Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Disk, CPU and Memory 100% and PC fan turning non stop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Disk, CPU and Memory 100% and PC fan turning non stop

Unread postby tom226 » June 1st, 2021, 1:42 pm

Hello,

I think I'm infected by something
My CPU and Memory are practically 100% even when I'm not running specific applications

Plus, my PC has become very low, as if many other background actions where occurring

Would you help me with that ?

For instance, the FRST took more than an hour to complete

FRST Log
Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2021 01
Ran by amanda (administrator) on DESKTOP-DUJU8T3 (HP HP ENVY x360 Convertible 15m-bp1xx) (01-06-2021 16:26:03)
Running from C:\Users\amanda\Downloads
Loaded Profiles: amanda
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19>
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\amanda\Desktop\Tools\Sysinternals\procexp64.exe
(Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\amanda\Desktop\Tools\Sysinternals\Procmon64.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.3.231\IsAppService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2018-12-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [115688 2017-09-18] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {87bdc0f5-68c4-11eb-99ec-7c7635c56c73} - "F:\windows\AutoRun.exe" 
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {894bb7e4-95e6-11eb-99f5-7c7635c56c73} - "E:\windows\AutoRun.exe" 
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {fbafe2f8-25e4-11eb-99c9-7c7635c56c73} - "E:\windows\AutoRun.exe" 
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {fbafe311-25e4-11eb-99c9-7c7635c56c73} - "E:\windows\AutoRun.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C5F1F5-4142-421E-A7B3-E208D1B9E8FA} - System32\Tasks\Microsoft\Windows\Setup\PrivacyNotifier => C:\WINDOWS\system32\PrivacyNotifier.exe
Task: {1841583D-4233-4EF0-A4E4-71B56F96D1A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {21039CAD-EE84-4CE1-BF16-1A74552F79A4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-25] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {30D3CF71-6EFB-465B-A1D8-78792E30415C} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-05-12] (HP Inc. -> )
Task: {38E5503A-9FE0-4FD7-8BB1-793AD0480DAD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B3892B7-4F4A-4C7D-A19F-8E7220263F15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [208744 2017-04-07] (HP Inc. -> HP Inc.)
Task: {4E613874-874D-4CDF-94F6-2332603449E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {58A80E80-B46C-4A77-B44D-0C289996A05C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {6559DE2D-A2F9-4647-9F98-7F7559A272E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-24] (Google Inc -> Google Inc.)
Task: {66DB7331-9B82-4539-BA67-1F8298624B10} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A7BBE75-1CD8-4CD4-9EA2-0914E5474B1C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-04-07] (HP Inc. -> HP Inc.)
Task: {6E02594C-0FC3-41BE-B773-D8A551A7D85B} - System32\Tasks\HPCeeScheduleForamanda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-25] (Hewlett-Packard Company -> HP Inc.)
Task: {7CA5A461-B150-4B79-9B2D-6F1757757C03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1487392 2017-04-07] (HP Inc. -> HP Inc.)
Task: {7E9FD0D2-F249-4891-933D-013F40514314} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {95B3C0BF-8C9E-4A6C-B060-E77C5187F304} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D9E8292-D54F-4A8B-925F-6B0457B9A0C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A2DEF01E-61D2-442C-893B-3EE1D3F29328} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [107368 2017-04-07] (HP Inc. -> HP Inc.)
Task: {AD93A8F7-E8B2-4A57-AA10-3844D850C1CB} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1362464 2017-03-13] (HP Inc. -> HP Development Company, L.P.)
Task: {B7798301-FE59-4DEF-963C-85B8E19FB1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1080168 2017-04-07] (HP Inc. -> HP Inc.)
Task: {BFAC2FF0-5AC5-4547-AEBB-0E7639675911} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF3A29C0-A229-4E33-88ED-7BCEC18BD349} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {D413FBD5-CD21-457F-8BCF-153A15B81D2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1487392 2017-04-07] (HP Inc. -> HP Inc.)
Task: {E534D594-8FC2-4F68-BCD1-BE5FFBAA39BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-24] (Google Inc -> Google Inc.)
Task: {E7A3C924-2AD4-4D3F-836A-83468D592F80} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {F5CE9983-71E5-4995-973D-5D91BDD652AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FB9C8DB3-B6A3-459D-9693-09DFC1A0B228} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [625512 2017-04-07] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForamanda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{209d7f72-3d21-4412-a831-f733df3b6858}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{39d23834-0e04-449b-931e-11dc273c8221}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3f5ae139-8908-4d46-b65d-05106d971753}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{4358848b-ec2e-4cb3-8547-c23e053eaf3e}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{660894bf-d52e-4a33-b951-e7489abe5473}: [DhcpNameServer] 20.0.1.5 20.0.1.7
Tcpip\..\Interfaces\{94e8bc4c-673b-4a4d-82ac-d95b79a32acd}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{a677f67a-fccb-4c84-930d-eec7dcb9aa54}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{d6380c9e-6771-461b-8c2e-c58addc3fe16}: [DhcpNameServer] 192.168.42.129

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\amanda\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-01]

FireFox:
========
FF DefaultProfile: qa44ej6m.default
FF ProfilePath: C:\Users\amanda\AppData\Roaming\Mozilla\Firefox\Profiles\qa44ej6m.default [2019-08-07]
FF ProfilePath: C:\Users\amanda\AppData\Roaming\Mozilla\Firefox\Profiles\fvbk2o0p.default-release-1575316955092 [2021-05-26]
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default [2021-06-01]
CHR Extension: (Slides) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-24]
CHR Extension: (Docs) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-24]
CHR Extension: (Google Drive) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-21]
CHR Extension: (Sheets) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-14]
CHR Extension: (Wappalyzer) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2021-05-14]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-23]
CHR Extension: (Email Tracker for Gmail - Mailtrack) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2021-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Proxy Switcher and Manager) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\onnfghpihccifgojkpnnncpagjcdbjod [2021-02-12]
CHR Extension: (Gmail) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-25]
CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-02-14]
CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-13]
CHR HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 alfrescoPostgreSQL; C:\alfresco-community\postgresql\bin\pg_ctl.exe [93696 2017-05-09] (PostgreSQL Global Development Group) [File not signed]
S3 alfrescoTomcat; C:\alfresco-community\tomcat\bin\tomcat7.exe [109696 2017-05-10] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-05-21] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1325352 2017-05-15] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-29] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppService.exe [493320 2017-10-19] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
S4 MongoDB; C:\Program Files\MongoDB\Server\4.2\bin\mongod.exe [35843072 2020-01-24] (MongoDB, Inc) [File not signed]
S4 OracleDBConsoleorcl; C:\app\amanda\product\11.2.0\dbhome_1\bin\nmesrvc.exe [49152 2010-03-02] (Oracle Corporation) [File not signed]
S4 OracleJobSchedulerORCL; c:\app\amanda\product\11.2.0\dbhome_1\Bin\extjob.exe [49152 2010-04-02] () [File not signed]
S4 OracleMTSRecoveryService; C:\app\amanda\product\11.2.0\dbhome_1\bin\omtsreco.exe [69632 2010-04-01] (Oracle Corporation) [File not signed]
S4 OracleOraDb11g_home1ClrAgent; C:\app\amanda\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [38400 2010-02-28] (Oracle Corporation) [File not signed]
S4 OracleOraDb11g_home1TNSListener; C:\app\amanda\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe [512000 2010-03-31] (Oracle Corporation) [File not signed]
S4 OracleServiceORCL; c:\app\amanda\product\11.2.0\dbhome_1\bin\ORACLE.EXE [106487808 2010-04-02] (Oracle Corporation) [File not signed]
S4 OracleVssWriterORCL; c:\app\amanda\product\11.2.0\dbhome_1\bin\OraVSSW.exe [159744 2010-04-02] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11791704 2019-03-18] (TeamViewer GmbH -> TeamViewer GmbH)
R3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [744968 2020-05-14] (Oracle Corporation -> Oracle Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14344168 2017-09-18] (VMware, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69016 2019-03-04] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
R3 MpKsl3eb6b668; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC31D1D3-60CF-4AB3-8B37-E1D373A684CD}\MpKslDrv.sys [107744 2021-06-01] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
R1 npf; C:\WINDOWS\system32\DRIVERS\npf.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npf_wifi; C:\WINDOWS\system32\DRIVERS\npf.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [58160 2019-04-01] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [237824 2020-05-14] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247224 2020-05-14] (Oracle Corporation -> Oracle Corporation)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2017-09-18] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 zghsser; C:\WINDOWS\system32\DRIVERS\zghsser.sys [133960 2014-03-17] (ZTE CORPORATION -> ZTE Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-01 16:26 - 2021-06-01 16:34 - 000026533 _____ C:\Users\amanda\Downloads\FRST.txt
2021-06-01 16:25 - 2021-06-01 16:33 - 000000000 ____D C:\FRST
2021-06-01 16:24 - 2021-06-01 16:24 - 002299904 _____ (Farbar) C:\Users\amanda\Downloads\FRST64.exe
2021-06-01 16:12 - 2021-06-01 16:12 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2021-06-01 12:11 - 2021-06-01 12:11 - 000000000 ____D C:\Program Files\Common Files\Oracle
2021-06-01 10:38 - 2021-06-01 12:00 - 159718040 _____ (Oracle Corporation) C:\Users\amanda\Downloads\jdk-11.0.10_windows-x64_bin.exe
2021-06-01 05:36 - 2021-06-01 06:24 - 293052764 _____ C:\Users\amanda\Downloads\all-2.0.tar.gz
2021-06-01 04:25 - 2021-06-01 04:25 - 000000000 ____D C:\Users\amanda\AppData\Local\JxBrowser
2021-05-30 19:30 - 2021-05-30 19:30 - 000046916 _____ C:\Users\amanda\Downloads\Secure_Code_Checklist_Software_Secured.xlsx
2021-05-30 19:30 - 2021-05-30 19:30 - 000000109 ____H C:\Users\amanda\Downloads\.~lock.Secure_Code_Checklist_Software_Secured.xlsx#
2021-05-30 01:52 - 2021-05-30 02:05 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForamanda.job
2021-05-30 01:52 - 2021-05-30 01:52 - 000003256 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForamanda
2021-05-29 18:51 - 2019-03-04 17:27 - 000069016 _____ (www.winchiphead.com) C:\WINDOWS\system32\Drivers\CH341S64.SYS
2021-05-15 07:40 - 2021-05-15 07:40 - 001977211 _____ C:\Users\amanda\Downloads\ukemi2.mp4
2021-05-15 07:32 - 2021-05-15 07:32 - 002215032 _____ C:\Users\amanda\Downloads\ukemi1.mp4
2021-05-13 21:44 - 2021-05-13 21:44 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-13 21:43 - 2021-05-13 21:43 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-13 21:43 - 2021-05-13 21:43 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-13 21:43 - 2021-05-13 21:43 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-13 21:43 - 2021-05-13 21:43 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-13 21:43 - 2021-05-13 21:43 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2021-05-13 21:43 - 2021-05-13 21:43 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-13 21:42 - 2021-05-13 21:42 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-13 21:42 - 2021-05-13 21:42 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-13 21:42 - 2021-05-13 21:42 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-13 21:42 - 2021-05-13 21:42 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-13 21:41 - 2021-05-13 21:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-13 21:41 - 2021-05-13 21:41 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-13 17:47 - 2021-05-13 17:47 - 000000052 _____ C:\Users\amanda\Downloads\credentials-41e5bc-2021-May-13--17_47_23.csv
2021-05-12 19:37 - 2021-05-12 19:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-05-05 17:47 - 2021-05-05 17:47 - 000036780 _____ C:\Users\amanda\Downloads\DataTables example - PDF - image.pdf
2021-05-02 18:09 - 2021-05-02 18:11 - 005596273 _____ C:\Users\amanda\Downloads\D-T-e-16192602190943203.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-01 16:31 - 2020-05-17 11:36 - 000000000 ____D C:\Users\amanda\.VirtualBox
2021-06-01 16:30 - 2020-05-17 11:36 - 000000000 ____D C:\ProgramData\VirtualBox
2021-06-01 16:22 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-01 16:13 - 2020-10-17 01:38 - 000946252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-01 16:13 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-01 16:08 - 2019-03-23 15:27 - 000000000 __SHD C:\Users\amanda\IntelGraphicsProfiles
2021-06-01 16:07 - 2020-10-17 01:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-01 16:07 - 2020-10-17 01:19 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-01 16:07 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-01 16:07 - 2019-03-29 09:31 - 000000000 ____D C:\ProgramData\VMware
2021-06-01 16:07 - 2019-03-24 23:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-01 16:06 - 2020-10-17 01:26 - 000000000 ____D C:\Users\amanda
2021-06-01 16:06 - 2019-12-07 09:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-06-01 15:30 - 2020-10-17 01:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-01 12:14 - 2019-07-12 21:12 - 000000000 ____D C:\Users\amanda\AppData\Roaming\BurpSuite
2021-06-01 12:11 - 2019-03-25 13:59 - 000192656 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-06-01 12:11 - 2019-03-25 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-06-01 12:11 - 2019-03-25 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-06-01 12:11 - 2019-03-25 13:56 - 000000000 ____D C:\Program Files\Java
2021-05-31 18:37 - 2020-05-17 11:36 - 000000000 ____D C:\Users\amanda\VirtualBox VMs
2021-05-31 15:15 - 2020-10-17 01:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2874402850-4125491413-1335039919-1001
2021-05-31 15:15 - 2020-10-17 01:26 - 000002374 _____ C:\Users\amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-31 15:15 - 2019-03-23 15:30 - 000000000 ___RD C:\Users\amanda\OneDrive
2021-05-30 16:06 - 2020-02-18 23:18 - 000000000 ____D C:\Users\amanda\AppData\Roaming\vlc
2021-05-30 13:27 - 2019-03-27 21:58 - 000000000 ____D C:\Users\amanda\AppData\Local\BitTorrentHelper
2021-05-30 12:40 - 2019-03-29 22:44 - 000000000 ____D C:\Users\amanda\Documents\Virtual Machines
2021-05-29 21:51 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-29 21:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-29 19:27 - 2019-11-24 16:19 - 000000000 ____D C:\Users\amanda\AppData\Roaming\npm-cache
2021-05-29 18:44 - 2019-04-02 17:51 - 000000000 ____D C:\Users\amanda\Desktop\Tools
2021-05-29 01:25 - 2019-03-31 11:20 - 000000000 ____D C:\Users\amanda\Desktop\Tech Readings
2021-05-28 22:36 - 2017-07-10 10:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-28 21:36 - 2020-06-07 23:51 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-28 21:36 - 2020-06-07 23:51 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-28 21:36 - 2020-06-07 23:51 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-26 21:59 - 2021-02-14 19:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-26 21:59 - 2019-08-07 08:44 - 000000000 ____D C:\Users\amanda\AppData\LocalLow\Mozilla
2021-05-26 21:59 - 2019-08-07 08:44 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-21 16:13 - 2019-03-29 22:43 - 000000000 ____D C:\Users\amanda\AppData\Roaming\VMware
2021-05-21 16:13 - 2019-03-29 22:43 - 000000000 ____D C:\Users\amanda\AppData\Local\VMware
2021-05-14 12:18 - 2019-03-27 00:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-14 00:08 - 2020-11-11 04:40 - 000000000 ____D C:\Users\amanda\AppData\Local\Notepad
2021-05-14 00:07 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-14 00:02 - 2020-10-17 01:19 - 000631488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-14 00:01 - 2019-12-02 20:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-14 00:00 - 2019-12-07 09:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-13 21:52 - 2019-12-07 09:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-13 21:52 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-13 21:04 - 2019-03-23 20:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-13 21:00 - 2019-03-23 19:59 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-12 20:04 - 2019-03-24 00:35 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-12 20:04 - 2019-03-24 00:35 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-12 20:04 - 2019-03-24 00:35 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-12 19:37 - 2019-12-02 20:02 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-11 20:51 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Roaming\Postman
2021-05-09 20:40 - 2019-11-24 16:17 - 000000000 ____D C:\Users\amanda\AppData\Roaming\npm
2021-05-09 20:39 - 2019-06-10 19:21 - 000002178 _____ C:\Users\amanda\Desktop\Postman.lnk
2021-05-09 20:39 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2021-05-08 10:40 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-06 18:08 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Local\Postman

==================== Files in the root of some directories ========

2019-04-01 18:43 - 2021-01-22 19:22 - 000002278 _____ () C:\Users\amanda\AppData\Roaming\jd-gui.cfg
2020-12-31 22:37 - 2020-12-31 22:37 - 000000128 _____ () C:\Users\amanda\AppData\Roaming\PUTTY.RND
2019-10-17 19:20 - 2021-04-05 16:31 - 000000600 _____ () C:\Users\amanda\AppData\Local\PUTTY.RND
2020-11-21 15:15 - 2020-11-21 15:15 - 000007603 _____ () C:\Users\amanda\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Addition log
Code: Select all
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01
Ran by amanda (01-06-2021 16:38:18)
Running from C:\Users\amanda\Downloads
Windows 10 Home Version 20H2 19042.985 (X64) (2020-10-17 01:55:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2874402850-4125491413-1335039919-500 - Administrator - Disabled)
amy (S-1-5-21-2874402850-4125491413-1335039919-1003 - Administrator - Enabled) => C:\Users\amy
amanda (S-1-5-21-2874402850-4125491413-1335039919-1001 - Administrator - Enabled) => C:\Users\amanda
DefaultAccount (S-1-5-21-2874402850-4125491413-1335039919-503 - Limited - Disabled)
Guest (S-1-5-21-2874402850-4125491413-1335039919-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2874402850-4125491413-1335039919-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Alfresco Community (HKLM-x32\...\Alfresco Community 201707) (Version: 201707 - Alfresco Software, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 3.3 - Google LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
FileZilla Client 3.51.0 (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\FileZilla Client) (Version: 3.51.0 - Tim Kosse)
Git version 2.24.0.2 (HKLM\...\Git_is1) (Version: 2.24.0.2 - The Git Development Community)
GlassFish Server Open Source Edition 4.1.1 (HKLM\...\nbi-glassfish-mod-4.1.1.0.1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{AC154691-D9B6-4CD9-BB9B-ACDAF61367E5}) (Version: 2.22.1 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP IR Camera driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.20005 - Realtek Semiconductor Corp.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{6A139049-EBB9-4076-8664-B468888E55A3}) (Version: 1.3.392.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.4.14.41 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.6.14.19 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.0.4 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4691 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1713.2 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{98970ddc-844d-4ec3-b93e-52f5f693b305}) (Version: 3.10.100.3429 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{9315B8DE-B183-4126-A69E-150B8ABF3690}) (Version: 3.10.100.3429 - Intel Corporation) Hidden
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Java SE Development Kit 8 Update 202 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180202}) (Version: 8.0.2020.8 - Oracle Corporation)
Java(TM) SE Development Kit 11.0.10 (64-bit) (HKLM\...\{13D682BE-97A8-527B-A941-9953144DD3CF}) (Version: 11.0.10.0 - Oracle Corporation)
JetBrains PyCharm Community Edition 2019.3 (HKLM-x32\...\PyCharm Community Edition 2019.3) (Version: 193.5233.109 - JetBrains s.r.o.)
LibreOffice 6.3.6.2 (HKLM\...\{6664E413-D143-48B3-823F-50084561A0B6}) (Version: 6.3.6.2 - The Document Foundation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14026.20246 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.37 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.37 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
MongoDB 4.2.3 2008R2Plus SSL (64 bit) (HKLM\...\{CD1DAD1D-017C-4407-8BA1-FA15312A94F6}) (Version: 4.2.3 - MongoDB Inc.)
Mozilla Firefox 85.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 85.0.2 (x64 fr)) (Version: 85.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Node.js (HKLM\...\{41408FBE-699A-4989-83CA-AB035EECA740}) (Version: 12.13.1 - Node.js Foundation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 6.1.8 (HKLM\...\{8EC316C6-82C4-431F-A4DE-4082717C96D5}) (Version: 6.1.8 - Oracle Corporation)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Postman-win64-7.36.5 (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\Postman) (Version: 7.36.5 - Postman)
PuTTY release 0.70 (HKLM-x32\...\{0B06C05B-0069-4FE8-AC19-AAF6678FD0A8}) (Version: 0.70.0.0 - Simon Tatham)
Python 2.7.18 (64-bit) (HKLM\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}) (Version: 2.7.18150 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
stunnel installed for CurrentUser (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\stunnel) (Version: 5.56 - Michal Trojnara)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.2558 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
USBPcap 1.3.0.0 (HKLM\...\USBPcap) (Version: 1.3.0.0 - Tomasz Mon)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-2) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-3) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-4) (Version: 1.1.70.1 - LunarG, Inc.) Hidden
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wireshark 3.0.2 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 7.2.16-0 - Bitnami)
Zoom (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.5.37.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2030.2.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.194.600.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-16] (Dropbox Inc.)
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2021.2.6.0_x64__t5j2fzbtdg37r [2021-05-09] (DTS, Inc.)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.41.4105.0_x86__ytsefhwckbdv6 [2021-05-27] (G5 Entertainment AB)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.3.407.0_x86__v10z8vjag6ke6 [2018-07-25] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-28] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.1.0_x64__nfy108tqq3p12 [2021-02-21] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-03-24] (Plex)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-04-10] (Random Salad Games LLC)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-14] (Synaptics Incorporated)
VitalSource Bookshelf -> C:\Program Files\WindowsApps\VitalSourceTechnologiesIn.VitalSourceBookshelf_9.4.29.0_x64__wasrd15zsyawm [2021-04-22] (VitalSource Technologies Inc)
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2104.13002.0_neutral__8wekyb3d8bbwe [2021-04-30] (Microsoft Corporation)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-02] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-09-18] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-09-18] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxDTCM.dll [2018-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\amanda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2021-05-14 11:27 - 2021-05-14 11:27 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\47a36903a1a777d73c6cf86a9f4237a0\BRIDGECommon.ni.dll
2021-05-14 11:28 - 2021-05-14 11:28 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\63fcf67359e5d44aefab4053d0597bff\BridgeExtension.ni.dll
2021-04-21 21:30 - 2021-04-21 21:30 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\9a41d13cb3c4b4bbfe17e619dbf622b7\CleanStartController.ni.dll
2021-04-21 21:31 - 2021-04-21 21:31 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\f7bd748a9acba01efc64a02cf57764ac\Interop.IWshRuntimeLibrary.ni.dll
2021-04-21 21:31 - 2021-04-21 21:31 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\75fa5cc812ec0f5b2a71b1a84ecede1e\Hardcodet.Wpf.TaskbarNotification.ni.dll
2021-04-21 21:29 - 2021-04-21 21:29 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\e0ddaca1c914a570bda42a32759499ff\CommonPortable.ni.dll
2019-10-16 05:25 - 2017-10-19 08:30 - 000087552 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppCollect.dll
2019-10-16 05:25 - 2017-10-19 08:30 - 000199680 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppCommon.dll
2021-04-21 21:31 - 2021-04-21 21:31 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\152aaa9139cbd7f3bda75a3181ead06d\NAudio.ni.dll
2020-04-18 23:27 - 2020-04-18 23:27 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-18 23:27 - 2020-04-18 23:27 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2019-10-16 05:25 - 2015-02-27 09:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\Newtonsoft.Json.dll
2021-04-21 21:28 - 2021-04-21 21:28 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\99089c473f5717536af38422552f15b2\Newtonsoft.Json.ni.dll
2021-04-21 21:31 - 2021-04-21 21:31 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\1a337ece96259812fb823e64a5cfd5ea\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 21:03 - 2021-04-10 13:42 - 000001304 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1		youtube.com
192.168.1.120 host.docker.internal
192.168.1.120 gateway.docker.internal
127.0.0.1 wso2is.local
127.0.0.1 keycloack.local

2020-06-15 22:18 - 2020-06-15 22:23 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\app\amanda\product\11.2.0\dbhome_1\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%MAVEN_HOME%\bin;%JAVA_HOME%\bin;%GLASSFISH_HOME%\bin;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\PuTTY\;C:\Program Files\nodejs\;C:\Program Files\Git\cmd;C:\Program Files\MongoDB\Server\4.2\bin;c:\Python27;c:\Python27\Scripts;
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 8: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 8: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Ethernet 8: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Ethernet 8: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Ethernet 8: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 7: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 7: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 7: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Ethernet 7: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Ethernet 7: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 7: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Npcap Loopback Adapter: VMware Bridge Protocol -> vmware_bridge (enabled) 
Npcap Loopback Adapter: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Npcap Loopback Adapter: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Npcap Loopback Adapter: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Ethernet 9: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 9: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 9: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 9: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Ethernet 9: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Ethernet 9: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) 
Wi-Fi: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Wi-Fi: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
VirtualBox Host-Only Network #3: VMware Bridge Protocol -> vmware_bridge (enabled) 
VirtualBox Host-Only Network #3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VirtualBox Host-Only Network #3: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
VirtualBox Host-Only Network #3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VirtualBox Host-Only Network #3: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
VirtualBox Host-Only Network #3: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MongoDB => 2
MSCONFIG\Services: MSK80Service => 3
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\StartupApproved\Run: => "Docker Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C29774DA-8043-42B7-8432-703E416BD8A2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1C485379-733C-4B85-AF77-1B1EFCEB0CB2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{0F67C3DE-7C3C-4C92-B55F-C95EFAC53738}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{5FC184F3-FD77-4296-A1AE-D6E2034CDB86}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E78A6A55-C5E2-460D-908F-803CF845DC3D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{E5C65A78-7359-4BFF-A5AB-87857A2A2E5A}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{D0D4B000-B2E9-40DA-B20B-D0DAB6951FC3}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.)
FirewallRules: [UDP Query User{EF62C313-627E-41D1-83F6-763F5F2B3525}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.)
FirewallRules: [TCP Query User{B6B6C4AF-5E94-4C2C-ACE2-4E401E47F56C}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
FirewallRules: [UDP Query User{38AE87A6-1805-4D86-8DF0-928700C8A82F}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed]
FirewallRules: [{A70FF00F-9E87-41B6-8580-CA14B7580B9F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8B081A12-DA03-4CFD-A057-7656319243DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4664509E-E2E3-45DA-9C95-9DBF9D7EFD5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{541533EA-DD19-43A4-A8D1-741A0627BD80}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0F673CF8-9E75-4A98-ABBF-F903CC09F3DC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5F011103-A194-4C81-9738-1AA5C1210793}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{F7E9455F-9F70-465B-BB18-4911D4E19FF0}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> )
FirewallRules: [UDP Query User{44FBAD82-2999-4E70-8728-58F61631275E}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> )
FirewallRules: [TCP Query User{63757D53-6E46-482A-959C-4D2ED5AB3DC9}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe
FirewallRules: [UDP Query User{6353F9CD-2081-4454-A2A3-5D9BDE0A0F2C}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe
FirewallRules: [TCP Query User{C6F7EB63-45A3-4924-919D-9DCF2CD8D7DF}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe
FirewallRules: [UDP Query User{66D8DC2D-1726-496B-8180-9D8A25BA727F}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe
FirewallRules: [TCP Query User{1459DF43-42B7-4D7A-81A6-251A406BBB77}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> )
FirewallRules: [UDP Query User{25EAFEA3-9853-48FA-BCA1-3F3685EE65E4}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> )
FirewallRules: [TCP Query User{4E214C8B-3E42-4827-822E-AD9A6F7AA1C1}C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{2102A61C-B621-4EC7-8135-D397B1946090}C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{FD154919-5074-42E1-A55D-4F33205F4B62}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.)
FirewallRules: [UDP Query User{0FD42124-9FD0-48A1-BD48-4C7B8159DCBB}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.)
FirewallRules: [TCP Query User{E10A17BD-72A8-4C9A-9145-69B08146AE0B}C:\program files\java\jre1.8.0_271\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\java.exe => No File
FirewallRules: [UDP Query User{7425971E-FC0A-41C2-BB31-F1130B03CD0A}C:\program files\java\jre1.8.0_271\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\java.exe => No File
FirewallRules: [TCP Query User{51C47126-6A78-4E86-AA83-5C101D58F0CF}C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe] => (Allow) C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{F522B6C2-C6B0-4081-8BCA-0713BEC6A602}C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe] => (Allow) C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe () [File not signed]
FirewallRules: [TCP Query User{C64FD0BE-4DA4-4CFA-A521-A3AD01DC9806}C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe => No File
FirewallRules: [UDP Query User{75883C8A-441B-43B3-9E46-C805A7C5A2DA}C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe => No File
FirewallRules: [TCP Query User{5D45E3D9-7B7D-4603-8ACB-D610C9860AC6}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{87C2A62A-D46E-46E2-AFF6-634622DE3C8E}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{E9A96817-43DC-4669-A84C-87A508CDE6E7}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{155E0D73-CBF0-4EDC-A5B9-3F527D45D68C}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{9ECAB92F-9ABE-453F-B559-7232CA2F1BF6}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe (Google LLC -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{86EA330B-CC01-428F-B2EC-E268AC5A637F}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe (Google LLC -> JetBrains s.r.o.)
FirewallRules: [{021D2529-A4C3-4E92-A8ED-B48AF451E999}] => (Allow) LPort=3000
FirewallRules: [{4BD72331-4120-4954-B0CE-18955EDFE9D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{88DC5BFD-9745-4942-ACA2-EC2B6E3E1A8E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BBED9672-8A9B-4FC7-87E3-0D740212564F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

23-05-2021 22:32:28 Scheduled Checkpoint
01-06-2021 03:04:57 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Android ADB Interface
Description: Android ADB Interface
Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b2b0e}
Manufacturer: LeMobile
Service: WinUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter #2
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter #2
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/01/2021 04:14:49 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-DUJU8T3)
Description: Windows cannot load the extensible counter DLL "oraperf.dll" (Win32 error code 126).

Error: (06/01/2021 04:08:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelAudioService.exe, version: 1.0.152.0, time stamp: 0x5bd0d480
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007fff3efa1aae
Faulting process id: 0x1074
Faulting application start time: 0x01d75700400f39cf
Faulting application path: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Faulting module path: unknown
Report Id: f7082614-c86b-4379-9c49-7e0a3cefaa95
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/01/2021 04:08:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelAudioService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException

Error: (06/01/2021 04:06:42 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" (value from GetModuleFileName() for the binary that issued the query).

Error: (06/01/2021 03:30:37 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at _HPCommRecovery.HPAHLogger.CheckSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (06/01/2021 03:30:37 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object.
   at _HPCommRecovery.HPAHLogger.CheckSession()
   at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (06/01/2021 10:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelAudioService.exe, version: 1.0.152.0, time stamp: 0x5bd0d480
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff919531aae
Faulting process id: 0x958
Faulting application start time: 0x01d756cf1ccb3075
Faulting application path: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
Faulting module path: unknown
Report Id: 6bfcd2d6-e213-4e7c-88e4-92ebf08e5f94
Faulting package full name: 
Faulting package-relative application ID:

Error: (06/01/2021 10:16:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelAudioService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException


System errors:
=============
Error: (06/01/2021 04:07:08 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/01/2021 04:06:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/01/2021 03:30:36 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/01/2021 10:15:18 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/01/2021 10:15:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:41:51 AM on ‎6/‎1/‎2021 was unexpected.

Error: (06/01/2021 10:01:44 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (06/01/2021 02:47:31 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (05/31/2021 03:09:10 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.


Windows Defender:
================
Date: 2021-06-01 16:36:52
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/Remoteshell.X&threatid=2147742159&enterprise=0
Name: Backdoor:PHP/Remoteshell.X
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\amanda\Downloads\13073.txt
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\amanda\Downloads\FRST64.exe
Security intelligence Version: AV: 1.339.1822.0, AS: 1.339.1822.0, NIS: 1.339.1822.0
Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-31 18:59:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-30 14:05:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-30 13:19:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-26 23:16:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-23 17:29:01
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.1138.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-05-05 22:05:13
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.337.647.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.5
Error code: 0x80070643
Error description: Fatal error during installation. 

Date: 2021-05-05 22:05:04
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.647.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-05 22:05:04
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.647.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

Date: 2021-05-05 22:05:04
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

==================== Memory info =========================== 

BIOS: Insyde F.39 03/28/2018
Motherboard: HP 83C8
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 74%
Total physical RAM: 12161.66 MB
Available physical RAM: 3106.94 MB
Total Virtual: 14849.66 MB
Available Virtual: 5098.04 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.17 GB) (Free:330.19 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2e581b89-fcfa-42b7-8f67-193179a115a8}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.3 GB) NTFS
\\?\Volume{1ead6b8d-5230-4151-9b47-f0dc87feca94}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B5A2F73F)

Partition: GPT.

==================== End of Addition.txt =======================
tom226
Active Member
 
Posts: 4
Joined: June 1st, 2021, 12:22 pm
Advertisement
Register to Remove

Re: Disk, CPU and Memory 100% and PC fan turning non stop

Unread postby pgmigg » June 1st, 2021, 4:24 pm

This topic is duplications of already posted one and will be closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5145
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 134 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware