Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Disk, CPU and Memory 100% and PC fan turning non stop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Disk, CPU and Memory 100% and PC fan turning non stop

Unread postby tom226 » June 1st, 2021, 1:29 pm

Hello,

I think I'm infected by something
My CPU and Memory are practically 100% even when I'm not running specific applications

Plus, my PC has become very low, as if many other background actions where occurring

Would you help me with that ?

For instance, the FRST took more than an hour to complete

FRST Log
Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2021 01
Ran by amanda (administrator) on DESKTOP-DUJU8T3 (HP HP ENVY x360 Convertible 15m-bp1xx) (01-06-2021 16:26:03)
Running from C:\Users\amanda\Downloads
Loaded Profiles: amanda
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19>
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\amanda\Desktop\Tools\Sysinternals\procexp64.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\amanda\Desktop\Tools\Sysinternals\Procmon64.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.3.231\IsAppService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2018-12-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [115688 2017-09-18] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {87bdc0f5-68c4-11eb-99ec-7c7635c56c73} - "F:\windows\AutoRun.exe" 
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {894bb7e4-95e6-11eb-99f5-7c7635c56c73} - "E:\windows\AutoRun.exe" 
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {fbafe2f8-25e4-11eb-99c9-7c7635c56c73} - "E:\windows\AutoRun.exe" 
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {fbafe311-25e4-11eb-99c9-7c7635c56c73} - "E:\windows\AutoRun.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C5F1F5-4142-421E-A7B3-E208D1B9E8FA} - System32\Tasks\Microsoft\Windows\Setup\PrivacyNotifier => C:\WINDOWS\system32\PrivacyNotifier.exe
Task: {1841583D-4233-4EF0-A4E4-71B56F96D1A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {21039CAD-EE84-4CE1-BF16-1A74552F79A4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-25] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {30D3CF71-6EFB-465B-A1D8-78792E30415C} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-05-12] (HP Inc. -> )
Task: {38E5503A-9FE0-4FD7-8BB1-793AD0480DAD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B3892B7-4F4A-4C7D-A19F-8E7220263F15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [208744 2017-04-07] (HP Inc. -> HP Inc.)
Task: {4E613874-874D-4CDF-94F6-2332603449E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {58A80E80-B46C-4A77-B44D-0C289996A05C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {6559DE2D-A2F9-4647-9F98-7F7559A272E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-24] (Google Inc -> Google Inc.)
Task: {66DB7331-9B82-4539-BA67-1F8298624B10} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A7BBE75-1CD8-4CD4-9EA2-0914E5474B1C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-04-07] (HP Inc. -> HP Inc.)
Task: {6E02594C-0FC3-41BE-B773-D8A551A7D85B} - System32\Tasks\HPCeeScheduleForamanda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-25] (Hewlett-Packard Company -> HP Inc.)
Task: {7CA5A461-B150-4B79-9B2D-6F1757757C03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1487392 2017-04-07] (HP Inc. -> HP Inc.)
Task: {7E9FD0D2-F249-4891-933D-013F40514314} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {95B3C0BF-8C9E-4A6C-B060-E77C5187F304} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D9E8292-D54F-4A8B-925F-6B0457B9A0C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A2DEF01E-61D2-442C-893B-3EE1D3F29328} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [107368 2017-04-07] (HP Inc. -> HP Inc.)
Task: {AD93A8F7-E8B2-4A57-AA10-3844D850C1CB} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1362464 2017-03-13] (HP Inc. -> HP Development Company, L.P.)
Task: {B7798301-FE59-4DEF-963C-85B8E19FB1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1080168 2017-04-07] (HP Inc. -> HP Inc.)
Task: {BFAC2FF0-5AC5-4547-AEBB-0E7639675911} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF3A29C0-A229-4E33-88ED-7BCEC18BD349} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {D413FBD5-CD21-457F-8BCF-153A15B81D2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1487392 2017-04-07] (HP Inc. -> HP Inc.)
Task: {E534D594-8FC2-4F68-BCD1-BE5FFBAA39BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-24] (Google Inc -> Google Inc.)
Task: {E7A3C924-2AD4-4D3F-836A-83468D592F80} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {F5CE9983-71E5-4995-973D-5D91BDD652AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FB9C8DB3-B6A3-459D-9693-09DFC1A0B228} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [625512 2017-04-07] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForamanda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{209d7f72-3d21-4412-a831-f733df3b6858}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{39d23834-0e04-449b-931e-11dc273c8221}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3f5ae139-8908-4d46-b65d-05106d971753}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{4358848b-ec2e-4cb3-8547-c23e053eaf3e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{660894bf-d52e-4a33-b951-e7489abe5473}: [DhcpNameServer] 20.0.1.5 20.0.1.7
Tcpip\..\Interfaces\{94e8bc4c-673b-4a4d-82ac-d95b79a32acd}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{a677f67a-fccb-4c84-930d-eec7dcb9aa54}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{d6380c9e-6771-461b-8c2e-c58addc3fe16}: [DhcpNameServer] 192.168.42.129

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\amanda\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-01]

FireFox:
========
FF DefaultProfile: qa44ej6m.default
FF ProfilePath: C:\Users\amanda\AppData\Roaming\Mozilla\Firefox\Profiles\qa44ej6m.default [2019-08-07]
FF ProfilePath: C:\Users\amanda\AppData\Roaming\Mozilla\Firefox\Profiles\fvbk2o0p.default-release-1575316955092 [2021-05-26]
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default [2021-06-01]
CHR Extension: (Slides) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-24]
CHR Extension: (Docs) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-24]
CHR Extension: (Google Drive) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-21]
CHR Extension: (Sheets) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-14]
CHR Extension: (Wappalyzer) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2021-05-14]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-23]
CHR Extension: (Email Tracker for Gmail - Mailtrack) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2021-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Proxy Switcher and Manager) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\onnfghpihccifgojkpnnncpagjcdbjod [2021-02-12]
CHR Extension: (Gmail) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-25]
CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-02-14]
CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-13]
CHR HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 alfrescoPostgreSQL; C:\alfresco-community\postgresql\bin\pg_ctl.exe [93696 2017-05-09] (PostgreSQL Global Development Group) [File not signed]
S3 alfrescoTomcat; C:\alfresco-community\tomcat\bin\tomcat7.exe [109696 2017-05-10] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1325352 2017-05-15] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-29] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppService.exe [493320 2017-10-19] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
S4 MongoDB; C:\Program Files\MongoDB\Server\4.2\bin\mongod.exe [35843072 2020-01-24] (MongoDB, Inc) [File not signed]
S4 OracleDBConsoleorcl; C:\app\amanda\product\11.2.0\dbhome_1\bin\nmesrvc.exe [49152 2010-03-02] (Oracle Corporation) [File not signed]
S4 OracleJobSchedulerORCL; c:\app\amanda\product\11.2.0\dbhome_1\Bin\extjob.exe [49152 2010-04-02] () [File not signed]
S4 OracleMTSRecoveryService; C:\app\amanda\product\11.2.0\dbhome_1\bin\omtsreco.exe [69632 2010-04-01] (Oracle Corporation) [File not signed]
S4 OracleOraDb11g_home1ClrAgent; C:\app\amanda\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [38400 2010-02-28] (Oracle Corporation) [File not signed]
S4 OracleOraDb11g_home1TNSListener; C:\app\amanda\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe [512000 2010-03-31] (Oracle Corporation) [File not signed]
S4 OracleServiceORCL; c:\app\amanda\product\11.2.0\dbhome_1\bin\ORACLE.EXE [106487808 2010-04-02] (Oracle Corporation) [File not signed]
S4 OracleVssWriterORCL; c:\app\amanda\product\11.2.0\dbhome_1\bin\OraVSSW.exe [159744 2010-04-02] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11791704 2019-03-18] (TeamViewer GmbH -> TeamViewer GmbH)
R3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [744968 2020-05-14] (Oracle Corporation -> Oracle Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14344168 2017-09-18] (VMware, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69016 2019-03-04] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
R3 MpKsl3eb6b668; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC31D1D3-60CF-4AB3-8B37-E1D373A684CD}\MpKslDrv.sys [107744 2021-06-01] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
R1 npf; C:\WINDOWS\system32\DRIVERS\npf.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npf_wifi; C:\WINDOWS\system32\DRIVERS\npf.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [58160 2019-04-01] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [237824 2020-05-14] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247224 2020-05-14] (Oracle Corporation -> Oracle Corporation)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2017-09-18] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 zghsser; C:\WINDOWS\system32\DRIVERS\zghsser.sys [133960 2014-03-17] (ZTE CORPORATION -> ZTE Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-01 16:26 - 2021-06-01 16:34 - 000026533 _____ C:\Users\amanda\Downloads\FRST.txt
2021-06-01 16:25 - 2021-06-01 16:33 - 000000000 ____D C:\FRST
2021-06-01 16:24 - 2021-06-01 16:24 - 002299904 _____ (Farbar) C:\Users\amanda\Downloads\FRST64.exe
2021-06-01 16:12 - 2021-06-01 16:12 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2021-06-01 12:11 - 2021-06-01 12:11 - 000000000 ____D C:\Program Files\Common Files\Oracle
2021-06-01 10:38 - 2021-06-01 12:00 - 159718040 _____ (Oracle Corporation) C:\Users\amanda\Downloads\jdk-11.0.10_windows-x64_bin.exe
2021-06-01 05:36 - 2021-06-01 06:24 - 293052764 _____ C:\Users\amanda\Downloads\all-2.0.tar.gz
2021-06-01 04:25 - 2021-06-01 04:25 - 000000000 ____D C:\Users\amanda\AppData\Local\JxBrowser
2021-05-31 20:29 - 2021-05-31 20:48 - 000000000 ____D C:\Users\amanda\Downloads\[FTUApps.com] - Burp Suite Professional Edition v2.0.11 Full + All Addons + Keygen
2021-05-30 19:30 - 2021-05-30 19:30 - 000046916 _____ C:\Users\amanda\Downloads\Secure_Code_Checklist_Software_Secured.xlsx
2021-05-30 19:30 - 2021-05-30 19:30 - 000000109 ____H C:\Users\amanda\Downloads\.~lock.Secure_Code_Checklist_Software_Secured.xlsx#
2021-05-30 13:27 - 2021-05-30 13:35 - 000000000 ____D C:\Users\amanda\Downloads\Wrath.of.Man.2021.720p.WEBRip.800MB.x264-GalaxyRG[TGx]
2021-05-30 01:52 - 2021-05-30 02:05 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForamanda.job
2021-05-30 01:52 - 2021-05-30 01:52 - 000003256 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForamanda
2021-05-29 18:51 - 2019-03-04 17:27 - 000069016 _____ (www.winchiphead.com) C:\WINDOWS\system32\Drivers\CH341S64.SYS
2021-05-27 22:32 - 2021-05-27 22:34 - 014130667 _____ C:\Users\amanda\Downloads\Rapport annuel d'Orange CyberDefense sur la sécurité.pdf
2021-05-27 22:21 - 2021-05-27 22:21 - 000168186 _____ C:\Users\amanda\Downloads\API-Security-Checklist-Ver1.6.xlsx
2021-05-18 22:06 - 2021-05-18 22:06 - 000390329 _____ C:\Users\amanda\Downloads\Photo de Patrick AUGOU.pdf
2021-05-15 07:40 - 2021-05-15 07:40 - 001977211 _____ C:\Users\amanda\Downloads\ukemi2.mp4
2021-05-15 07:32 - 2021-05-15 07:32 - 002215032 _____ C:\Users\amanda\Downloads\ukemi1.mp4
2021-05-13 21:44 - 2021-05-13 21:44 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-13 21:43 - 2021-05-13 21:43 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-13 21:43 - 2021-05-13 21:43 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-13 21:43 - 2021-05-13 21:43 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-13 21:43 - 2021-05-13 21:43 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-13 21:43 - 2021-05-13 21:43 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2021-05-13 21:43 - 2021-05-13 21:43 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-13 21:42 - 2021-05-13 21:42 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-13 21:42 - 2021-05-13 21:42 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-13 21:42 - 2021-05-13 21:42 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-13 21:42 - 2021-05-13 21:42 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-13 21:41 - 2021-05-13 21:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-13 21:41 - 2021-05-13 21:41 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-13 17:47 - 2021-05-13 17:47 - 000000052 _____ C:\Users\amanda\Downloads\credentials-41e5bc-2021-May-13--17_47_23.csv
2021-05-12 19:37 - 2021-05-12 19:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-05-11 15:48 - 2021-05-30 13:26 - 000000000 ____D C:\Users\amanda\AppData\LocalLow\uTorrent
2021-05-11 15:32 - 2021-05-11 15:34 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E17.WEB.x264-PHOENiX[TGx]
2021-05-10 21:17 - 2021-05-10 21:19 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E16.720p.HDTV.x265-MiNX[TGx]
2021-05-10 21:16 - 2021-05-10 21:21 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E15.WEB.x264-PHOENiX[TGx]
2021-05-09 20:20 - 2021-05-09 20:46 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E14.HDTV.x264-PHOENiX[TGx]
2021-05-09 20:20 - 2021-05-09 20:40 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E13.HDTV.x264-PHOENiX[TGx]
2021-05-09 14:52 - 2021-05-09 14:56 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E12.WEB.x264-PHOENiX[TGx]
2021-05-07 21:41 - 2021-05-07 21:47 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E10.HDTV.x264-PHOENiX[TGx]
2021-05-07 21:41 - 2021-05-07 21:43 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E11.HDTV.x264-PHOENiX[TGx]
2021-05-06 20:58 - 2021-05-06 21:10 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E09.720p.HDTV.x265-MiNX[TGx]
2021-05-06 14:22 - 2021-05-06 14:23 - 005445274 _____ C:\Users\amanda\Downloads\marmion-jean-francois-psychologie-de-la-connerie.epub
2021-05-05 21:44 - 2021-05-05 22:25 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E08.720p.HDTV.x265-MiNX[TGx]
2021-05-05 21:07 - 2021-05-05 21:11 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E07.720p.HDTV.x265-MiNX[TGx]
2021-05-05 20:20 - 2021-05-05 20:20 - 000021651 _____ C:\Users\amanda\Downloads\Transactions_SCASO_5-4-2021_20-20-40.xlsx
2021-05-05 17:47 - 2021-05-05 17:47 - 000036780 _____ C:\Users\amanda\Downloads\DataTables example - PDF - image.pdf
2021-05-05 10:23 - 2021-05-05 12:59 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E06.720p.HDTV.x265-MiNX[TGx]
2021-05-04 22:15 - 2021-05-04 22:15 - 000000000 ____D C:\Users\amanda\Downloads\Young.Sheldon.S04E05.720p.HDTV.x264-SYNCOPY
2021-05-03 13:02 - 2021-05-03 13:02 - 008953806 _____ C:\Users\amanda\Downloads\DZIRE.pdf
2021-05-02 18:51 - 2021-04-24 12:30 - 005596047 _____ C:\Users\amanda\Desktop\Dune T1.epub
2021-05-02 18:09 - 2021-05-02 18:11 - 005596273 _____ C:\Users\amanda\Downloads\D-T-e-16192602190943203.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-01 16:31 - 2020-05-17 11:36 - 000000000 ____D C:\Users\amanda\.VirtualBox
2021-06-01 16:30 - 2020-05-17 11:36 - 000000000 ____D C:\ProgramData\VirtualBox
2021-06-01 16:22 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-01 16:13 - 2020-10-17 01:38 - 000946252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-01 16:13 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-01 16:08 - 2019-03-23 15:27 - 000000000 __SHD C:\Users\amanda\IntelGraphicsProfiles
2021-06-01 16:07 - 2020-10-17 01:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-01 16:07 - 2020-10-17 01:19 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-01 16:07 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-01 16:07 - 2019-03-29 09:31 - 000000000 ____D C:\ProgramData\VMware
2021-06-01 16:07 - 2019-03-24 23:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-01 16:06 - 2020-10-17 01:26 - 000000000 ____D C:\Users\amanda
2021-06-01 16:06 - 2019-12-07 09:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-06-01 15:30 - 2020-10-17 01:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-01 12:14 - 2019-07-12 21:12 - 000000000 ____D C:\Users\amanda\AppData\Roaming\BurpSuite
2021-06-01 12:11 - 2019-03-25 13:59 - 000192656 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-06-01 12:11 - 2019-03-25 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-06-01 12:11 - 2019-03-25 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-06-01 12:11 - 2019-03-25 13:56 - 000000000 ____D C:\Program Files\Java
2021-06-01 10:13 - 2019-03-26 18:53 - 000000000 ____D C:\Users\amanda\AppData\Roaming\uTorrent
2021-05-31 18:37 - 2020-05-17 11:36 - 000000000 ____D C:\Users\amanda\VirtualBox VMs
2021-05-31 15:15 - 2020-10-17 01:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2874402850-4125491413-1335039919-1001
2021-05-31 15:15 - 2020-10-17 01:26 - 000002374 _____ C:\Users\amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-31 15:15 - 2019-03-23 15:30 - 000000000 ___RD C:\Users\amanda\OneDrive
2021-05-30 16:06 - 2020-02-18 23:18 - 000000000 ____D C:\Users\amanda\AppData\Roaming\vlc
2021-05-30 13:27 - 2019-03-27 21:58 - 000000000 ____D C:\Users\amanda\AppData\Local\BitTorrentHelper
2021-05-30 12:40 - 2019-03-29 22:44 - 000000000 ____D C:\Users\amanda\Documents\Virtual Machines
2021-05-29 21:51 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-29 21:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-29 19:27 - 2019-11-24 16:19 - 000000000 ____D C:\Users\amanda\AppData\Roaming\npm-cache
2021-05-29 18:44 - 2019-04-02 17:51 - 000000000 ____D C:\Users\amanda\Desktop\Tools
2021-05-29 01:25 - 2019-03-31 11:20 - 000000000 ____D C:\Users\amanda\Desktop\Tech Readings
2021-05-28 22:36 - 2017-07-10 10:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-28 21:36 - 2020-06-07 23:51 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-28 21:36 - 2020-06-07 23:51 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-28 21:36 - 2020-06-07 23:51 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-26 21:59 - 2021-02-14 19:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-26 21:59 - 2019-08-07 08:44 - 000000000 ____D C:\Users\amanda\AppData\LocalLow\Mozilla
2021-05-26 21:59 - 2019-08-07 08:44 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-24 16:45 - 2020-06-05 20:34 - 000000000 ____D C:\Users\amanda\Downloads\Silicon.Valley.S02.720p.BRRip.MkvCage
2021-05-21 16:13 - 2019-03-29 22:43 - 000000000 ____D C:\Users\amanda\AppData\Roaming\VMware
2021-05-21 16:13 - 2019-03-29 22:43 - 000000000 ____D C:\Users\amanda\AppData\Local\VMware
2021-05-14 12:18 - 2019-03-27 00:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-14 00:08 - 2020-11-11 04:40 - 000000000 ____D C:\Users\amanda\AppData\Local\Notepad
2021-05-14 00:07 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-14 00:02 - 2020-10-17 01:19 - 000631488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-14 00:01 - 2019-12-02 20:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-14 00:00 - 2019-12-07 09:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-13 21:52 - 2019-12-07 09:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-13 21:52 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-13 21:04 - 2019-03-23 20:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-13 21:00 - 2019-03-23 19:59 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-12 20:04 - 2019-03-24 00:35 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-12 20:04 - 2019-03-24 00:35 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-12 20:04 - 2019-03-24 00:35 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-12 19:37 - 2019-12-02 20:02 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-11 20:51 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Roaming\Postman
2021-05-09 20:40 - 2019-11-24 16:17 - 000000000 ____D C:\Users\amanda\AppData\Roaming\npm
2021-05-09 20:39 - 2019-06-10 19:21 - 000002178 _____ C:\Users\amanda\Desktop\Postman.lnk
2021-05-09 20:39 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2021-05-08 10:40 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-06 18:08 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Local\Postman
2021-05-06 16:45 - 2020-07-25 08:51 - 000000000 ____D C:\Users\amanda\Documents\WebApplicationsProjects
2021-05-05 19:47 - 2019-05-12 19:23 - 000000000 ____D C:\Users\amanda\Desktop\What did you dou

==================== Files in the root of some directories ========

2019-04-01 18:43 - 2021-01-22 19:22 - 000002278 _____ () C:\Users\amanda\AppData\Roaming\jd-gui.cfg
2020-12-31 22:37 - 2020-12-31 22:37 - 000000128 _____ () C:\Users\amanda\AppData\Roaming\PUTTY.RND
2019-10-17 19:20 - 2021-04-05 16:31 - 000000600 _____ () C:\Users\amanda\AppData\Local\PUTTY.RND
2020-11-21 15:15 - 2020-11-21 15:15 - 000007603 _____ () C:\Users\amanda\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Addition log
Code: Select all
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01
Ran by amanda (01-06-2021 16:38:18)
Running from C:\Users\amanda\Downloads
Windows 10 Home Version 20H2 19042.985 (X64) (2020-10-17 01:55:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2874402850-4125491413-1335039919-500 - Administrator - Disabled)
amy (S-1-5-21-2874402850-4125491413-1335039919-1003 - Administrator - Enabled) => C:\Users\amy
amanda (S-1-5-21-2874402850-4125491413-1335039919-1001 - Administrator - Enabled) => C:\Users\amanda
DefaultAccount (S-1-5-21-2874402850-4125491413-1335039919-503 - Limited - Disabled)
Guest (S-1-5-21-2874402850-4125491413-1335039919-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2874402850-4125491413-1335039919-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\uTorrent) (Version: 3.5.5.46010 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Alfresco Community (HKLM-x32\...\Alfresco Community 201707) (Version: 201707 - Alfresco Software, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 3.3 - Google LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
FileZilla Client 3.51.0 (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\FileZilla Client) (Version: 3.51.0 - Tim Kosse)
Git version 2.24.0.2 (HKLM\...\Git_is1) (Version: 2.24.0.2 - The Git Development Community)
GlassFish Server Open Source Edition 4.1.1 (HKLM\...\nbi-glassfish-mod-4.1.1.0.1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{AC154691-D9B6-4CD9-BB9B-ACDAF61367E5}) (Version: 2.22.1 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP IR Camera driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.20005 - Realtek Semiconductor Corp.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{6A139049-EBB9-4076-8664-B468888E55A3}) (Version: 1.3.392.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.4.14.41 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.6.14.19 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.0.4 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4691 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1713.2 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{98970ddc-844d-4ec3-b93e-52f5f693b305}) (Version: 3.10.100.3429 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{9315B8DE-B183-4126-A69E-150B8ABF3690}) (Version: 3.10.100.3429 - Intel Corporation) Hidden
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Java SE Development Kit 8 Update 202 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180202}) (Version: 8.0.2020.8 - Oracle Corporation)
Java(TM) SE Development Kit 11.0.10 (64-bit) (HKLM\...\{13D682BE-97A8-527B-A941-9953144DD3CF}) (Version: 11.0.10.0 - Oracle Corporation)
JetBrains PyCharm Community Edition 2019.3 (HKLM-x32\...\PyCharm Community Edition 2019.3) (Version: 193.5233.109 - JetBrains s.r.o.)
LibreOffice 6.3.6.2 (HKLM\...\{6664E413-D143-48B3-823F-50084561A0B6}) (Version: 6.3.6.2 - The Document Foundation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14026.20246 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.37 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.37 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
MongoDB 4.2.3 2008R2Plus SSL (64 bit) (HKLM\...\{CD1DAD1D-017C-4407-8BA1-FA15312A94F6}) (Version: 4.2.3 - MongoDB Inc.)
Mozilla Firefox 85.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 85.0.2 (x64 fr)) (Version: 85.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Node.js (HKLM\...\{41408FBE-699A-4989-83CA-AB035EECA740}) (Version: 12.13.1 - Node.js Foundation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 6.1.8 (HKLM\...\{8EC316C6-82C4-431F-A4DE-4082717C96D5}) (Version: 6.1.8 - Oracle Corporation)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Postman-win64-7.36.5 (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\Postman) (Version: 7.36.5 - Postman)
PuTTY release 0.70 (HKLM-x32\...\{0B06C05B-0069-4FE8-AC19-AAF6678FD0A8}) (Version: 0.70.0.0 - Simon Tatham)
Python 2.7.18 (64-bit) (HKLM\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}) (Version: 2.7.18150 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
stunnel installed for CurrentUser (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\stunnel) (Version: 5.56 - Michal Trojnara)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.2558 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
USBPcap 1.3.0.0 (HKLM\...\USBPcap) (Version: 1.3.0.0 - Tomasz Mon)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-2) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-3) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-4) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wireshark 3.0.2 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.16-0 - Bitnami)
Zoom (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.5.37.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2030.2.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.194.600.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-16] (Dropbox Inc.)
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2021.2.6.0_x64__t5j2fzbtdg37r [2021-05-09] (DTS, Inc.)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.41.4105.0_x86__ytsefhwckbdv6 [2021-05-27] (G5 Entertainment AB)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.3.407.0_x86__v10z8vjag6ke6 [2018-07-25] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-28] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.1.0_x64__nfy108tqq3p12 [2021-02-21] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-03-24] (Plex)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-04-10] (Random Salad Games LLC)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-14] (Synaptics Incorporated)
VitalSource Bookshelf -> C:\Program Files\WindowsApps\VitalSourceTechnologiesIn.VitalSourceBookshelf_9.4.29.0_x64__wasrd15zsyawm [2021-04-22] (VitalSource Technologies Inc)
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2104.13002.0_neutral__8wekyb3d8bbwe [2021-04-30] (Microsoft Corporation)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-02] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-09-18] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-09-18] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxDTCM.dll [2018-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\amanda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2021-05-14 11:27 - 2021-05-14 11:27 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\47a36903a1a777d73c6cf86a9f4237a0\BRIDGECommon.ni.dll
2021-05-14 11:28 - 2021-05-14 11:28 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\63fcf67359e5d44aefab4053d0597bff\BridgeExtension.ni.dll
2021-04-21 21:30 - 2021-04-21 21:30 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\9a41d13cb3c4b4bbfe17e619dbf622b7\CleanStartController.ni.dll
2021-04-21 21:31 - 2021-04-21 21:31 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\f7bd748a9acba01efc64a02cf57764ac\Interop.IWshRuntimeLibrary.ni.dll
2021-04-21 21:31 - 2021-04-21 21:31 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\75fa5cc812ec0f5b2a71b1a84ecede1e\Hardcodet.Wpf.TaskbarNotification.ni.dll
2021-04-21 21:29 - 2021-04-21 21:29 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\e0ddaca1c914a570bda42a32759499ff\CommonPortable.ni.dll
2019-10-16 05:25 - 2017-10-19 08:30 - 000087552 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppCollect.dll
2019-10-16 05:25 - 2017-10-19 08:30 - 000199680 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppCommon.dll
2021-04-21 21:31 - 2021-04-21 21:31 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\152aaa9139cbd7f3bda75a3181ead06d\NAudio.ni.dll
2020-04-18 23:27 - 2020-04-18 23:27 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-18 23:27 - 2020-04-18 23:27 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2019-10-16 05:25 - 2015-02-27 09:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\Newtonsoft.Json.dll
2021-04-21 21:28 - 2021-04-21 21:28 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\99089c473f5717536af38422552f15b2\Newtonsoft.Json.ni.dll
2021-04-21 21:31 - 2021-04-21 21:31 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\1a337ece96259812fb823e64a5cfd5ea\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 21:03 - 2021-04-10 13:42 - 000001304 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1		youtube.com
127.0.0.1		dvwa
192.168.1.120 host.docker.internal
192.168.1.120 gateway.docker.internal
127.0.0.1 eburnex.local
127.0.0.1 wso2is.local
127.0.0.1 auth.autoussd.local 
127.0.0.1 keycloack.local

2020-06-15 22:18 - 2020-06-15 22:23 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\app\amanda\product\11.2.0\dbhome_1\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%MAVEN_HOME%\bin;%JAVA_HOME%\bin;%GLASSFISH_HOME%\bin;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\PuTTY\;C:\Program Files\nodejs\;C:\Program Files\Git\cmd;C:\Program Files\MongoDB\Server\4.2\bin;c:\Python27;c:\Python27\Scripts;
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 8: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 8: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Ethernet 8: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Ethernet 8: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Ethernet 8: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 7: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 7: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 7: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Ethernet 7: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Ethernet 7: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 7: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Npcap Loopback Adapter: VMware Bridge Protocol -> vmware_bridge (enabled) 
Npcap Loopback Adapter: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Npcap Loopback Adapter: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Npcap Loopback Adapter: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Ethernet 9: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 9: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 9: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 9: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Ethernet 9: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Ethernet 9: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) 
Wi-Fi: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
VirtualBox Host-Only Network #3: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network #3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VirtualBox Host-Only Network #3: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
VirtualBox Host-Only Network #3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network #3: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
VirtualBox Host-Only Network #3: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MongoDB => 2
MSCONFIG\Services: MSK80Service => 3
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\StartupApproved\Run: => "Docker Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C29774DA-8043-42B7-8432-703E416BD8A2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1C485379-733C-4B85-AF77-1B1EFCEB0CB2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{54F5A891-D4EF-43D1-BBCF-9A27A0AD185A}C:\users\amanda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\amanda\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{89845F83-37E2-4F4A-90A0-55DA53DF864F}C:\users\amanda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\amanda\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{0F67C3DE-7C3C-4C92-B55F-C95EFAC53738}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{5FC184F3-FD77-4296-A1AE-D6E2034CDB86}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E78A6A55-C5E2-460D-908F-803CF845DC3D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{E5C65A78-7359-4BFF-A5AB-87857A2A2E5A}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{D0D4B000-B2E9-40DA-B20B-D0DAB6951FC3}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.)
FirewallRules: [UDP Query User{EF62C313-627E-41D1-83F6-763F5F2B3525}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.)
FirewallRules: [TCP Query User{B6B6C4AF-5E94-4C2C-ACE2-4E401E47F56C}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
FirewallRules: [UDP Query User{38AE87A6-1805-4D86-8DF0-928700C8A82F}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
FirewallRules: [{A70FF00F-9E87-41B6-8580-CA14B7580B9F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8B081A12-DA03-4CFD-A057-7656319243DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4664509E-E2E3-45DA-9C95-9DBF9D7EFD5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{541533EA-DD19-43A4-A8D1-741A0627BD80}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{A958B825-0F8E-4DDF-9FC3-397021B43E89}C:\users\amanda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\amanda\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{DDE22F23-4B59-4B66-B2FA-D4F4B724D83C}C:\users\amanda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\amanda\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0F673CF8-9E75-4A98-ABBF-F903CC09F3DC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5F011103-A194-4C81-9738-1AA5C1210793}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{F7E9455F-9F70-465B-BB18-4911D4E19FF0}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> )
FirewallRules: [UDP Query User{44FBAD82-2999-4E70-8728-58F61631275E}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> )
FirewallRules: [TCP Query User{63757D53-6E46-482A-959C-4D2ED5AB3DC9}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe
FirewallRules: [UDP Query User{6353F9CD-2081-4454-A2A3-5D9BDE0A0F2C}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C6F7EB63-45A3-4924-919D-9DCF2CD8D7DF}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe
FirewallRules: [UDP Query User{66D8DC2D-1726-496B-8180-9D8A25BA727F}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe
FirewallRules: [TCP Query User{1459DF43-42B7-4D7A-81A6-251A406BBB77}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> )
FirewallRules: [UDP Query User{25EAFEA3-9853-48FA-BCA1-3F3685EE65E4}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> )
FirewallRules: [TCP Query User{4E214C8B-3E42-4827-822E-AD9A6F7AA1C1}C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{2102A61C-B621-4EC7-8135-D397B1946090}C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{FD154919-5074-42E1-A55D-4F33205F4B62}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.)
FirewallRules: [UDP Query User{0FD42124-9FD0-48A1-BD48-4C7B8159DCBB}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.)
FirewallRules: [TCP Query User{E10A17BD-72A8-4C9A-9145-69B08146AE0B}C:\program files\java\jre1.8.0_271\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\java.exe => No File
FirewallRules: [UDP Query User{7425971E-FC0A-41C2-BB31-F1130B03CD0A}C:\program files\java\jre1.8.0_271\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\java.exe => No File
FirewallRules: [TCP Query User{51C47126-6A78-4E86-AA83-5C101D58F0CF}C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe] => (Allow) C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{F522B6C2-C6B0-4081-8BCA-0713BEC6A602}C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe] => (Allow) C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe () [File not signed]
FirewallRules: [TCP Query User{C64FD0BE-4DA4-4CFA-A521-A3AD01DC9806}C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe => No File
FirewallRules: [UDP Query User{75883C8A-441B-43B3-9E46-C805A7C5A2DA}C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe => No File
FirewallRules: [TCP Query User{5D45E3D9-7B7D-4603-8ACB-D610C9860AC6}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{87C2A62A-D46E-46E2-AFF6-634622DE3C8E}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{E9A96817-43DC-4669-A84C-87A508CDE6E7}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{155E0D73-CBF0-4EDC-A5B9-3F527D45D68C}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{9ECAB92F-9ABE-453F-B559-7232CA2F1BF6}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe (Google LLC -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{86EA330B-CC01-428F-B2EC-E268AC5A637F}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe (Google LLC -> JetBrains s.r.o.)
FirewallRules: [{021D2529-A4C3-4E92-A8ED-B48AF451E999}] => (Allow) LPort=3000
FirewallRules: [{4BD72331-4120-4954-B0CE-18955EDFE9D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{88DC5BFD-9745-4942-ACA2-EC2B6E3E1A8E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BBED9672-8A9B-4FC7-87E3-0D740212564F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

23-05-2021 22:32:28 Scheduled Checkpoint
01-06-2021 03:04:57 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Android ADB Interface
Description: Android ADB Interface
Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b2b0e}
Manufacturer: LeMobile
Service: WinUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter #2
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter #2
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/01/2021 04:14:49 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-DUJU8T3)
Description: Windows cannot load the extensible counter DLL "oraperf.dll" (Win32 error code 126).

Error: (06/01/2021 04:08:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelAudioService.exe, version: 1.0.152.0, time stamp: 0x5bd0d480
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007fff3efa1aae
Faulting process id: 0x1074
Faulting application start time: 0x01d75700400f39cf
Faulting application path: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Faulting module path: unknown
Report Id: f7082614-c86b-4379-9c49-7e0a3cefaa95
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/01/2021 04:08:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelAudioService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException

Error: (06/01/2021 04:06:42 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" (value from GetModuleFileName() for the binary that issued the query).

Error: (06/01/2021 03:30:37 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at _HPCommRecovery.HPAHLogger.CheckSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (06/01/2021 03:30:37 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at _HPCommRecovery.HPAHLogger.CheckSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (06/01/2021 10:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelAudioService.exe, version: 1.0.152.0, time stamp: 0x5bd0d480
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff919531aae
Faulting process id: 0x958
Faulting application start time: 0x01d756cf1ccb3075
Faulting application path: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Faulting module path: unknown
Report Id: 6bfcd2d6-e213-4e7c-88e4-92ebf08e5f94
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/01/2021 10:16:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelAudioService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException


System errors:
=============
Error: (06/01/2021 04:07:08 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/01/2021 04:06:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/01/2021 03:30:36 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/01/2021 10:15:18 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/01/2021 10:15:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:41:51 AM on ‎6/‎1/‎2021 was unexpected.

Error: (06/01/2021 10:01:44 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/01/2021 02:47:31 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (05/31/2021 03:09:10 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.


Windows Defender:
================
Date: 2021-06-01 16:36:52
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/Remoteshell.X&threatid=2147742159&enterprise=0
Name: Backdoor:PHP/Remoteshell.X
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\amanda\Downloads\13073.txt
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\amanda\Downloads\FRST64.exe
Security intelligence Version: AV: 1.339.1822.0, AS: 1.339.1822.0, NIS: 1.339.1822.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-31 18:59:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-30 14:05:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-30 13:19:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-26 23:16:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-23 17:29:01
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1138.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-05-05 22:05:13
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.337.647.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.5
Error code: 0x80070643
Error description: Fatal error during installation. 

Date: 2021-05-05 22:05:04
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.647.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-05 22:05:04
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.647.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-05 22:05:04
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

==================== Memory info =========================== 

BIOS: Insyde F.39 03/28/2018
Motherboard: HP 83C8
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 74%
Total physical RAM: 12161.66 MB
Available physical RAM: 3106.94 MB
Total Virtual: 14849.66 MB
Available Virtual: 5098.04 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.17 GB) (Free:330.19 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2e581b89-fcfa-42b7-8f67-193179a115a8}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.3 GB) NTFS
\\?\Volume{1ead6b8d-5230-4151-9b47-f0dc87feca94}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B5A2F73F)

Partition: GPT.

==================== End of Addition.txt =======================
tom226
Active Member
 
Posts: 4
Joined: June 1st, 2021, 12:22 pm
Advertisement
Register to Remove

Re: Disk, CPU and Memory 100% and PC fan turning non stop

Unread postby pgmigg » June 1st, 2021, 4:29 pm

Hello tom226,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5145
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Disk, CPU and Memory 100% and PC fan turning non stop

Unread postby pgmigg » June 1st, 2021, 4:55 pm

Hello tom226,

P2P Advisory!
IMPORTANT: There are sign of P2P (Peer to Peer) File Sharing Program installed on your computer:

µTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s), please indicate that in your next reply and this topic will be closed.

Otherwise, please perform the following steps:

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    µTorrent
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself, may be safe but the files may not - use P2P at your own risk!
Keep in mind that this practice may be the source of your current malware infestation or computer slowness.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Then:
Please tell me, is this computer used for business purposes or connected to any business network?
I need to know it - so I can provide the proper instructions.

Step 2.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select "Run as administrator...", then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 4.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Your decision about P2P program.
  2. Do you have any problems executing the instructions?
  3. Answer for my question related to type of using of your computer.
  4. Contents of a log created by CKFiles.txt
  5. Contents of the codecheck.txt log file
  6. Contents of SysInfo scan
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5145
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Disk, CPU and Memory 100% and PC fan turning non stop

Unread postby tom226 » June 1st, 2021, 6:24 pm

A. Your decision about P2P program. =========> YES : I've uninstalled it and rebooted the computer before steps below

B . Do you have any problems executing the instructions? =========> NO : I trust you

C. Answer for my question related to type of using of your computer. =========> This is my personal computer ; not a work/business computer

D. Contents of a log created by CKFiles.txt
Code: Select all
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\git\usr\bin\ssh-keygen.exe
c:\users\amanda\desktop\tools\scripts\crack jwt key.txt
c:\users\amanda\desktop\x86\ophcrack.exe
c:\users\amanda\desktop\x86\ophcrack_nogui.exe
c:\users\amanda\downloads\bruteforce_and_password_cracking_2403 (1).ovpn
c:\users\amanda\downloads\bruteforce_and_password_cracking_2403.ovpn
c:\users\amanda\downloads\ophcrack-3.8.0-bin.zip
c:\users\amanda\downloads\rainbowcrack-1.7-win64.zip
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.867.1.8\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\r\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.928.1.10\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.928.1.10\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\r\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\r\ssh-keygen.exe
scanner sequence 3.ZZ.11.LLAPUZ
 ----- EOF ----- 


E. Contents of the codecheck.txt log file =========> Windows Defender does not allow this download and flags this file as virus and deletes it. What should I do ?

F. Contents of SysInfo scan
Code: Select all
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19042, Installed 20201017015501.000000+000
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, Intel64 Family 6 Model 142 Stepping 10, CPU Count: 8
Total Physical RAM: 12 GB
Graphics Card: Intel(R) UHD Graphics 620, 1024 MB
Hard Drives: C: 917 GB (320 GB Free); D: 13 GB (1 GB Free);
Motherboard: HP 83C8, ver 32.64, s/n PGSRP2CNNAS0L7
System: Insyde, ver HPQOEM - 0, s/n 8CG8193L17
Antivirus: Windows Defender, Enabled and Updated


G. Do you see any changes in computer behavior? =========> Oddly YES : CPU and Memory are still high but not 100% as before. This is really odd because you tools did not remove anything I guess
tom226
Active Member
 
Posts: 4
Joined: June 1st, 2021, 12:22 pm

Re: Disk, CPU and Memory 100% and PC fan turning non stop

Unread postby pgmigg » June 2nd, 2021, 9:39 am

The logs you have supplied, show that your computer is being used for purposes which could be interpreted as illegal.
It is not possible, with the resources available to us to determine whether this is with your knowledge or not, however we cannot help you further.

If you were not aware that your computer is being used this way, then all we can suggest is that you perform a factory RESET of Windows and when prompted select Remove everything, which should resolve the issue.

https://www.howtogeek.com/662219/how-to ... indows-10/

This decision will not be revisited, and is not open to discussion

This topic is now closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5145
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 136 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware