\Roaming\Mozilla\Firefox\Profiles\2ymu52ic.default [2016-06-11]
FF Homepage: Mozilla\Firefox\Profiles\2ymu52ic.default -> hxxps://links.malwarebytes.com/link/restorebrowser?lic=trial&product=MBAM-C/?s=toshibaupd&m=start
FF Extension: (New Tab by Yahoo) - C:\Users\Samantha Karnes\AppData\Roaming\Mozilla\Firefox\Profiles\2ymu52ic.default\Extensions\[email protected] [2015-08-06] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-05] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
Chrome:
=======
CHR DefaultProfile: Profile 5
CHR Profile: C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-08-16]
CHR HomePage: Profile 1 -> hxxps://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Extension: (Google Slides) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-30]
CHR Extension: (Google Docs) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-30]
CHR Extension: (Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-30]
CHR Extension: (YouTube) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-30]
CHR Extension: (Google Search) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-30]
CHR Extension: (Google Sheets) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-30]
CHR Extension: (Google Wallet) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-30]
CHR Extension: (Gmail) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-30]
CHR Profile: C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-05-16]
CHR Notifications: Profile 3 -> hxxps://calendar.google.com; hxxps://drive.google.com; hxxps://drive.google.com
CHR HomePage: Profile 3 -> hxxp://www.google.com
CHR StartupUrls: Profile 3 -> "hxxp://www.google.com"
CHR Extension: (Google Slides) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-17]
CHR Extension: (Google Docs) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17]
CHR Extension: (Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-24]
CHR Extension: (YouTube) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-24]
CHR Extension: (Google Search) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-17]
CHR Extension: (Fluency Tutor® for Google™) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ejajakfhhhhkifioabcekjjlhpoiijfa [2016-05-15]
CHR Extension: (Google Sheets) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-17]
CHR Extension: (Google Docs Offline) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
CHR Extension: (Skype) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-09]
CHR Extension: (Google Drawings) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-24]
CHR Extension: (Gmail) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR Profile: C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4 [2015-08-19]
CHR HomePage: Profile 4 -> hxxp://www.google.com/
CHR StartupUrls: Profile 4 -> "hxxp://www.google.com/","hxxps://www.google.com/","hxxp://homepage-web.com/?s=toshibaupd&m=start","hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 4 -> hxxps://secure.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
CHR DefaultSearchKeyword: Profile 4 -> homepage-web.com
CHR Extension: (Google Slides) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-17]
CHR Extension: (Genius Memory) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\amkoinfmlfndmileeeldconamokemeck [2015-08-13]
CHR Extension: (Google Docs) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17]
CHR Extension: (Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-17]
CHR Extension: (Newsela) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bfpeiapdhnegnfcfkdfihabadngjagfj [2015-08-13]
CHR Extension: (YouTube) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-17]
CHR Extension: (HeyMath! from Singapore) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bmdjlopjfiefjfljahkmchhddomllahg [2015-08-13]
CHR Extension: (ScootPad) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\boihgpoojeingjbbdjmoocbdibophjap [2015-08-13]
CHR Extension: (Google Search) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-17]
CHR Extension: (Drive Template Gallery) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\edccfahmoapjmcaahncgcekjodejmhkg [2015-08-13]
CHR Extension: (Movenote for Education) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fdhhpolibfeihcdjjgkkoihbdbioejmh [2015-08-13]
CHR Extension: (Google Sheets) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-17]
CHR Extension: (VocabularySpellingCity) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gnbihkjgkedgkepcakdjcnbicklpgfpm [2015-08-13]
CHR Extension: (Sight Words) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ikmpccnfemdkmmoejgmdajnkbidifpgh [2015-08-13]
CHR Extension: (SCRABBLE) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\iljoafdgpoffcjdhggphghbangpfepgd [2015-08-13]
CHR Extension: (Read&Write for Google™) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2015-08-13]
CHR Extension: (MeeGenius! Children's Books) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\jhfhmaajajcjoijfaceafiembkmhcddc [2015-08-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-17]
CHR Extension: (Simple Calc) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mhlialinbkjpnaoeofdfhgglolojllfh [2015-08-13]
CHR Extension: (Trickster Spades) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nlhnjghikagjnjoeffanodfekebkplab [2015-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-16]
CHR Extension: (TypingClub) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2015-08-13]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-08-13]
CHR Extension: (Blackjack) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\olecjbcfpapaempgmfdhhckhcggephpp [2015-08-13]
CHR Extension: (Dolch Sight Words) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\onleehglkpphjodfgbfipekkojffjkhl [2015-08-13]
CHR Extension: (Khan Academy) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2015-08-13]
CHR Extension: (Cacoo - Diagramming & Real-Time Collaboration) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pcflmbddgcmomcfngehfhlajjapabojh [2015-08-13]
CHR Extension: (Gmail) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR Extension: (Hapara Teacher Dashboard for Google Apps) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkimffcemlhioogdhaflfefoklamojgh [2015-08-13]
CHR Profile: C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5 [2021-04-16]
CHR Notifications: Profile 5 -> hxxp://dualsport-sd.com; hxxps://dualsport-sd.com; hxxps://mail.google.com; hxxps://thevideo.me; hxxps://topcaptchasolver.com; hxxps://web.skype.com; hxxps://www.batteriesplus.com; hxxps://www.facebook.com
CHR HomePage: Profile 5 -> hxxp://www.google.com/
CHR StartupUrls: Profile 5 -> "hxxp://www.google.com"
CHR Extension: (Slides) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (Skype Calling) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-02-01]
CHR Extension: (Google Search) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Sheets) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-08]
CHR Extension: (Save to Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2021-04-08]
CHR Extension: ((Deprecated) G Suite Training) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2019-10-13]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2021-04-08]
CHR Extension: (Google Forms) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-11-09]
CHR Extension: (Skype) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-10]
CHR Extension: (Google Drawings) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2020-01-03]
CHR Extension: (Gmail) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]
CHR Profile: C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 7 [2018-06-18]
CHR Notifications: Profile 7 -> hxxp://dualsport-sd.com; hxxps://www.facebook.com
CHR DefaultSearchURL: Profile 7 -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Profile 7 -> Yahoo
CHR DefaultSuggestURL: Profile 7 -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Yahoo Partner) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2018-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-26]
CHR Extension: (AdBlock) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-06-15]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2018-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR Profile: C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Profile 8 [2016-06-19]
CHR Profile: C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\System Profile [2016-06-19]
CHR Extension: (Google Slides) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-30]
CHR Extension: (Google Docs) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-30]
CHR Extension: (Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-18]
CHR Extension: (YouTube) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-30]
CHR Extension: (Google Search) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-30]
CHR Extension: (Google Sheets) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-30]
CHR Extension: (Gmail) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-30]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-22] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc. -> Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2461792 2019-03-27] (Bitdefender SRL -> Bitdefender)
R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe [615776 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] (DTS, Inc. -> )
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S2 TSDSettingService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\dynabookSystemService.exe [44767048 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
S2 TSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\TOSTABSYSSVC.exe [296272 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 TSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe [446248 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236128 2020-11-26] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [559200 2021-04-02] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240352 2020-11-26] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [47816 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
R3 tosrfec; C:\WINDOWS\System32\drivers\tosrfec.sys [37808 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\TosSrvCtlDrv.sys [25816 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)
S0 TVALZ; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
R0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420072 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-16 08:38 - 2021-04-16 08:42 - 000039470 _____ C:\Users\Samantha Karnes\Desktop\FRST.txt
2021-04-16 08:35 - 2021-04-16 08:40 - 000000000 ____D C:\FRST
2021-04-16 08:31 - 2021-04-16 08:32 - 002298368 _____ (Farbar) C:\Users\Samantha Karnes\Desktop\FRST64.exe
2021-04-14 18:09 - 2021-04-14 18:09 - 000088428 _____ C:\ProgramData\agent.update.1618448903.bdinstall.v2.bin
2021-04-14 15:03 - 2021-04-14 15:03 - 000001203 _____ C:\Users\Samantha Karnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2021-04-14 15:02 - 2021-04-14 15:02 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-04-14 14:58 - 2020-12-18 02:37 - 000022976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-04-14 14:56 - 2021-04-14 14:56 - 000001218 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2021-04-14 14:56 - 2021-02-26 18:31 - 000641728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-04-14 14:55 - 2021-04-14 14:55 - 000000000 ____D C:\ProgramData\Bitdefender
2021-04-14 14:55 - 2020-02-03 16:53 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2021-04-14 14:54 - 2021-02-26 13:40 - 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-04-14 14:54 - 2020-12-04 15:15 - 000802976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-04-14 14:54 - 2020-10-20 13:18 - 000386800 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\vlflt.sys
2021-04-14 14:53 - 2021-02-16 15:31 - 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-04-14 14:31 - 2021-04-16 08:46 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-04-14 14:30 - 2021-04-14 14:30 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-04-14 14:29 - 2021-04-14 14:29 - 000116636 _____ C:\ProgramData\agent.1618435725.bdinstall.v2.bin
2021-04-14 14:28 - 2021-04-14 18:09 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-04-14 14:28 - 2021-04-14 14:28 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-04-14 14:27 - 2021-04-14 14:27 - 013543384 _____ C:\Users\Samantha Karnes\Downloads\bitdefender_online.exe
2021-04-13 22:49 - 2021-04-13 22:53 - 000938756 _____ C:\WINDOWS\Minidump\041321-39468-01.dmp
2021-04-13 20:16 - 2021-04-13 20:16 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-13 20:14 - 2021-04-13 20:14 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-13 20:13 - 2021-04-13 20:13 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-11 07:47 - 2021-04-11 07:47 - 000000000 ____D C:\Program Files\Avast Software
2021-04-11 07:46 - 2021-04-14 14:39 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-08 13:33 - 2021-04-08 13:33 - 000001313 _____ C:\Users\Samantha Karnes\Downloads - Shortcut.lnk
2021-04-08 09:31 - 2021-04-08 09:31 - 000000000 ____D C:\Users\Samantha Karnes\AppData\Local\mbam
2021-03-27 17:44 - 2021-03-27 17:44 - 000000000 ____D C:\Program Files (x86)\Bose Updater

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-16 08:35 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-16 08:00 - 2015-03-29 14:11 - 000000000 ____D C:\Users\Samantha Karnes\AppData\Local\CrashDumps
2021-04-16 07:54 - 2020-10-06 18:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-16 07:18 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-16 07:18 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-16 07:17 - 2020-08-27 13:58 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 07:17 - 2020-08-27 13:58 - 000002287 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-15 18:46 - 2015-03-13 17:35 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-15 07:45 - 2020-10-06 19:06 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-316880295-4286440006-4187134797-1001
2021-04-15 07:45 - 2020-10-06 18:33 - 000002404 _____ C:\Users\Samantha Karnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-15 07:45 - 2015-03-13 17:05 - 000000000 ___RD C:\Users\Samantha Karnes\OneDrive
2021-04-14 18:41 - 2015-09-17 21:48 - 000000000 ___HD C:\Users\Samantha Karnes\AppData\Local\0fa5a48f5b9676cf
2021-04-14 15:02 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-14 15:02 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-14 14:53 - 2020-10-06 18:48 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-14 14:53 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-14 14:48 - 2020-10-06 19:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-14 14:48 - 2020-09-14 20:51 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-14 14:47 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-14 14:47 - 2017-07-29 20:13 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-04-14 14:36 - 2020-10-06 18:33 - 000000000 ____D C:\Users\Samantha Karnes
2021-04-13 22:54 - 2020-11-18 17:01 - 000000000 ____D C:\WINDOWS\Minidump
2021-04-13 22:49 - 2020-05-08 06:57 - 485690090 _____ C:\WINDOWS\MEMORY.DMP
2021-04-13 21:11 - 2020-10-06 18:25 - 000257904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-13 21:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-13 20:31 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-13 20:12 - 2020-10-06 18:28 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-13 18:44 - 2015-03-15 09:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-13 18:44 - 2015-03-15 09:35 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-12 21:08 - 2020-10-06 19:06 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-12 21:08 - 2020-10-06 19:06 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-08 09:53 - 2014-08-11 01:46 - 000000000 ____D C:\Program Files (x86)\Amazon
2021-03-17 06:39 - 2020-10-06 09:44 - 000000000 ____D C:\Users\Samantha Karnes\Desktop\manuals

==================== Files in the root of some directories ========

2015-08-16 18:48 - 2015-10-17 08:48 - 000000184 _____ () C:\Users\Samantha Karnes\AppData\Roaming\WB.CFG

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2021
Ran by Samantha Karnes (16-04-2021 08:49:51)
Running from C:\Users\Samantha Karnes\Desktop
Windows 10 Home Version 2004 19041.928 (X64) (2020-10-07 02:08:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-316880295-4286440006-4187134797-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-316880295-4286440006-4187134797-503 - Limited - Disabled)
Guest (S-1-5-21-316880295-4286440006-4187134797-501 - Limited - Disabled)
Samantha Karnes (S-1-5-21-316880295-4286440006-4187134797-1001 - Administrator - Enabled) => C:\Users\Samantha Karnes
WDAGUtilityAccount (S-1-5-21-316880295-4286440006-4187134797-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{99213849-249E-7726-EBA7-ADFCA48E2246}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.234 - Bitdefender)
Blackmagic RAW Common Components (HKLM\...\{9F59876B-1EE7-4708-B704-2FC1CF7EBFBB}) (Version: 2.0 - Blackmagic Design)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bose Updater (HKLM-x32\...\Bose Updater) (Version: 7.0.27.4971 - Bose Corporation)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{D9D60A2E-9FFB-4056-8ECD-FF56ADF91268}) (Version: 17.0.00010 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{2BBEAC75-618E-4C99-A00B-27D4551E30AC}) (Version: 1.4.0.0 - Blackmagic Design)
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.72 - Google LLC)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
PSP Application (HKLM\...\{8DB698FB-2E57-A223-0169-911CA8736440}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SPOT X 2.2.16 (HKLM-x32\...\8832-7504-9188-3356) (Version: 2.2.16 - Globalstar Inc.)
System Requirements Lab Detection (HKLM-x32\...\{5CAA5DEA-E079-4DC1-8E21-E30AC0F92DA8}) (Version: 6.1.1.0 - Husdawg, LLC)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.0.6404 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-07-03] (WildTangent Games)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-21] (Amazon.com)
Book Place by Toshiba -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8t [2015-03-13] (K-NFB Reading Technologies, Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.3.30.0_x86__kgqvnymyfvs32 [2021-03-25] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.191.500.0_x86__kgqvnymyfvs32 [2021-04-15] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Deals & Offers -> C:\Program Files\WindowsApps\2B24874D.DealsOffers_1.0.0.4_neutral__v10edqkhnj0dg [2015-03-13] (Synacor, Inc.)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.8.15.0_x86__h6adky7gbf63m [2021-03-25] (Gameloft SE)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-03-17] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.11.5.0_x86__q4d96b2w5wcc2 [2021-04-15] (Evernote)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6 [2021-04-12] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HULULLC.HULUPLUS_3.1.0.0_neutral__fphbd361v8tya [2021-04-07] (Hulu.)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_7.0.40.0_x64__a76a11dkgb644 [2021-02-26] (iHeartMedia.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-07-03] (AMZN Mobile LLC)
Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.35.0_x64__679ekb9hp1h62 [2020-10-19] (sMedio)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-07] (Microsoft Corporation)
Texture - Unlimited Magazines -> C:\Program Files\WindowsApps\NextIssue.NextIssueMagazines_1.6.1.0_x64__91pt4qm2m3xcw [2015-12-16] (NEXT ISSUE MEDIA LLC)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.3.0.4_neutral__r8x1fxsdcnpjw [2015-05-16] (Toshiba America Information Systems, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-02-28] (Microsoft Corporation)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-03-14] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing -> WinZip Computing, S.L.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Samantha Karnes\Desktop\Tom's - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\Samantha Karnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple Calc.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=mhlialinbkjpnaoeofdfhgglolojllfh
ShortcutWithArgument: C:\Users\Samantha Karnes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Teresa - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) =============

2021-03-27 17:44 - 2021-03-27 17:44 - 000783360 _____ () [File not signed] C:\Program Files (x86)\Bose Updater\aws-cpp-sdk-core.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 002565632 _____ () [File not signed] C:\Program Files (x86)\Bose Updater\aws-cpp-sdk-s3.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-01-03 20:24 - 2015-01-03 20:24 - 000080384 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-11-10 19:11 - 2014-11-10 19:11 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll
2015-09-04 16:34 - 2015-09-04 16:34 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 001192960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\platforms\QWINDOWS.DLL
2021-03-27 17:44 - 2021-03-27 17:44 - 005087232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Core.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 005353984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Gui.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 001042944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Network.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 000065536 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5SerialPort.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 004532224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Widgets.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 000147456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Xml.dll
2015-09-04 16:42 - 2015-09-04 16:42 - 001367040 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130864035533835738&GUID=778C143C-93F0-45E8-BB78-DF6B1BF25D4F
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-316880295-4286440006-4187134797-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-316880295-4286440006-4187134797-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-316880295-4286440006-4187134797-1001 -> {6D47BB83-E72E-463F-BFDA-4CD3D01BB08A} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-316880295-4286440006-4187134797-1001 -> {824DBE53-0822-43C5-95C6-F72AE17DE611} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\;C:\Android;C:\Windows\System32
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Samantha Karnes\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img3.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BEEC5BCF-9240-4926-B76E-9004CA61DD47}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{6A627F80-EF6E-4513-95D3-5B59A3E2E8BF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{81EBD09B-4D49-4A49-B02B-9BC73F44F8C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C95DCD01-79D9-4986-AA21-D426B213C9C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{3E67A291-EE3D-4364-88A2-5404E93294FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{483F86F0-12C1-4AED-88FE-BD4F60124DBD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{5C6D6C61-5F78-42C3-A8B8-0521532F9477}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{55FB36DB-FB57-42EB-BDE0-97BF69D7616F}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe => No File
FirewallRules: [UDP Query User{1BE67A63-3E85-4C98-9C9D-A1F53A808350}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe => No File
FirewallRules: [{848B24E1-0F49-4BCB-AEF1-B58590C147FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe => No File
FirewallRules: [{65420A5D-4B35-4306-BEBD-1CD6A8C8F759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe => No File
FirewallRules: [{D8B6F726-910D-4429-8D40-766B59C0E68F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe => No File
FirewallRules: [{0E654C25-0E72-406A-9105-105CE7E5EA12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe => No File
FirewallRules: [{46DA2C30-C532-4043-95C9-1413C88714C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nancy Drew Danger on Deception Island\Game.exe => No File
FirewallRules: [{591AD063-663F-4D9A-ADB9-6FDE9E1A01B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nancy Drew Danger on Deception Island\Game.exe => No File
FirewallRules: [{A4C05EAC-82C4-4251-A620-CBB8D9FB5E97}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe => No File
FirewallRules: [{C38B7A7E-BE7C-4AB7-9794-60139328EF39}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe => No File
FirewallRules: [{8D752C19-A0AA-45F2-89C8-8C9AB34F3A7E}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe => No File
FirewallRules: [{6E954559-1116-48F6-AFAB-99618367E175}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe => No File
FirewallRules: [{72EE18AD-34EA-4AE1-9F49-04F1B8F97B09}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B47A9D7-4713-4548-B781-4D62D94840EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{01BE350E-E914-4FFD-B20F-D39954449522}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D79504FB-7646-4EF0-A1D5-EE249F99B1B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{F0169275-30A4-42CA-98D1-473D225739F9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{089198F2-3BA4-42A0-B081-60AA15C9893D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{429939FB-EDBA-4F41-A814-4C8509477482}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{24511828-0689-4C33-87F9-CD803540E61C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C6E139B5-5012-431D-B399-2C944558DA38}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{DF896B67-B729-449C-BA43-4FE593315A5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3AD38607-DECE-4E7D-8BAB-B008451CA1BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{4FAAC453-4564-4EDC-B1F2-A547D62ACF35}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{CDC4C8A9-3D1A-415C-A71C-A502FD9E573C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{BADC60E7-E0FD-47F8-8AFD-A00843DECB70}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{D261034A-CFEB-4FA6-A5F7-E95C3894C827}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe () [File not signed]
FirewallRules: [{4C4C1319-9039-47E2-9268-BC73CD0720AD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe () [File not signed]
FirewallRules: [{6CE11249-3308-4D0C-8910-D859F9C4C4ED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe () [File not signed]
FirewallRules: [{F53C3F6A-64FC-4EFB-B61F-09AFD8D777DC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe () [File not signed]
FirewallRules: [{5B1C7BEC-E90B-40C1-9A22-8143855E3970}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe () [File not signed]
FirewallRules: [{904786C6-365B-4B91-B57C-FFF59E51EBDD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{4E9A2E68-2B44-4C55-94FF-0B1C9819A5C1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{30C53863-1829-4653-A6C8-D3F7036D22DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe () [File not signed]
FirewallRules: [{23848001-1C49-4799-93D2-894F75232BE3}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [TCP Query User{7E8BA0DA-704A-4137-BA36-4A73FD72BDF5}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe () [File not signed]
FirewallRules: [UDP Query User{D85F524C-B912-4453-8D66-DA19B3888BF4}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe () [File not signed]
FirewallRules: [TCP Query User{0C70A227-3E56-4C3B-90E8-3986C38D305E}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [UDP Query User{79CDF88D-9FD7-479B-BF58-D58CCEEE7DC4}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [TCP Query User{7138EEB9-F869-4800-A1FF-2C6CCFE252C2}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [UDP Query User{A2321F27-1966-4FE0-9707-741EED233A96}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{C69E7AA5-CD21-4884-8FB0-649EF3FC1101}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{665435E5-454C-4865-A2F1-D05B3FBC8090}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B483307-5C24-4A1F-AD96-46A6748EB6A5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0CDFE3E-8AE3-488A-8FA3-D94B2DFB014C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{02EAA01B-28F9-4942-81A8-AFE14927DFC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

25-03-2021 10:25:06 Scheduled Checkpoint
03-04-2021 23:11:48 Scheduled Checkpoint
12-04-2021 22:14:08 Scheduled Checkpoint
13-04-2021 19:11:19 Windows Modules Installer
13-04-2021 19:30:30 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/16/2021 07:58:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x1348
Faulting application start time: 0x01d732d0c5819027
Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 448d3f9e-7f49-4b5e-a7f3-28b752f1db50
Faulting package full name:
Faulting package-relative application ID:

Error: (04/15/2021 02:58:14 PM) (Source: Adaptive Sleep Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/14/2021 07:13:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x205c
Faulting application start time: 0x01d7319ce878085d
Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 3f5c49cb-bae9-414a-90e3-908cc756c0d9
Faulting package full name:
Faulting package-relative application ID:

Error: (04/14/2021 06:51:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.19041.746, time stamp: 0x230d5cd6
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0xc44
Faulting application start time: 0x01d73199cd2356d7
Faulting application path: C:\Windows\System32\SystemSettingsBroker.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 9c246fdb-591a-4f58-9d8a-c60ed3d9b20e
Faulting package full name:
Faulting package-relative application ID:

Error: (04/14/2021 03:02:01 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.

Error: (04/14/2021 02:47:34 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/14/2021 02:47:29 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/14/2021 02:47:24 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.


System errors:
=============
Error: (04/15/2021 12:18:44 AM) (Source: DCOM) (EventID: 10010) (User: SAMANTHA)
Description: The server microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (04/14/2021 02:47:24 PM) (Source: DCOM) (EventID: 10010) (User: SAMANTHA)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (04/14/2021 02:47:24 PM) (Source: DCOM) (EventID: 10010) (User: SAMANTHA)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (04/14/2021 02:36:24 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (04/14/2021 02:36:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/14/2021 02:36:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/14/2021 02:36:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/14/2021 02:36:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Windows Defender:
================
Date: 2021-04-07 23:07:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-06 23:07:43
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-05 23:07:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-04 23:07:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-03 23:07:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-25 08:05:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.333.773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17900.7
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2021-04-16 07:15:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\265232484547332704\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2021-04-16 07:05:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\265232484547332704\antimalware_provider64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: TOSHIBA 1.30 06/06/2014
Motherboard: TOSHIBA ZBWAE
Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics
Percentage of memory in use: 87%
Total physical RAM: 3518.88 MB
Available physical RAM: 452.46 MB
Total Virtual: 5502.88 MB
Available Virtual: 826.19 MB

==================== Drives ================================

Drive c: (TI10702900A) (Fixed) (Total:454.29 GB) (Free:365.8 GB) NTFS
Drive d: (MK5020) (CDROM) (Total:1.47 GB) (Free:0 GB) CDFS

\\?\Volume{b404f933-2997-11e4-8225-201a06d8cd53}\ (System) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS
\\?\Volume{6b3cf120-3e6b-4272-953d-20d2663bdee1}\ () (Fixed) (Total:0.9 GB) (Free:0.38 GB) NTFS
\\?\Volume{44a6c4d6-97ab-11e4-a554-f0761c8a6858}\ (Recovery) (Fixed) (Total:9.35 GB) (Free:0.96 GB) NTFS
\\?\Volume{b404f939-2997-11e4-8225-201a06d8cd53}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,382
532
PCHF Bunker
pchelpforum.net
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    9.7 KB · Views: 1

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
Thank you so far for your assistance and patience with this matter. I have performed the requested actions and will copy/paste the information below.

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Samantha Karnes (18-04-2021 14:17:53) Run:1
Running from C:\Users\Samantha Karnes\Desktop
Loaded Profiles: Samantha Karnes
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {104E543A-DAB9-4779-B595-8AEC0B77D247} - \WPD\SqmUpload_S-1-5-21-316880295-4286440006-4187134797-1001 -> No File <==== ATTENTION
Task: {17BDE72D-73AC-4B64-8BF6-C86D521BDB9E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2763E001-CF8D-432A-9D8B-87EB4D4A621E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3B244C4E-942A-4C37-B537-222484FC2408} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4C77DABD-BC2C-4ABD-87B4-89F29BD6003E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6497BC44-9271-445D-BF1D-7D6E3F6E7AAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {700A4F00-4433-4EF6-9F59-A8EF9FADC4E0} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {70A7D578-496B-4176-A2EF-0C9B0BE8CE44} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {741CED75-6E12-4CCE-B18E-96CA43706AC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7F92E1B2-04E2-4538-8EA4-CB0ECC2A0F95} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {851F745D-7E2A-4804-B640-E867C7C8E191} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B1816D01-D227-4783-A8B2-45C56E2DCAFB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B48B9F69-8581-40BA-B351-06BC99E0935B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C73F12F8-8144-4655-B68E-80DEFD36EDF3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {CCE89503-2E05-465A-B9AA-C2A723F45359} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D84F54C6-ACE2-4728-85F9-9409D7A1A3CA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E4A77E7F-DD03-4980-9D8B-E5948D3DEF08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CHR StartupUrls: Profile 4 -> "hxxp://www.google.com/","hxxps://www.google.com/","hxxp://homepage-web.com/?s=toshibaupd&m=start","hxxps://www.google.com/"
FirewallRules: [{BEEC5BCF-9240-4926-B76E-9004CA61DD47}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{6A627F80-EF6E-4513-95D3-5B59A3E2E8BF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{C95DCD01-79D9-4986-AA21-D426B213C9C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{3E67A291-EE3D-4364-88A2-5404E93294FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{483F86F0-12C1-4AED-88FE-BD4F60124DBD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{5C6D6C61-5F78-42C3-A8B8-0521532F9477}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{55FB36DB-FB57-42EB-BDE0-97BF69D7616F}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe => No File
FirewallRules: [UDP Query User{1BE67A63-3E85-4C98-9C9D-A1F53A808350}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe => No File
FirewallRules: [{848B24E1-0F49-4BCB-AEF1-B58590C147FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe => No File
FirewallRules: [{65420A5D-4B35-4306-BEBD-1CD6A8C8F759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe => No File
FirewallRules: [{D8B6F726-910D-4429-8D40-766B59C0E68F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe => No File
FirewallRules: [{0E654C25-0E72-406A-9105-105CE7E5EA12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe => No File
FirewallRules: [{46DA2C30-C532-4043-95C9-1413C88714C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nancy Drew Danger on Deception Island\Game.exe => No File
FirewallRules: [{591AD063-663F-4D9A-ADB9-6FDE9E1A01B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nancy Drew Danger on Deception Island\Game.exe => No File
FirewallRules: [{A4C05EAC-82C4-4251-A620-CBB8D9FB5E97}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe => No File
FirewallRules: [{C38B7A7E-BE7C-4AB7-9794-60139328EF39}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe => No File
FirewallRules: [{8D752C19-A0AA-45F2-89C8-8C9AB34F3A7E}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe => No File
FirewallRules: [{6E954559-1116-48F6-AFAB-99618367E175}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe => No File
FirewallRules: [TCP Query User{F0169275-30A4-42CA-98D1-473D225739F9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{089198F2-3BA4-42A0-B081-60AA15C9893D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{24511828-0689-4C33-87F9-CD803540E61C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C6E139B5-5012-431D-B399-2C944558DA38}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{DF896B67-B729-449C-BA43-4FE593315A5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3AD38607-DECE-4E7D-8BAB-B008451CA1BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{4FAAC453-4564-4EDC-B1F2-A547D62ACF35}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{CDC4C8A9-3D1A-415C-A71C-A502FD9E573C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{BADC60E7-E0FD-47F8-8AFD-A00843DECB70}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{D261034A-CFEB-4FA6-A5F7-E95C3894C827}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe () [File not signed]
FirewallRules: [{4C4C1319-9039-47E2-9268-BC73CD0720AD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe () [File not signed]
FirewallRules: [{6CE11249-3308-4D0C-8910-D859F9C4C4ED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe () [File not signed]
FirewallRules: [{F53C3F6A-64FC-4EFB-B61F-09AFD8D777DC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe () [File not signed]
FirewallRules: [{5B1C7BEC-E90B-40C1-9A22-8143855E3970}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe () [File not signed]
FirewallRules: [{904786C6-365B-4B91-B57C-FFF59E51EBDD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{4E9A2E68-2B44-4C55-94FF-0B1C9819A5C1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{30C53863-1829-4653-A6C8-D3F7036D22DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe () [File not signed]
FirewallRules: [{23848001-1C49-4799-93D2-894F75232BE3}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [TCP Query User{7E8BA0DA-704A-4137-BA36-4A73FD72BDF5}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe () [File not signed]
FirewallRules: [UDP Query User{D85F524C-B912-4453-8D66-DA19B3888BF4}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe () [File not signed]
FirewallRules: [TCP Query User{0C70A227-3E56-4C3B-90E8-3986C38D305E}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [UDP Query User{79CDF88D-9FD7-479B-BF58-D58CCEEE7DC4}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [TCP Query User{7138EEB9-F869-4800-A1FF-2C6CCFE252C2}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [UDP Query User{A2321F27-1966-4FE0-9707-741EED233A96}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{104E543A-DAB9-4779-B595-8AEC0B77D247}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{104E543A-DAB9-4779-B595-8AEC0B77D247}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-316880295-4286440006-4187134797-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17BDE72D-73AC-4B64-8BF6-C86D521BDB9E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17BDE72D-73AC-4B64-8BF6-C86D521BDB9E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2763E001-CF8D-432A-9D8B-87EB4D4A621E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2763E001-CF8D-432A-9D8B-87EB4D4A621E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B244C4E-942A-4C37-B537-222484FC2408}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B244C4E-942A-4C37-B537-222484FC2408}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C77DABD-BC2C-4ABD-87B4-89F29BD6003E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C77DABD-BC2C-4ABD-87B4-89F29BD6003E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6497BC44-9271-445D-BF1D-7D6E3F6E7AAF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6497BC44-9271-445D-BF1D-7D6E3F6E7AAF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{700A4F00-4433-4EF6-9F59-A8EF9FADC4E0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{700A4F00-4433-4EF6-9F59-A8EF9FADC4E0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70A7D578-496B-4176-A2EF-0C9B0BE8CE44}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70A7D578-496B-4176-A2EF-0C9B0BE8CE44}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{741CED75-6E12-4CCE-B18E-96CA43706AC2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{741CED75-6E12-4CCE-B18E-96CA43706AC2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F92E1B2-04E2-4538-8EA4-CB0ECC2A0F95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F92E1B2-04E2-4538-8EA4-CB0ECC2A0F95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{851F745D-7E2A-4804-B640-E867C7C8E191}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{851F745D-7E2A-4804-B640-E867C7C8E191}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1816D01-D227-4783-A8B2-45C56E2DCAFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1816D01-D227-4783-A8B2-45C56E2DCAFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B48B9F69-8581-40BA-B351-06BC99E0935B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B48B9F69-8581-40BA-B351-06BC99E0935B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C73F12F8-8144-4655-B68E-80DEFD36EDF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C73F12F8-8144-4655-B68E-80DEFD36EDF3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCE89503-2E05-465A-B9AA-C2A723F45359}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE89503-2E05-465A-B9AA-C2A723F45359}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D84F54C6-ACE2-4728-85F9-9409D7A1A3CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D84F54C6-ACE2-4728-85F9-9409D7A1A3CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4A77E7F-DD03-4980-9D8B-E5948D3DEF08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4A77E7F-DD03-4980-9D8B-E5948D3DEF08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEEC5BCF-9240-4926-B76E-9004CA61DD47}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A627F80-EF6E-4513-95D3-5B59A3E2E8BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C95DCD01-79D9-4986-AA21-D426B213C9C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E67A291-EE3D-4364-88A2-5404E93294FC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{483F86F0-12C1-4AED-88FE-BD4F60124DBD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C6D6C61-5F78-42C3-A8B8-0521532F9477}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{55FB36DB-FB57-42EB-BDE0-97BF69D7616F}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1BE67A63-3E85-4C98-9C9D-A1F53A808350}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{848B24E1-0F49-4BCB-AEF1-B58590C147FD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65420A5D-4B35-4306-BEBD-1CD6A8C8F759}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8B6F726-910D-4429-8D40-766B59C0E68F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E654C25-0E72-406A-9105-105CE7E5EA12}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46DA2C30-C532-4043-95C9-1413C88714C3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{591AD063-663F-4D9A-ADB9-6FDE9E1A01B6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4C05EAC-82C4-4251-A620-CBB8D9FB5E97}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C38B7A7E-BE7C-4AB7-9794-60139328EF39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D752C19-A0AA-45F2-89C8-8C9AB34F3A7E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E954559-1116-48F6-AFAB-99618367E175}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F0169275-30A4-42CA-98D1-473D225739F9}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{089198F2-3BA4-42A0-B081-60AA15C9893D}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24511828-0689-4C33-87F9-CD803540E61C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6E139B5-5012-431D-B399-2C944558DA38}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF896B67-B729-449C-BA43-4FE593315A5C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3AD38607-DECE-4E7D-8BAB-B008451CA1BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FAAC453-4564-4EDC-B1F2-A547D62ACF35}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDC4C8A9-3D1A-415C-A71C-A502FD9E573C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BADC60E7-E0FD-47F8-8AFD-A00843DECB70}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D261034A-CFEB-4FA6-A5F7-E95C3894C827}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C4C1319-9039-47E2-9268-BC73CD0720AD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CE11249-3308-4D0C-8910-D859F9C4C4ED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F53C3F6A-64FC-4EFB-B61F-09AFD8D777DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B1C7BEC-E90B-40C1-9A22-8143855E3970}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{904786C6-365B-4B91-B57C-FFF59E51EBDD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E9A2E68-2B44-4C55-94FF-0B1C9819A5C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30C53863-1829-4653-A6C8-D3F7036D22DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23848001-1C49-4799-93D2-894F75232BE3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E8BA0DA-704A-4137-BA36-4A73FD72BDF5}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D85F524C-B912-4453-8D66-DA19B3888BF4}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0C70A227-3E56-4C3B-90E8-3986C38D305E}C:\program files\blackmagic design\davinci resolve\resolve.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{79CDF88D-9FD7-479B-BF58-D58CCEEE7DC4}C:\program files\blackmagic design\davinci resolve\resolve.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7138EEB9-F869-4800-A1FF-2C6CCFE252C2}C:\program files\blackmagic design\davinci resolve\fuscript.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A2321F27-1966-4FE0-9707-741EED233A96}C:\program files\blackmagic design\davinci resolve\fuscript.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-316880295-4286440006-4187134797-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-316880295-4286440006-4187134797-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 4 while it has its media disconnected.
No operation can be performed on Local Area Connection* 5 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 5:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2600:8801:9402:c600::6250
IPv6 Address. . . . . . . . . . . : 2600:8801:9402:c600:88a1:dc23:18c1:fcfc
Temporary IPv6 Address. . . . . . : 2600:8801:9402:c600:a82e:a056:e1a:d2b3
Link-local IPv6 Address . . . . . : fe80::88a1:dc23:18c1:fcfc%6
Default Gateway . . . . . . . . . : fe80::226:86ff:fe19:bf9%6

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 4 while it has its media disconnected.
No operation can be performed on Local Area Connection* 5 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 5:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2600:8801:9402:c600::6250
IPv6 Address. . . . . . . . . . . : 2600:8801:9402:c600:88a1:dc23:18c1:fcfc
Temporary IPv6 Address. . . . . . : 2600:8801:9402:c600:a82e:a056:e1a:d2b3
Link-local IPv6 Address . . . . . : fe80::88a1:dc23:18c1:fcfc%6
IPv4 Address. . . . . . . . . . . : 192.168.0.120
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::226:86ff:fe19:bf9%6
192.168.0.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71450180 B
Java, Flash, Steam htmlcache => 156633927 B
Windows/system/drivers => 414530561 B
Edge => 2568487 B
Chrome => 2365142993 B
Firefox => 22154863 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 50646 B
NetworkService => 15832210 B
Samantha Karnes => 216858548 B

RecycleBin => 9148561201 B
EmptyTemp: => 11.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:40:36 ====
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,382
532
PCHF Bunker
pchelpforum.net
Please do the following for me:

Download ResetBrowser to your desktop.

Now close all open browsers. All browsers MUST be closed during this operation!

Right click and Run as Administrator

vwueyaz-png.1017


Click on Reset Chrome-- Allow completion.
Click on Reset Firefox-- Allow completion.
Click on Reset Internet Explorer-- Allow completion.

Now reboot your machine.
 
  • Like
Reactions: tntmo

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
Completed 2 of 3, I do not have Firefox installed obviously because ResetBrowser only gave me the option to install it rather than reset it.
 

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
FRST info:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Samantha Karnes (administrator) on SAMANTHA (TOSHIBA Satellite C55D-B) (18-04-2021 17:39:34)
Running from C:\Users\Samantha Karnes\Desktop
Loaded Profiles: Samantha Karnes
Platform: Windows 10 Home Version 2004 19041.928 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Bose Corporation -> Bose Corporation) C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE
(Compal Electronics, Inc. -> TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe <2>
(Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Samantha Karnes\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-06-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (Compal Electronics, Inc. -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\Run: [Bose Updater] => C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE [414552 2021-03-27] (Bose Corporation -> Bose Corporation)
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\MountPoints2: {b8fb6b3e-0f51-11eb-8323-4cbb5866d705} - "E:\OnePlus_setup.exe" /s
HKLM\...\Windows x64\Print Processors\Canon MX490 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCK.DLL [30208 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX490 series: C:\WINDOWS\system32\CNCALCK.DLL [303104 2014-09-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX490 series: C:\WINDOWS\system32\CNMLMCK.DLL [406528 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON WF-2540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMIUE.DLL [120320 2015-01-06] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.72\Installer\chrmstp.exe [2021-04-18] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38E4C892-700E-413C-9B9F-3181F47A154E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {4FBE1633-37C9-40D6-A2A7-860515D0E76D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {6172A990-3C78-4E71-B197-01B43205C717} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {64B37D51-B107-4CED-BA9F-02F275424D45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-18] (Google LLC -> Google LLC)
Task: {66CCAF17-0997-41D6-A177-4BA55115A843} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [699496 2013-09-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {69500F3F-673E-4ADB-A50F-9BC20C5ECD0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {85825ECF-F972-40F9-B74F-FF0B0A6C6DDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {94180BDD-2A23-4EC0-8F43-C3D059897F5C} - System32\Tasks\{8FBC408D-7A98-49A0-B52F-ABD4D2DA31C3} => "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {A626C9DB-305E-4C44-ADD6-265E09F0CD33} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BC7EB884-DF6B-4B59-AB6D-4D0B211B91CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)
Task: {C492B274-9FDA-4BE6-909D-BCE39CFD328C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D8D09AAC-7220-47C9-ACF5-833EC074CCF6} - System32\Tasks\Pokki => C:\Users\Samantha Karnes\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {E253D3A9-6D41-4370-AB69-EA697FB8B668} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-18] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{37c530e7-186d-44b4-b753-6b27bcd6789a}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{e301b961-b921-494f-b828-e0c62aa8ca74}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-16]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (Read&Write for Microsoft Edge™) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjglhpoliipklkfjcahfefdlfpifcinb [2021-04-14]
Edge Extension: (Skype Calling) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2020-08-27]
Edge Extension: (Save to Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2021-04-14]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-04-14]
Edge Extension: ((Deprecated) G Suite Training) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2020-08-27]
Edge Extension: (uBlock Plus Adblocker) - C:\Users\Samantha Karnes\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijekkjcicg [2020-08-27]

FireFox:
========
FF DefaultProfile: 2ymu52ic.default
FF ProfilePath: C:\Users\Samantha Karnes\AppData\Roaming\Mozilla\Firefox\Profiles\2ymu52ic.default [2021-04-18]
FF Homepage: Mozilla\Firefox\Profiles\2ymu52ic.default -> hxxps://links.malwarebytes.com/link/restorebrowser?lic=trial&product=MBAM-C/?s=toshibaupd&m=start
FF Extension: (New Tab by Yahoo) - C:\Users\Samantha Karnes\AppData\Roaming\Mozilla\Firefox\Profiles\2ymu52ic.default\Extensions\[email protected] [2015-08-06] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-13] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default [2021-04-18]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Extension: (Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-18]
CHR Extension: (Skype Calling) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2021-04-18]
CHR Extension: (YouTube) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-04-18]
CHR Extension: (Google Docs Offline) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-18]
CHR Extension: (Save to Google Drive) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2021-04-18]
CHR Extension: (Read&Write for Google Chrome™) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\inoeonmfapjbbkmdafoankkfajkcphgd [2021-04-18]
CHR Extension: (Google Forms) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2021-04-18]
CHR Extension: (Skype) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2021-04-18]
CHR Extension: (Google Drawings) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2021-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-18]
CHR Extension: (Gmail) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Samantha Karnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-18]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-22] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc. -> Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2461792 2019-03-27] (Bitdefender SRL -> Bitdefender)
R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe [615776 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] (DTS, Inc. -> )
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S2 TSDSettingService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\dynabookSystemService.exe [44767048 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
S2 TSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\TOSTABSYSSVC.exe [296272 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 TSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe [446248 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [236128 2020-11-26] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [559200 2021-04-02] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [240352 2020-11-26] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [2718744 2021-02-26] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309120 2020-02-03] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [488592 2021-02-16] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [47816 2020-07-21] (Dynabook Inc. -> Dynabook Inc.)
R3 tosrfec; C:\WINDOWS\System32\drivers\tosrfec.sys [37808 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_4d5c54c80b005163\TosSrvCtlDrv.sys [25816 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [641728 2021-02-26] (Bitdefender SRL -> Bitdefender)
S0 TVALZ; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
R0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [386800 2020-10-20] (Bitdefender SRL -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-18] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-18 16:35 - 2021-04-18 16:35 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-18 16:35 - 2021-04-18 16:35 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-18 16:35 - 2021-04-18 16:35 - 000002271 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-18 16:34 - 2021-04-18 16:39 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-18 16:34 - 2021-04-18 16:39 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-18 16:23 - 2021-04-18 16:23 - 001622528 _____ C:\Users\Samantha Karnes\Desktop\ResetBrowser.exe
2021-04-18 14:17 - 2021-04-18 14:40 - 000033142 _____ C:\Users\Samantha Karnes\Desktop\Fixlog.txt
2021-04-18 14:17 - 2021-04-18 14:17 - 000000000 ____D C:\Users\Samantha Karnes\Desktop\FRST-OlderVersion
2021-04-16 08:49 - 2021-04-16 09:00 - 000039920 _____ C:\Users\Samantha Karnes\Desktop\Addition.txt
2021-04-16 08:38 - 2021-04-18 17:44 - 000023286 _____ C:\Users\Samantha Karnes\Desktop\FRST.txt
2021-04-16 08:35 - 2021-04-18 17:41 - 000000000 ____D C:\FRST
2021-04-16 08:31 - 2021-04-18 14:17 - 002298368 _____ (Farbar) C:\Users\Samantha Karnes\Desktop\FRST64.exe
2021-04-14 18:09 - 2021-04-14 18:09 - 000088428 _____ C:\ProgramData\agent.update.1618448903.bdinstall.v2.bin
2021-04-14 15:03 - 2021-04-14 15:03 - 000001203 _____ C:\Users\Samantha Karnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2021-04-14 15:02 - 2021-04-14 15:02 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-04-14 14:58 - 2020-12-18 02:37 - 000022976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2021-04-14 14:56 - 2021-04-14 14:56 - 000001218 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2021-04-14 14:56 - 2021-04-14 14:56 - 000001218 _____ C:\ProgramData\Desktop\Bitdefender Antivirus Free.lnk
2021-04-14 14:56 - 2021-02-26 18:31 - 000641728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-04-14 14:55 - 2021-04-14 14:55 - 000000000 ____D C:\ProgramData\Bitdefender
2021-04-14 14:55 - 2020-02-03 16:53 - 000309120 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2021-04-14 14:54 - 2021-02-26 13:40 - 002718744 _____ (Bitdefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2021-04-14 14:54 - 2020-12-04 15:15 - 000802976 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-04-14 14:54 - 2020-10-20 13:18 - 000386800 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\vlflt.sys
2021-04-14 14:53 - 2021-02-16 15:31 - 000488592 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2021-04-14 14:31 - 2021-04-18 17:55 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-04-14 14:30 - 2021-04-14 14:30 - 000003802 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-04-14 14:29 - 2021-04-14 14:29 - 000116636 _____ C:\ProgramData\agent.1618435725.bdinstall.v2.bin
2021-04-14 14:28 - 2021-04-14 18:09 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-04-14 14:28 - 2021-04-14 14:28 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-04-14 14:27 - 2021-04-14 14:27 - 013543384 _____ C:\Users\Samantha Karnes\Downloads\bitdefender_online.exe
2021-04-13 22:49 - 2021-04-13 22:53 - 000938756 _____ C:\WINDOWS\Minidump\041321-39468-01.dmp
2021-04-13 20:16 - 2021-04-13 20:16 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-13 20:14 - 2021-04-13 20:14 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-13 20:13 - 2021-04-13 20:13 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-11 07:47 - 2021-04-11 07:47 - 000000000 ____D C:\Program Files\Avast Software
2021-04-11 07:46 - 2021-04-14 14:39 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-08 13:33 - 2021-04-08 13:33 - 000001313 _____ C:\Users\Samantha Karnes\Downloads - Shortcut.lnk
2021-04-08 09:31 - 2021-04-08 09:31 - 000000000 ____D C:\Users\Samantha Karnes\AppData\Local\mbam
2021-03-27 17:44 - 2021-03-27 17:44 - 000000000 ____D C:\Program Files (x86)\Bose Updater

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-18 18:03 - 2019-12-07 02:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2021-04-18 17:55 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-18 17:34 - 2020-10-06 18:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-18 17:17 - 2020-05-15 17:40 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-18 16:58 - 2020-10-06 19:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-18 16:58 - 2020-09-14 20:51 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-18 16:57 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-18 16:57 - 2017-07-29 20:13 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-04-18 16:34 - 2015-03-13 17:33 - 000000000 ____D C:\Program Files (x86)\Google
2021-04-18 15:10 - 2018-02-15 06:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-18 14:45 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-18 14:45 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-18 14:36 - 2016-06-28 20:11 - 000000000 ____D C:\Users\Samantha Karnes\AppData\LocalLow\Temp
2021-04-18 14:26 - 2015-03-29 14:11 - 000000000 ____D C:\Users\Samantha Karnes\AppData\Local\CrashDumps
2021-04-16 07:17 - 2020-08-27 13:58 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 07:17 - 2020-08-27 13:58 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-04-16 07:17 - 2020-08-27 13:58 - 000002287 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-15 07:45 - 2020-10-06 19:06 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-316880295-4286440006-4187134797-1001
2021-04-15 07:45 - 2020-10-06 18:33 - 000002404 _____ C:\Users\Samantha Karnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-15 07:45 - 2015-03-13 17:05 - 000000000 ___RD C:\Users\Samantha Karnes\OneDrive
2021-04-14 18:41 - 2015-09-17 21:48 - 000000000 ___HD C:\Users\Samantha Karnes\AppData\Local\0fa5a48f5b9676cf
2021-04-14 15:02 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-14 14:53 - 2020-10-06 18:48 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-14 14:53 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-14 14:36 - 2020-10-06 18:33 - 000000000 ____D C:\Users\Samantha Karnes
2021-04-13 22:54 - 2020-11-18 17:01 - 000000000 ____D C:\WINDOWS\Minidump
2021-04-13 22:49 - 2020-05-08 06:57 - 485690090 _____ C:\WINDOWS\MEMORY.DMP
2021-04-13 21:11 - 2020-10-06 18:25 - 000257904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-13 21:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-13 21:06 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-13 20:31 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-13 20:12 - 2020-10-06 18:28 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-13 18:44 - 2015-03-15 09:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-13 18:44 - 2015-03-15 09:35 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-12 21:08 - 2020-10-06 19:06 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-12 21:08 - 2020-10-06 19:06 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-08 09:53 - 2014-08-11 01:46 - 000000000 ____D C:\Program Files (x86)\Amazon

==================== Files in the root of some directories ========

2015-08-16 18:48 - 2015-10-17 08:48 - 000000184 _____ () C:\Users\Samantha Karnes\AppData\Roaming\WB.CFG

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
Addition info:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Samantha Karnes (18-04-2021 18:04:39)
Running from C:\Users\Samantha Karnes\Desktop
Windows 10 Home Version 2004 19041.928 (X64) (2020-10-07 02:08:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-316880295-4286440006-4187134797-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-316880295-4286440006-4187134797-503 - Limited - Disabled)
Guest (S-1-5-21-316880295-4286440006-4187134797-501 - Limited - Disabled)
Samantha Karnes (S-1-5-21-316880295-4286440006-4187134797-1001 - Administrator - Enabled) => C:\Users\Samantha Karnes
WDAGUtilityAccount (S-1-5-21-316880295-4286440006-4187134797-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20149 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{99213849-249E-7726-EBA7-ADFCA48E2246}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.21.234 - Bitdefender)
Blackmagic RAW Common Components (HKLM\...\{9F59876B-1EE7-4708-B704-2FC1CF7EBFBB}) (Version: 2.0 - Blackmagic Design)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bose Updater (HKLM-x32\...\Bose Updater) (Version: 7.0.27.4971 - Bose Corporation)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
DaVinci Resolve (HKLM\...\{D9D60A2E-9FFB-4056-8ECD-FF56ADF91268}) (Version: 17.0.00010 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{2BBEAC75-618E-4C99-A00B-27D4551E30AC}) (Version: 1.4.0.0 - Blackmagic Design)
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\{197AD319-7914-3594-8B47-03439186F101}) (Version: 90.0.4430.72 - Google LLC)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-316880295-4286440006-4187134797-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
PSP Application (HKLM\...\{8DB698FB-2E57-A223-0169-911CA8736440}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SPOT X 2.2.16 (HKLM-x32\...\8832-7504-9188-3356) (Version: 2.2.16 - Globalstar Inc.)
System Requirements Lab Detection (HKLM-x32\...\{5CAA5DEA-E079-4DC1-8E21-E30AC0F92DA8}) (Version: 6.1.1.0 - Husdawg, LLC)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.0.6404 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-07-03] (WildTangent Games)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-21] (Amazon.com)
Book Place by Toshiba -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8t [2015-03-13] (K-NFB Reading Technologies, Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.3.30.0_x86__kgqvnymyfvs32 [2021-03-25] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.191.500.0_x86__kgqvnymyfvs32 [2021-04-15] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Deals & Offers -> C:\Program Files\WindowsApps\2B24874D.DealsOffers_1.0.0.4_neutral__v10edqkhnj0dg [2015-03-13] (Synacor, Inc.)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.8.15.0_x86__h6adky7gbf63m [2021-03-25] (Gameloft SE)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-03-17] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.11.5.0_x86__q4d96b2w5wcc2 [2021-04-15] (Evernote)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6 [2021-04-12] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HULULLC.HULUPLUS_3.1.0.0_neutral__fphbd361v8tya [2021-04-07] (Hulu.)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_7.0.40.0_x64__a76a11dkgb644 [2021-02-26] (iHeartMedia.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-07-03] (AMZN Mobile LLC)
Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.35.0_x64__679ekb9hp1h62 [2020-10-19] (sMedio)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-07] (Microsoft Corporation)
Texture - Unlimited Magazines -> C:\Program Files\WindowsApps\NextIssue.NextIssueMagazines_1.6.1.0_x64__91pt4qm2m3xcw [2015-12-16] (NEXT ISSUE MEDIA LLC)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.3.0.4_neutral__r8x1fxsdcnpjw [2015-05-16] (Toshiba America Information Systems, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-02-28] (Microsoft Corporation)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-03-14] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing -> WinZip Computing, S.L.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Samantha Karnes\Desktop\Tom's - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\Samantha Karnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple Calc.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4" --app-id=mhlialinbkjpnaoeofdfhgglolojllfh
ShortcutWithArgument: C:\Users\Samantha Karnes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Teresa - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) =============

2021-03-27 17:44 - 2021-03-27 17:44 - 000783360 _____ () [File not signed] C:\Program Files (x86)\Bose Updater\aws-cpp-sdk-core.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 002565632 _____ () [File not signed] C:\Program Files (x86)\Bose Updater\aws-cpp-sdk-s3.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-01-03 20:24 - 2015-01-03 20:24 - 000080384 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-11-10 19:11 - 2014-11-10 19:11 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll
2015-09-04 16:34 - 2015-09-04 16:34 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 001192960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\platforms\QWINDOWS.DLL
2021-03-27 17:44 - 2021-03-27 17:44 - 005087232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Core.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 005353984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Gui.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 001042944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Network.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 000065536 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5SerialPort.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 004532224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Widgets.dll
2021-03-27 17:44 - 2021-03-27 17:44 - 000147456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Bose Updater\Qt5Xml.dll
2015-09-04 16:42 - 2015-09-04 16:42 - 001367040 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKLM -> DefaultScope {824DBE53-0822-43C5-95C6-F72AE17DE611} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-316880295-4286440006-4187134797-1001 -> {824DBE53-0822-43C5-95C6-F72AE17DE611} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2021-04-18 14:20 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\;C:\Android;C:\Windows\System32
HKU\S-1-5-21-316880295-4286440006-4187134797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Samantha Karnes\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img3.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B0F7F9A3-8466-4638-9974-99684122BD78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-04-2021 22:14:08 Scheduled Checkpoint
13-04-2021 19:11:19 Windows Modules Installer
13-04-2021 19:30:30 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/18/2021 05:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 2.2103.17603.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1e18

Start Time: 01d734af184adfff

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe

Report Id: 6adf1994-5d4b-42f2-bcc2-83135e1ca5fa

Faulting package full name: Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (04/18/2021 04:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Samantha.local already in use; will try Samantha-2.local instead

Error: (04/18/2021 04:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Samantha.local. Addr 192.168.0.120

Error: (04/18/2021 04:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.120:5353 16 Samantha.local. AAAA 2600:8801:9402:C600:0000:0000:0000:6250

Error: (04/18/2021 04:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Samantha.local. AAAA FE80:0000:0000:0000:88A1:DC23:18C1:FCFC

Error: (04/18/2021 04:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.120:5353 16 Samantha.local. AAAA 2600:8801:9402:C600:0000:0000:0000:6250

Error: (04/18/2021 04:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Samantha.local. Addr 192.168.0.120

Error: (04/18/2021 04:58:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.120:5353 16 Samantha.local. AAAA 2600:8801:9402:C600:0000:0000:0000:6250


System errors:
=============
Error: (04/18/2021 05:10:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.

Error: (04/18/2021 05:08:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.

Error: (04/18/2021 05:06:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (04/18/2021 04:57:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vsserv service.

Error: (04/18/2021 04:57:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (04/18/2021 02:54:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.

Error: (04/18/2021 02:51:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.

Error: (04/18/2021 02:49:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.


Windows Defender:
================
Date: 2021-04-18 17:34:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-18 15:10:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-07 23:07:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-06 23:07:43
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-05 23:07:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-25 08:05:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.333.773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17900.7
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2021-04-18 17:34:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\265232484547332704\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2021-04-18 17:34:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\265232484547332704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-18 17:28:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\bdamsi\265232484547332704\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: TOSHIBA 1.30 06/06/2014
Motherboard: TOSHIBA ZBWAE
Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics
Percentage of memory in use: 77%
Total physical RAM: 3518.88 MB
Available physical RAM: 774.61 MB
Total Virtual: 5566.88 MB
Available Virtual: 2515.34 MB

==================== Drives ================================

Drive c: (TI10702900A) (Fixed) (Total:454.29 GB) (Free:377.13 GB) NTFS
Drive d: (MK5020) (CDROM) (Total:1.47 GB) (Free:0 GB) CDFS

\\?\Volume{b404f933-2997-11e4-8225-201a06d8cd53}\ (System) (Fixed) (Total:1 GB) (Free:0.59 GB) NTFS
\\?\Volume{6b3cf120-3e6b-4272-953d-20d2663bdee1}\ () (Fixed) (Total:0.9 GB) (Free:0.38 GB) NTFS
\\?\Volume{44a6c4d6-97ab-11e4-a554-f0761c8a6858}\ (Recovery) (Fixed) (Total:9.35 GB) (Free:0.96 GB) NTFS
\\?\Volume{b404f939-2997-11e4-8225-201a06d8cd53}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
How are things now?
Oh, it's a beautiful night. Just got done enjoying a bowl of mushroom ramen and a cold beer.
The computer seems to be working excellent as well. No crazy pop-ups or other signs of malicious activity.
 
  • Like
Reactions: jmarket

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
Several days later, all appears to be fine.

Thank you so much for your assistance!
 
  • Like
Reactions: jmarket

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Manager
Jan 10, 2015
2,382
532
PCHF Bunker
pchelpforum.net
Great news :)

Please go HERE and download Delfix Save it to your desktop.

Right click the new Delfix desktop icon and then click "run as administrator"

Place a tick in the following checkboxes

  1. Remove disinfection tools
  2. Create registry backup
  3. Purge system restore

Then select "Run"

GBBRMwwxJ7zMghGQCMlCmxOCl8mlytvIqgaYzZKVcFimwvYqO4Nt41pS4yumHEfnaAq826QMwZE3-8-6Uv7maZHlHiR5EmCG8F-80WrEvqUHO1vE-vibO3aw7mFhbs0AHMcpjUbt=w2400


Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please post a copy of this file in your next post :)
 
  • Like
Reactions: tntmo

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
# DelFix v1.013 - Logfile created 25/04/2021 at 17:04:26
# Updated 17/04/2016 by Xplode
# Username : Samantha Karnes - SAMANTHA
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Samantha Karnes\Desktop\FRST-OlderVersion
Deleted : C:\Users\Samantha Karnes\Desktop\Addition.txt
Deleted : C:\Users\Samantha Karnes\Desktop\Fixlog.txt
Deleted : C:\Users\Samantha Karnes\Desktop\FRST.txt
Deleted : C:\Users\Samantha Karnes\Desktop\FRST64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #34 [Scheduled Checkpoint | 04/22/2021 17:25:08]

New restore point created !

########## - EOF - ##########
 

tntmo

PCHF Member
PCHF Member
Apr 16, 2021
12
3
47
Thanks again, I will stop by here if anything else pops up in the meantime.
 
  • Like
Reactions: jmarket
Status
Not open for further replies.