I suspect I have a keylogger in my windows 10 computer.
I had gotten a pop-up that windows needed to restart, but it didn't have the look and feel of regular windows prompts.I believe the prompt came from VLC media player.On a different day, my bank's website prompted me for 2-factor authentication because it didn't recognize my computer, although it should have.
Becoming suspicious, I poked around my computer and noticed:
Bluetooth was turned on, and wi-fi hotspot was turned on, both not long after I manually shut them off.
When I typed "ipconfig /all" into the command prompt, I saw a second ip address I didn't recognize.
My task manager said I'm running several applications that seem to me to be for networks and remote computing, not home computing.
Becoming paranoid, I opened services application, and there were programs that I couldn't stop, like "touch keyboard and handwriting panel service".
Last, every now and then my computer fan operates loudly, and in task manager I see the name of several Intel and HP applications.I don't believe any activity of mine would have prompted those applications to run.
Thanks for your help.
***************
FRST file contents:
***************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2021
Ran by Neil (administrator) on NEILSPC (Hewlett-Packard HP ENVY 15 x360 PC) (06-12-2021 19:54:03)
Running from C:\Users\Neil\Desktop
Loaded Profiles: Neil
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <32>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569624 2014-04-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-10] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Megan\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Megan\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\...\RunOnce: [Uninstall 21.205.1003.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Megan\AppData\Local\Microsoft\OneDrive\21.205.1003.0005"
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [404992 2013-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-03-07] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-01-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0313B20D-F1F3-4DE7-A647-F571B8EB8DB9} - System32\Tasks\Pokki => C:\Users\Neil\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe /LOGON (No File)
Task: {09BEFFCE-1C27-4535-8E90-90E66BAA1EBF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0D148221-0465-4AE1-80E5-A48FA883D04A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1354552 2013-11-01] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {139BFD8C-9FDA-4C66-88EE-60AB714F29AD} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1415D4DF-432A-4637-BEED-EDDEA6829BDF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {16B38C86-E740-4D05-ABC7-7EF698F33156} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {194F3307-BAD7-4797-8A11-E3294E65ED48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc -> Google Inc.)
Task: {21AF65F5-2C27-463B-ADF5-28227ED07280} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
Task: {25823EFC-DA28-4D47-B0C3-89561C190B7A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {3A58F5AA-38C7-4D41-B49A-3DC04E53E40E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3D379035-BA01-41D0-8F6E-2F17736AF63A} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel® Software Asset Manager -> Intel Corporation)
Task: {4C469E94-8C4F-440C-B042-410EFC9F1E92} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {52266F60-A8A5-4D89-8CD5-8AA728D9B580} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5763DA2E-D4C4-417F-8C2D-50CDEC38827C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {5E32ED9B-0D55-4380-A19A-892659B20689} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6608DD24-F6BC-4152-A42C-689493D717B7} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {6AF1F998-3346-45A7-8790-B1C28225ED24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {75A92537-57B9-4F16-A8B6-A446F7097FE2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {81F574FE-027B-49B6-8273-A97630FED25A} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel® Software Asset Manager -> Intel Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8D4197D7-44E1-48B7-8FE6-A70E000043AF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9A79C8AC-464F-4469-B800-80E4DA640890} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc -> Google Inc.)
Task: {9CE67C72-C054-4DAE-B857-D685103CC0A6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9EEBDB8E-DDEC-483C-8B40-B6AEDF14B141} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9F820327-B55C-4A3C-A000-B05811D57821} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A1724257-6AB4-435A-BA3A-8F9516F69D94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A40BB4CC-0669-47F3-A354-1F7529390C4B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACD41126-EB0B-4E65-823A-8904BB5FA131} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1738504 2015-09-04] (Intel® Software -> Intel Corporation)
Task: {B2FB1090-896B-4B0D-A58F-CC41871296BC} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (No File)
Task: {B9D1936E-F854-4485-B0C4-AE824C765EC8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BBBD03A0-D6E7-4147-AB17-B49A26BE04CB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {BBDA8DA0-EC25-4A2E-8195-4B5EFBE8C08B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {BDB20675-3553-454C-AE1C-8A1AE49E9C43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5093BEA-AE56-47F1-8783-03EE6CD1BC8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CFC0A769-B806-4CDF-86AA-2D655222586C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
Task: {D7B45E18-93DE-4671-8B2B-5FA3EE8E1B55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {D861C8CC-1A16-4CB1-9B48-E6C921552BE6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7BD2F42-5491-498B-BDAA-DEF8512208C4} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E97F7B07-9017-41B3-B531-C79ACAA9E862} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7d372f90-e5c1-40e3-b70b-268b0945efcd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dcba33c2-b08b-4331-b550-277d891a5c84}: [DhcpNameServer] 192.168.1.254
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Neil\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-05]
FireFox:
========
FF DefaultProfile: u2iz8x56.default-1460859868339
FF ProfilePath: C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\u2iz8x56.default-1460859868339 [2021-12-06]
FF Homepage: Mozilla\Firefox\Profiles\u2iz8x56.default-1460859868339 -> www.google.com
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office15\NPSPWRAP.DLL [2021-11-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2021-11-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3201314961-3527641614-1078109346-1004: @zoom.us/ZoomVideoPlugin -> C:\Users\Megan\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-30] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default [2021-12-01]
CHR HomePage: Default -> hxxp://homepage-web.com/?s=hp&m=home
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-09]
CHR Extension: (Docs) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-09]
CHR Extension: (Google Drive) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-20]
CHR Extension: (YouTube) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Sheets) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-28]
CHR Extension: (Gmail) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-28]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
S4 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [733200 2021-04-19] (HP Inc. -> HP Inc.)
S4 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [731152 2021-04-19] (HP Inc. -> HP Inc.)
S4 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [731152 2021-04-19] (HP Inc. -> HP Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® TA SAM; C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel® Software Asset Manager -> Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HPSysInfoCap; "C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe" [X]
S4 Intel® TechnologyAccessLegacyCSLoader; "C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe" [X]
S4 Intel® TechnologyAccessService; "C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2021-12-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation -> Malwarebytes Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel® Technology Access -> Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-06 19:54 - 2021-12-06 19:57 - 000022784 _____ C:\Users\Neil\Desktop\FRST.txt
2021-12-06 19:53 - 2021-12-06 19:57 - 000000000 ____D C:\FRST
2021-12-06 19:50 - 2021-12-06 19:50 - 002311168 _____ (Farbar) C:\Users\Neil\Desktop\FRST64.exe
2021-12-06 18:47 - 2021-12-06 18:51 - 000000000 ____D C:\Users\defaultuser100001
2021-12-05 19:40 - 2021-12-05 19:40 - 000000000 ___HD C:\$SysReset
2021-12-05 19:00 - 2021-12-05 19:01 - 001091476 _____ C:\WINDOWS\Minidump\120521-37234-01.dmp
2021-12-04 09:41 - 2021-12-04 09:41 - 000000000 ____D C:\Users\Neil\AppData\Local\ElevatedDiagnostics
2021-12-02 21:25 - 2021-12-02 21:25 - 000000000 _____ C:\WINDOWS\Minidump\120221-40718-01.dmp
2021-12-02 16:14 - 2021-12-02 16:14 - 100925440 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-12-02 15:58 - 2021-12-02 16:14 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-11-29 21:21 - 2021-12-05 19:05 - 000007100 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2021-11-29 21:12 - 2021-11-29 21:24 - 001022212 _____ C:\WINDOWS\Minidump\112921-42218-01.dmp
2021-11-29 21:12 - 2021-11-29 21:12 - 000329552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-23 10:21 - 2021-11-24 00:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-11-15 18:45 - 2021-11-15 18:53 - 001053820 _____ C:\WINDOWS\Minidump\111521-64828-01.dmp
2021-11-11 07:39 - 2021-11-11 07:39 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-11 07:39 - 2021-11-11 07:39 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-11 07:38 - 2021-11-11 07:38 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-11 07:38 - 2021-11-11 07:38 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-11 07:17 - 2021-11-11 07:17 - 000000000 ___HD C:\$WinREAgent
2021-11-06 13:02 - 2021-11-06 13:02 - 002222080 _____ C:\Users\Megan\Downloads\Launch-WHCC-ROES.msi
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-06 19:45 - 2015-09-11 19:41 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-06 19:43 - 2015-01-27 19:48 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-06 19:42 - 2016-11-20 14:08 - 000000000 ____D C:\Users\Neil\AppData\LocalLow\Mozilla
2021-12-06 19:27 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-06 18:51 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-05 23:12 - 2020-10-10 15:36 - 000000000 ____D C:\Users\Neil
2021-12-05 20:42 - 2020-10-10 15:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-05 20:29 - 2020-10-10 16:12 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3201314961-3527641614-1078109346-1001
2021-12-05 20:29 - 2020-10-10 15:36 - 000002425 _____ C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-05 20:11 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-05 19:05 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-05 19:02 - 2020-10-20 06:58 - 000000000 ____D C:\WINDOWS\Minidump
2021-12-05 19:00 - 2020-10-10 16:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-05 19:00 - 2020-10-10 15:27 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-05 19:00 - 2020-02-09 19:18 - 1045571277 _____ C:\WINDOWS\MEMORY.DMP
2021-12-05 19:00 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-05 17:38 - 2015-06-14 08:58 - 000136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2021-12-05 14:42 - 2015-03-18 17:57 - 000000000 ____D C:\Users\Neil\AppData\Roaming\vlc
2021-12-04 20:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-12-04 16:16 - 2017-12-05 08:35 - 000000000 ____D C:\Users\Neil\AppData\Local\Packages
2021-12-04 16:08 - 2017-08-01 09:52 - 000000000 ____D C:\Program Files\Intel
2021-12-04 16:08 - 2014-07-20 19:28 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-04 16:07 - 2015-02-24 19:21 - 000000000 ____D C:\Users\Megan\AppData\Roaming\Intel
2021-12-04 16:07 - 2015-01-27 18:38 - 000000000 ____D C:\Users\Neil\AppData\Roaming\Intel
2021-12-04 16:07 - 2014-07-20 19:21 - 000000000 ____D C:\ProgramData\Intel
2021-12-03 19:15 - 2020-06-23 04:09 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-02 14:51 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemApps
2021-12-02 13:57 - 2019-12-07 03:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-12-02 13:25 - 2015-01-27 18:41 - 000000000 ____D C:\Users\Neil\Documents\Youcam
2021-12-01 19:00 - 2020-10-13 18:32 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d69f4f67a44521
2021-12-01 19:00 - 2020-10-10 16:12 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-29 21:23 - 2014-07-20 19:37 - 000000000 ____D C:\ProgramData\CyberLink
2021-11-28 11:17 - 2017-08-01 09:52 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-11-28 11:17 - 2015-01-27 18:38 - 000000000 __SHD C:\Users\Neil\IntelGraphicsProfiles
2021-11-24 17:09 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-24 00:54 - 2015-01-27 19:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-23 18:34 - 2021-10-06 08:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-23 18:34 - 2015-01-27 19:48 - 000001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-20 14:14 - 2018-07-02 20:14 - 000000000 ____D C:\ProgramData\Packages
2021-11-18 17:41 - 2015-09-11 19:42 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-16 21:32 - 2017-03-16 17:22 - 000535040 _____ C:\Users\Public\Documents\Budget.xls
2021-11-16 21:01 - 2015-02-24 19:26 - 000000000 ___RD C:\Users\Megan\OneDrive
2021-11-16 21:00 - 2020-10-10 16:12 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3201314961-3527641614-1078109346-1004
2021-11-16 21:00 - 2020-10-10 15:36 - 000002428 _____ C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-16 20:57 - 2015-02-24 19:21 - 000000000 __SHD C:\Users\Megan\IntelGraphicsProfiles
2021-11-13 01:07 - 2015-05-04 20:03 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-12 01:28 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-12 01:28 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 07:45 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-09 19:59 - 2015-02-06 17:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-09 19:51 - 2015-02-06 17:46 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-06 12:39 - 2017-12-05 08:33 - 000000000 ____D C:\Users\Megan\AppData\Local\Packages
==================== FLock ==============================
2021-11-28 11:17 C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
**********
Addition.txt contents:
**********
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2021
Ran by Neil (06-12-2021 20:00:00)
Running from C:\Users\Neil\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2020-10-10 22:13:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3201314961-3527641614-1078109346-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3201314961-3527641614-1078109346-503 - Limited - Disabled)
defaultuser100000 (S-1-5-21-3201314961-3527641614-1078109346-1017 - Limited - Enabled)
Guest (S-1-5-21-3201314961-3527641614-1078109346-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3201314961-3527641614-1078109346-1003 - Limited - Enabled)
Megan (S-1-5-21-3201314961-3527641614-1078109346-1004 - Limited - Enabled) => C:\Users\Megan
Neil (S-1-5-21-3201314961-3527641614-1078109346-1001 - Administrator - Enabled) => C:\Users\Neil
WDAGUtilityAccount (S-1-5-21-3201314961-3527641614-1078109346-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 6423216.1637756.4759644.48 - Audible, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.0.232 - Nuance Communications Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
FarmVille 2 (HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
HP Control Zone (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{ADD75863-9A69-4C44-9B43-11AE2B12BE51}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.18.34.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel® Technology Access Software Asset Manager (HKLM-x32\...\{C1C74874-4E6F-49B8-BBCD-D43E277D8D28}) (Version: 3.4.1942 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{A405194D-16D1-44FA-8FF8-D43684D77005}) (Version: 17.0.1407.02 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:- Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.5223.1001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.2 (x64 en-US)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 94.0.2.7993 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.5223.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.5223.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.5223.1001 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20242 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7219 - Realtek Semiconductor Corp.)
Start Menu (HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\...\Pokki_Start_Menu) (Version: 0.269.7.783 - Pokki) <==== ATTENTION
Start Menu (HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\...\Pokki_Start_Menu) (Version: 0.269.7.768 - Pokki) <==== ATTENTION
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:- Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Packages:
=========
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-07] (Microsoft Corporation)
HP Connected Drive -> C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_4.4.32.190_x64__v10z8vjag6ke6 [2016-01-05] (HP Inc.)
HP Connected Music -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedMusic_1.5.0.253_x86__v10z8vjag6ke6 [2021-11-28] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2021-11-28] (Hewlett-Packard Company)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-07-31] (Microsoft Corporation)
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2015-02-05] (CYBERLINKCOM CORP)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3201314961-3527641614-1078109346-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-02-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-02-21] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>-> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2010-11-18 22:08 - 2010-11-18 22:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-11-08 12:22 - 2013-11-08 12:22 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2013-11-08 12:22 - 2013-11-08 12:22 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [450]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {3A6DF154-3E9A-4258-A6FE-AFE2C2590326} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKLM-x32 -> {3A6DF154-3E9A-4258-A6FE-AFE2C2590326} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3201314961-3527641614-1078109346-1001 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://go.speedbit.com/search.aspx?s=G9Jb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3201314961-3527641614-1078109346-1001 -> {3A6DF154-3E9A-4258-A6FE-AFE2C2590326} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3201314961-3527641614-1078109346-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://go.speedbit.com/search.aspx?s=G9Jb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3201314961-3527641614-1078109346-1004 -> {3A6DF154-3E9A-4258-A6FE-AFE2C2590326} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2021-11-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2021-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\root\Office15\MSOSB.DLL [2021-11-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2021-11-13] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2020-11-01 12:02 - 000000912 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Neil\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
HKU\S-1-5-21-3201314961-3527641614-1078109346-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Intel® Technology Access Filter Driver -> nt_ndisrd (enabled)
Wi-Fi: Intel® Technology Access Filter Driver -> nt_ndisrd (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "InstallHelper"
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3201314961-3527641614-1078109346-1001\...\StartupApproved\Run: => "SpeedBitVideoAccelerator"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Block) C:\WINDOWS\system32\proximityuxhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D1B50750-EC27-414B-B695-C030CCD0E90B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{031CDE93-DF4D-4117-9E84-21E918679EF7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [UDP Query User{AB9553B9-AF72-4B92-B859-DC6D00BD688A}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe => No File
FirewallRules: [TCP Query User{DDF5B01E-7428-40A1-A26F-7F6C1DFC3414}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe => No File
FirewallRules: [{5FBBE4FE-D90A-4AC2-B1CE-64F0C957F1B8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File
FirewallRules: [{F7A399D0-4981-45A8-B72A-8C69AD8C9E38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{39AC4151-31A1-4D68-82B9-236B00AFDBEF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C286A2F-741B-41E1-A428-351836056EC7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F16D8875-BD4F-4EB5-A0A4-2509D61BE8AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{D159BE8B-032E-4CC4-BAF6-50D366D658C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{922CDA4F-E6F5-4C1A-BC7D-989B7F106E77}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [UDP Query User{7D28463E-DA3E-4CE6-8627-757076BE3D5E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1E6FAA29-6A43-4892-9555-5992B9352F67}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F477D0FC-D574-4148-8867-C6B13F42D7A7}] => (Allow) C:\Users\Neil\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe => No File
FirewallRules: [{BF936469-C198-4544-8613-F3372988543E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{04E3D7AF-45EF-4AE5-943A-F0EBDCA14CCB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BBDC347A-03A1-4CDF-A204-45B905FCFBBA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{265540E0-43E7-4616-8D97-6B6C9FF714A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{A8A0106D-8045-4BD9-AE1F-CD32BA60CDF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{0DE5D967-01D2-4CEA-A89C-A504BEFDCBEB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{4768A59F-6A16-43D6-8393-5ACA306D98B2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{A94AFACC-538E-4721-8354-AA15BFCCB8DC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{83B346DA-10FA-44E9-89CE-FDF00E8F1A1F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{B38274D3-1A4B-42F1-AA61-9C859CAC5041}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5D0384BD-7B3B-4FB8-80BE-D620B2227DF3}] => (Allow) C:\Users\Neil\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D3E5B49B-3B7D-490C-817C-0E71C4FDA7D3}] => (Allow) C:\Users\Neil\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{D9633FFE-6D45-4F50-A6EA-5DC397E87BDF}] => (Allow) C:\Users\Neil\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{1DDFB748-179D-4285-99BF-5D9CFC8931EA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EDE4AE39-078B-439E-B5EE-BF1A3555E17A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C9846FF-5F7E-4DB8-8E67-68AFC7347E7D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{193D7695-209A-40A2-A02F-EC346E714837}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{62AA3F57-10D9-491B-9D0D-6F11B6C2FA72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{EC9CCFEA-24C6-4523-96E6-81465DD2C4BF}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{64ADB7F3-7CEE-4037-BA2B-40C227B22E59}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
==================== Restore Points =========================
04-12-2021 21:09:15 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/05/2021 09:42:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OneDrive.exe version 21.230.1107.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 89c4
Start Time: 01d7ea492969f864
Termination Time: 4294967295
Application Path: C:\Users\Neil\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Report Id: 93e97094-8097-41e0-8963-0e0aa3a3af95
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (12/05/2021 07:28:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wwahost.exe, version: 10.0.19041.789, time stamp: 0x185b68f7
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1348, time stamp: 0x9166324b
Exception code: 0x40010004
Fault offset: 0x0012b502
Faulting process id: 0x2758
Faulting application start time: 0x01d7ea409890ebf2
Faulting application path: C:\WINDOWS\SysWOW64\wwahost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 26ccb84b-ce34-46fc-8794-05f671c42987
Faulting package full name: CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg
Faulting package-relative application ID: App
Error: (12/05/2021 07:05:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (12/05/2021 07:05:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (12/05/2021 04:41:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (12/05/2021 04:41:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (12/04/2021 09:33:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (12/04/2021 09:33:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
System errors:
=============
Error: (12/06/2021 07:53:35 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Windows.
The Master File Table (MFT) contains a corrupted file record.The file reference number is 0xd0000000011ad.The name of the file is "".
Error: (12/06/2021 07:42:49 PM) (Source: DCOM) (EventID: 10001) (User: NEILSPC)
Description: Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp as Unavailable/Unavailable. The error:
"2147942667"
Happened while starting this command:
"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
Error: (12/06/2021 07:42:26 PM) (Source: DCOM) (EventID: 10001) (User: NEILSPC)
Description: Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp as Unavailable/Unavailable. The error:
"2147942667"
Happened while starting this command:
"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
Error: (12/06/2021 07:33:34 PM) (Source: DCOM) (EventID: 10001) (User: NEILSPC)
Description: Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp as Unavailable/Unavailable. The error:
"2147942667"
Happened while starting this command:
"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
Error: (12/06/2021 06:57:08 PM) (Source: DCOM) (EventID: 10010) (User: NEILSPC)
Description: The server {88E526C9-718C-410A-981C-7EF7806971E3} did not register with DCOM within the required timeout.
Error: (12/06/2021 06:56:51 PM) (Source: DCOM) (EventID: 10001) (User: NEILSPC)
Description: Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp as Unavailable/Unavailable. The error:
"2147942667"
Happened while starting this command:
"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
Error: (12/06/2021 06:55:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (12/06/2021 06:55:08 PM) (Source: DCOM) (EventID: 10010) (User: NEILSPC)
Description: The server {284CACFE-B6F2-461A-90C3-A7ACC8353816} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2021-12-05 19:11:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-04 20:37:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-03 20:10:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-03 19:25:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-02 21:15:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2021-11-26 22:18:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.353.1644.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18700.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===============
Date: 2020-10-31 13:45:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Citrix\ICA Client\epclient64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.07 07/11/2014
Motherboard: Hewlett-Packard 22D6
Processor: Intel® Core i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 60%
Total physical RAM: 8122.15 MB
Available physical RAM: 3179.04 MB
Total Virtual: 10682.15 MB
Available Virtual: 4845.67 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:670.19 GB) (Free:291.36 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.46 GB) (Free:2.65 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{12d4b6d4-7b9a-4a6a-b617-b95e81e21ab9}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.39 GB) NTFS
\\?\Volume{e9de344e-a305-47cb-b401-0f78e87f8b0e}\ () (Fixed) (Total:0.97 GB) (Free:0.36 GB) NTFS
\\?\Volume{4d35e0a3-b480-4ea6-8aa8-1af4ae81ebb1}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 6DA8418D)
Partition: GPT.
==================== End of Addition.txt =======================