Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with spyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with spyware

Unread postby Eldritch » March 10th, 2022, 7:01 am

I am being stalked online. I want to know if there's spyware on my computer and if there's anything I can do about it.

Stalker can accurately tell my online status and what I'm doing, including the contents of customer service tickets I've submitted. Probably aware of this topic I'm making right now.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2022
Ran by Eldritch (administrator) on LAPTOP-1O0LBCKU (HP OMEN by HP Laptop) (10-03-2022 18:26:13)
Running from C:\Users\Eldritch\Downloads
Loaded Profiles: Eldritch
Platform: Microsoft Windows 10 Home Version 21H1 19043.1566 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(eMing Software Inc. -> eMing Software Inc.) C:\Program Files (x86)\NetPeeker\NPConsole.exe
(explorer.exe ->) (KOG Co., Ltd. -> ) C:\Elsword\elsword.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxEM.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(MPC-HC Team) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(services.exe ->) (eMing Software Inc. -> eMing Software Inc.) C:\Program Files (x86)\NetPeeker\NPAgent.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (HP Inc. -> HP) C:\Windows\System32\HP3DDGService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (NortonLifeLock Inc. -> Broadcom) C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\nsWscSvc.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <2>
(svchost.exe ->) (HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1923008 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-07-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP Inc. -> HP)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\Run: [Norton Download Manager{NS-2221544-SHPD-FSD5250006}] => C:\Users\Public\Downloads\Norton\{NS-2221544-SHPD-FSD5250006}\NortonNSDownloader.exe /m (No File)
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\Run: [Norton Download Manager{NS-2221862-SHPD-FSD5270004}] => C:\Users\Public\Downloads\Norton\{NS-2221862-SHPD-FSD5270004}\FSDUI_Custom.exe /m /WIN10_UPGRADE "C:\Users\Eldritch\AppData\Local\Temp\{AA9813CE-5D39-477D-8D00-C43889A406E2}\Upgrade.exe" /m (No File) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\99.0.4844.51\Installer\chrmstp.exe [2022-03-08] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041284CD-52F2-4128-8A2F-131DADA82DC8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947136 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {08186AAD-84E4-4AC7-AF6D-047EDDF27F83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [119664 2017-09-28] (HP Inc. -> HP Inc.)
Task: {1F95DB2F-0973-4E80-AB2A-6C794DEA6605} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1540544 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {223893CC-971E-4D16-97E6-785872EFC1D1} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\WSCStub.exe [646520 2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {26A83DDC-8846-4D52-8A59-44B66AF9130F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3465A00F-149C-4BFA-9A2A-7F2EAED0DA57} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {3999F1D6-303B-4A1D-B1E3-55E7B33984A7} - System32\Tasks\HPCeeScheduleForEldritch => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-25] (Hewlett-Packard Company -> HP Inc.)
Task: {3F24B34A-3EAD-4F05-9BA8-C4012B2D0377} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {431488DB-07D9-46EE-90A5-EA31820619B0} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-07] (HP Inc. -> HP Inc.)
Task: {45613EE1-BC11-4AFD-BE99-26BB71311F17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-16] (Google LLC -> Google LLC)
Task: {51908027-F662-4B10-9B1F-2DE5584DA48D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-28] (HP Inc. -> HP Inc.)
Task: {5EFC4D37-81C0-4909-9A9D-6BD678224882} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\SymErr.exe [108752 2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {5FC730B2-6F3D-458C-B068-557ABB9A38ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-28] (HP Inc. -> HP Inc.)
Task: {652D49D2-58ED-4DEC-B238-EC44C4251E00} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {65F2D03D-0D30-443D-BD6B-E87A9D860AA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [216432 2017-09-28] (HP Inc. -> HP Inc.)
Task: {67140C98-40BB-42B3-B8F6-C846E28045D9} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1359728 2017-10-26] (HP Inc. -> HP Development Company, L.P.)
Task: {70F26F66-17E6-48C6-BE29-9DE903828552} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe /hcmode=periodic /periodicruncount=7 (No File)
Task: {7636032B-E19D-40E4-82AE-F432E839EFDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-16] (Google LLC -> Google LLC)
Task: {80BA2026-6538-4B6A-AD10-76F52F7B956B} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Eldritch\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {93B4B5D2-1029-49F5-AF19-098C9FDC0200} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9BA89C55-0FF1-40D1-8861-CCC56952CA4B} - System32\Tasks\Minecraft Education Edition Automatic Updater => C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
Task: {AFAEDD60-67BA-4353-8E24-A6DCCCB2834A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1006872022-3032962147-1773234815-1003 => C:\Users\Eldritch\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {BE8B0A17-05FF-4BB4-A6F2-999E81370990} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-28] (HP Inc. -> HP Inc.)
Task: {C2A16705-DE56-48B3-A66B-A439E3AAD6FC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8460F43-8BF4-4285-B554-E60D9041C039} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-03] (HP Inc. -> HP Inc.)
Task: {D960742B-461D-47F2-8016-F796EBC6A7BF} - System32\Tasks\Norton Security Scan for Eldritch => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.179\Nss.exe [848912 2019-02-16] (Symantec Corporation -> Symantec Corporation)
Task: {E5CA3E3A-E1C4-4269-B5C9-0CE5EC6D2AD0} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\SymErr.exe [108752 2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {EA49841C-E4A6-4E37-8B64-2F02D084AC96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-28] (HP Inc. -> HP Inc.)
Task: {EDC9AC2E-C471-4B51-978E-6A70E82CBCA1} - System32\Tasks\Minecraft Education Weekly Updater => C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
Task: {F44CF734-D669-4851-B84B-7E7B435C78FD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F6C78E75-0C3C-450E-8660-2C43E9495821} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe (No File)
Task: {FAACECD3-3BE5-4A9B-A788-75E6138CA49A} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\SymErr.exe [108752 2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {FACCD9E9-FCBB-44B3-AA8E-3DCC25157A6C} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForEldritch.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{21dcc34c-55ae-4195-a413-07913afacbca}: [NameServer] 8.8.8.8,9.9.9.9
Tcpip\..\Interfaces\{21dcc34c-55ae-4195-a413-07913afacbca}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-10]
Edge Extension: (NoMiner - Block Coin Miners) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbidmaebbffkfehijoocpmgiiglbgaea [2021-11-01]
Edge Extension: (HTTPS Everywhere) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2021-08-23]
Edge Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2021-04-28]
Edge Extension: (Yandex Metrica opt-out add-on) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gchpojdbkmdnbgpmlncnhafkpgnddcmd [2021-04-28]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-01-14]
Edge Extension: (TunnelBear VPN) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2021-12-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: a945rogu.default
FF ProfilePath: C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\a945rogu.default [2020-11-03]
FF ProfilePath: C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release [2022-03-10]
FF Homepage: Mozilla\Firefox\Profiles\sm00eg3n.default-release -> about:blank
FF Extension: (AdGuard AdBlocker) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\adguardadblocker@adguard.com.xpi [2021-12-17]
FF Extension: (TunnelBear VPN) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\browser@tunnelbear.com.xpi [2021-03-31]
FF Extension: (HTTPS Everywhere) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\https-everywhere@eff.org.xpi [2021-07-15]
FF Extension: (Privacy Badger) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-11-30]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-02-02]
FF Extension: (SwagButton) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\shopearn@prodege.com.xpi [2022-02-19] [UpdateUrl:hxxps://ucontent.prdg.io/extensions/sb/install/ff-update-manifest.json]
FF Extension: (Privacy Possum) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2020-09-16]
FF Extension: (minerBlock) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\xd4rker@gmail.com.xpi [2021-04-19]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-02-24]
FF Extension: (No Coin - Block miners on the web!) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\{5657c026-efc3-4860-b43b-16e4eaa8a9aa}.xpi [2021-04-19]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-04-28] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-24]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-29] (Oracle America, Inc. -> Oracle Corporation)

Chrome:
=======
CHR Profile: C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default [2022-03-10]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-16]
CHR Extension: (Docs) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-16]
CHR Extension: (Google Drive) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-17]
CHR Extension: (minerBlock) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2021-04-19]
CHR Extension: (Sheets) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-16]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2021-04-28]
CHR Extension: (HTTPS Everywhere) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2022-03-10]
CHR Extension: (Gmail) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-06] (HP Inc. -> HP Inc.)
R2 hp3ddgsrv; C:\windows\system32\HP3DDGService.exe [130072 2017-09-23] (HP Inc. -> HP)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-07] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1075744 2017-10-12] (HP Inc. -> HP)
R2 hpsrv; C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe [28192 2017-10-05] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-28] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-14] (HP Inc. -> HP Inc.)
S3 Minecraft Education Updater; C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\NortonSecurity.exe [343336 2022-02-01] (NortonLifeLock Inc. -> Broadcom)
R2 NPSvc; C:\Program Files (x86)\NetPeeker\NPAgent.exe [240720 2013-07-24] (eMing Software Inc. -> eMing Software Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\nsWscSvc.exe [1058664 2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [50616 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\NortonData\22.21.11.46\Definitions\BASHDefs\20220309.011\BHDrvx64.sys [2018784 2021-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\ccSetx64.sys [192256 2022-02-01] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2021-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-01-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [60448 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R1 IDSVia64; C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\NortonData\22.21.11.46\Definitions\IPSDefs\20220308.064\IDSvia64.sys [1480144 2021-12-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 LdVBoxDrv; C:\WINDOWS\system32\DRIVERS\LdVBoxDrv.sys [315232 2021-04-03] (MyTestCertificate -> Oracle Corporation)
R1 NetPeeker; C:\WINDOWS\system32\DRIVERS\netpeeker.sys [1757648 2022-02-18] (eMing Software Inc. -> eMing Software Inc.)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\nsvst.sys [56080 2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\SRTSP64.SYS [885712 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\SRTSPX64.SYS [41936 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\SYMEFASI64.SYS [2023880 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\SymELAM.sys [25096 2022-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [93120 2021-12-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\NortonData\22.21.11.46\SymPlatform\SymEvnt.sys [712432 2021-06-16] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\Ironx64.SYS [312264 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\symnets.sys [575344 2022-02-01] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616010.03A\wpCtrlDrv.sys [1015760 2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 xhunter1; C:\WINDOWS\xhunter1.sys [2740480 2022-03-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U3 aspnet_state; no ImagePath
S4 ibtusb; \SystemRoot\System32\DriverStore\FileRepository\ibtusb.inf_amd64_da5167bdd66ed8f1\ibtusb.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20211227.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20211227.003\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-10 18:26 - 2022-03-10 18:29 - 000031081 _____ C:\Users\Eldritch\Downloads\FRST.txt
2022-03-10 18:22 - 2022-03-10 18:28 - 000000000 ____D C:\FRST
2022-03-10 18:18 - 2022-03-10 18:20 - 002364928 _____ (Farbar) C:\Users\Eldritch\Downloads\FRST64.exe
2022-03-10 17:34 - 2022-03-10 17:34 - 000000201 _____ C:\Users\Eldritch\Documents\report.txt
2022-03-10 14:07 - 2022-03-10 14:07 - 000000300 _____ C:\Users\Eldritch\Documents\inflation template.txt
2022-03-10 10:16 - 2022-03-10 10:16 - 000000000 ___HD C:\$WinREAgent
2022-03-10 10:02 - 2022-03-10 10:02 - 000000000 ____H C:\Users\Eldritch\BIT568D.tmp
2022-03-10 00:53 - 2022-03-10 00:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-03-10 00:18 - 2022-03-10 00:20 - 002238892 _____ C:\WINDOWS\Minidump\031022-49250-01.dmp
2022-03-10 00:18 - 2022-03-10 00:18 - 1505741907 _____ C:\WINDOWS\MEMORY.DMP
2022-03-09 03:01 - 2022-03-10 17:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-03-03 10:27 - 2022-03-10 10:02 - 000003280 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForEldritch
2022-03-03 10:27 - 2022-03-10 10:02 - 000000376 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEldritch.job
2022-02-28 16:51 - 2022-02-28 16:51 - 000000483 _____ C:\Users\Eldritch\Documents\bad name template 2.txt
2022-02-25 08:09 - 2022-02-25 08:09 - 000000030 _____ C:\Users\Eldritch\Documents\2v2 discord.txt
2022-02-24 22:51 - 2022-02-24 22:51 - 000011821 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-24 22:50 - 2022-02-24 22:50 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-02-24 22:49 - 2022-02-24 22:49 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-02-24 22:49 - 2022-02-24 22:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-02-24 22:48 - 2022-02-24 22:48 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-02-23 13:33 - 2022-03-03 18:01 - 000002141 _____ C:\Users\Eldritch\Documents\quickchat spam template.txt
2022-02-21 23:26 - 2022-03-05 23:28 - 000000568 _____ C:\Users\Eldritch\Documents\bad name template.txt
2022-02-21 02:55 - 2022-02-21 02:55 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-02-20 03:46 - 2022-02-22 22:55 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Intel
2022-02-19 23:05 - 2022-02-19 23:05 - 000003748 _____ C:\WINDOWS\system32\Tasks\Minecraft Education Weekly Updater
2022-02-19 23:05 - 2022-02-19 23:05 - 000003438 _____ C:\WINDOWS\system32\Tasks\Minecraft Education Edition Automatic Updater
2022-02-18 13:32 - 2022-03-09 23:47 - 000002548 _____ C:\WINDOWS\NetPkr.Rul
2022-02-18 13:32 - 2022-02-18 13:32 - 001757648 _____ (eMing Software Inc.) C:\WINDOWS\system32\Drivers\netpeeker.sys
2022-02-18 13:31 - 2022-02-18 13:33 - 000000000 ____D C:\Program Files (x86)\NetPeeker
2022-02-18 13:31 - 2022-02-18 13:31 - 000001137 _____ C:\Users\Public\Desktop\Net-Peeker Console.LNK
2022-02-18 13:31 - 2022-02-18 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net-Peeker
2022-02-18 13:24 - 2022-03-10 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2022-02-18 13:19 - 2022-02-18 13:19 - 000003454 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2022-02-18 13:18 - 2022-02-18 13:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-02-14 07:20 - 2022-02-14 07:20 - 000000943 _____ C:\Users\Eldritch\Desktop\Elsword.lnk
2022-02-13 14:29 - 2022-02-13 14:29 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-02-13 14:28 - 2022-02-13 14:28 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-02-13 14:19 - 2022-02-13 14:19 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-13 14:19 - 2022-02-13 14:19 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-02-12 00:54 - 2022-02-12 00:54 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-10 18:26 - 2022-01-21 06:34 - 002740480 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2022-03-10 18:22 - 2022-01-19 06:23 - 000106647 _____ C:\WINDOWS\NetPkr.str
2022-03-10 17:46 - 2020-09-16 17:50 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-10 17:39 - 2018-08-28 04:35 - 000000000 ____D C:\Users\Eldritch\AppData\LocalLow\Mozilla
2022-03-10 14:01 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-10 12:25 - 2020-09-16 08:28 - 000000000 ____D C:\ProgramData\NVIDIA
2022-03-10 10:37 - 2020-09-16 10:23 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\vlc
2022-03-10 10:31 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-10 10:29 - 2020-12-25 01:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-10 10:02 - 2020-12-25 01:35 - 000000000 ____D C:\Users\Eldritch
2022-03-10 09:56 - 2021-03-04 17:23 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6da1c97b65e68
2022-03-10 09:56 - 2020-12-25 02:14 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-10 09:42 - 2020-12-25 15:42 - 000479478 _____ C:\WINDOWS\system32\perfh011.dat
2022-03-10 09:42 - 2020-12-25 15:42 - 000133340 _____ C:\WINDOWS\system32\perfc011.dat
2022-03-10 09:42 - 2020-12-25 15:11 - 000499842 _____ C:\WINDOWS\system32\perfh012.dat
2022-03-10 09:42 - 2020-12-25 15:11 - 000133498 _____ C:\WINDOWS\system32\perfc012.dat
2022-03-10 09:42 - 2020-12-25 01:46 - 002142292 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-10 09:36 - 2018-06-28 12:26 - 000000000 __SHD C:\Users\Eldritch\IntelGraphicsProfiles
2022-03-10 09:34 - 2020-12-25 02:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-10 09:34 - 2020-12-25 01:25 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-10 09:34 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-10 08:49 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-10 01:11 - 2020-10-29 14:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-10 01:11 - 2020-09-17 02:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-10 01:07 - 2020-09-17 02:26 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-10 00:24 - 2020-12-25 01:25 - 000323720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-10 00:24 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-10 00:19 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-10 00:18 - 2021-03-30 15:58 - 000000000 ____D C:\WINDOWS\Minidump
2022-03-10 00:18 - 2020-09-16 17:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-03-09 20:30 - 2020-09-16 17:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-03-08 18:21 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-08 18:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-08 18:20 - 2020-09-16 08:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-08 11:54 - 2020-09-16 18:01 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-06 23:44 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-06 23:37 - 2022-01-09 07:26 - 000000000 ____D C:\Users\Eldritch\AppData\Local\ElevatedDiagnostics
2022-03-01 09:26 - 2020-12-21 16:12 - 000002292 _____ C:\Users\Public\Desktop\Artix Game Launcher.lnk
2022-02-26 15:33 - 2021-04-15 07:47 - 000000000 ____D C:\Users\Eldritch\AppData\Local\CrashDumps
2022-02-26 09:57 - 2018-08-28 02:35 - 000000000 ____D C:\Users\Eldritch\Documents\Noise
2022-02-24 23:04 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-23 03:21 - 2020-09-16 11:31 - 000000000 ____D C:\Users\Eldritch\AppData\Local\D3DSCache
2022-02-21 21:48 - 2020-12-21 16:12 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Artix Game Launcher
2022-02-21 02:56 - 2020-09-16 08:28 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-02-21 02:56 - 2018-01-16 22:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-02-21 02:55 - 2020-09-17 02:38 - 000000000 ____D C:\Users\Eldritch\AppData\Local\NVIDIA
2022-02-20 08:18 - 2019-01-17 19:30 - 000000000 ____D C:\Users\Eldritch\Downloads\Bandwidth managers
2022-02-20 03:46 - 2020-09-16 08:30 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2022-02-20 03:46 - 2018-01-16 22:27 - 000000000 ____D C:\ProgramData\Intel
2022-02-19 23:06 - 2020-08-28 05:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Education Edition
2022-02-19 22:15 - 2021-04-29 03:57 - 000000000 ____D C:\Program Files\Common Files\AV
2022-02-18 15:27 - 2019-01-17 03:08 - 000000000 ____D C:\Users\Eldritch\Downloads\Utilities
2022-02-18 13:27 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-02-18 13:19 - 2021-12-28 16:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2022-02-18 13:13 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-02-18 13:13 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-18 13:13 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-02-18 13:13 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-02-18 13:13 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-02-18 13:13 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-18 13:13 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-18 13:13 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-02-18 09:11 - 2022-01-19 04:56 - 000000000 ____D C:\Elsword EU
2022-02-16 17:22 - 2022-01-21 06:22 - 000000000 ____D C:\Elsword
2022-02-14 21:06 - 2020-10-29 14:41 - 000600944 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2022-02-14 21:06 - 2020-10-29 14:41 - 000482120 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-02-14 06:44 - 2022-01-19 04:56 - 000000884 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword.lnk

==================== Files in the root of some directories ========

2021-02-25 18:55 - 2021-02-25 18:55 - 000000064 _____ () C:\Users\Eldritch\AppData\Roaming\changzhi_leidian.data
2020-09-16 10:14 - 2020-09-16 13:03 - 000000050 _____ () C:\Users\Eldritch\AppData\Roaming\MCVi2UserDetail.ini
2020-10-29 03:09 - 2022-01-21 04:19 - 000007600 _____ () C:\Users\Eldritch\AppData\Local\Resmon.ResmonCfg
2021-03-29 08:49 - 2021-03-29 08:49 - 000000000 _____ () C:\Users\Eldritch\AppData\Local\{D22C9E87-6D13-4381-ACC9-C42F4EB41BD8}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2022
Ran by Eldritch (10-03-2022 18:32:16)
Running from C:\Users\Eldritch\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1566 (X64) (2020-12-24 18:15:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1006872022-3032962147-1773234815-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1006872022-3032962147-1773234815-503 - Limited - Disabled)
Eldritch (S-1-5-21-1006872022-3032962147-1773234815-1001 - Administrator - Enabled) => C:\Users\Eldritch
Guest (S-1-5-21-1006872022-3032962147-1773234815-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1006872022-3032962147-1773234815-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Out of date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Norton 360 (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Norton 360 (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton 360 (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Norton 360 (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Artix Game Launcher 2.0.5 (HKLM\...\{3BECECC9-207F-4FAE-A1EA-207D7F8B9AB4}) (Version: 2.0.5 - Artix Entertainment, LLC)
Elsword version EN.L.200909.1.3 (HKLM-x32\...\{6FEA2A6B-58AF-4B89-AA00-0074DDCEA08A}_is1) (Version: EN.L.200909.1.3 - KOG Games Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
HP 3D DriveGuard (HKLM-x32\...\{301F57A8-9CF2-4E0B-B742-26A80AF43CE6}) (Version: 6.0.44.1 - HP)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{10F0BF3E-DBDB-422A-8C12-B4D46711D7C8}) (Version: 2.22.2 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.8.37.11 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{4B0A7A8A-ECE5-4639-9A0D-C535F354313D}) (Version: 1.4.26 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{2EC9AB64-3ACA-460D-B309-0A7052B0C8C0}) (Version: 1.1.21.1 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4815 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.3.1019 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1033-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8060a69f-ee27-444b-b126-775f861232ea}) (Version: 20.0.2 - Intel Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 15.6.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.6.8 - KLCP)
LDPlayer (HKLM-x32\...\LDPlayer64) (Version: 4.0.50 - XUANZHI INTERNATIONAL CO., LIMITED)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.30 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Minecraft: Education Edition (HKLM-x32\...\{4B83BB7B-FA66-4CEE-B8F6-92E03A2678E9}) (Version: 1.17.32.00 - Microsoft Studios) Hidden
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.30.5) (Version: 1.17.30.5 - Microsoft Studios)
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.32.00) (Version: 1.17.32.00 - Microsoft Studios)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 98.0 (x64 en-GB)) (Version: 98.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 80.0.1 - Mozilla)
NEO: The World Ends with You (HKLM-x32\...\NEO: The World Ends with You_is1) (Version: - )
Net-Peeker 3.50 Group Edition (HKLM-x32\...\Net-Peeker 3.50 Group Edition) (Version: 3.50 - eMing Software Inc.)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.1.58 - NortonLifeLock Inc)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.179 - Symantec Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 472.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.19 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.162 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.19.627.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - Oracle Corporation LdVBoxDrv System (12/28/2016 2.0.0) (HKLM\...\C4B5ABF7DEBC0ED3EF1000EB14DAF65B01E12AD0) (Version: 12/28/2016 2.0.0 - Oracle Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Wise Memory Optimizer 4.1.1 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 4.1.1 - WiseCleaner.com, Inc.)
Wurm Online (HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\{7DAA6BBC-E728-402C-9A4F-D6923118E160}_is1) (Version: 1.0 - Code Club AB)

Packages:
=========
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2021-01-01] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.443.0_x86__v10z8vjag6ke6 [2020-09-17] (HP Inc.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2021-01-02] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-09-17] (Netflix, Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\buShell.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\buShell.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\buShell.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\buShell.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\buShell.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\buShell.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\buShell.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\NavShExt.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\NavShExt.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxDTCM.dll [2018-08-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-09-23] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\buShell.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\NavShExt.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\windows\system32\huffyuv.dll [55296 2005-01-22] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\windows\system32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-19] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-26] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-25] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-09-16 10:23 - 2020-07-17 17:00 - 000374784 _____ () [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\libbluray.dll
2022-02-18 13:31 - 2006-10-08 13:51 - 000383818 _____ () [File not signed] C:\Program Files (x86)\NetPeeker\sqlite3.dll
2022-02-19 03:32 - 2022-02-19 03:32 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\66649d7e4b16c317d141267cc81eef13\BRIDGECommon.ni.dll
2022-02-19 03:33 - 2022-02-19 03:33 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\931c013ee5429ad473df1b02c7cea4ab\BridgeExtension.ni.dll
2022-02-19 03:33 - 2022-02-19 03:33 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\4e355e8fb2a27edf51df41fed07b3e96\CleanStartController.ni.dll
2022-02-12 04:20 - 2022-02-12 04:20 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\8956024c41f40c678a29e10c0c2d78d3\Interop.IWshRuntimeLibrary.ni.dll
2022-02-19 03:33 - 2022-02-19 03:33 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\67f3edbdef69485c78a451b1d769c2ca\RegistrationUtilities.ni.dll
2020-09-16 10:23 - 2020-07-17 17:00 - 000306176 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVAudio.ax
2020-09-16 10:23 - 2020-07-17 17:00 - 000655360 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVSplitter.ax
2020-09-16 10:23 - 2020-07-17 17:00 - 013593600 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avcodec-lav-58.dll
2020-09-16 10:23 - 2020-07-17 17:00 - 003638272 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avformat-lav-58.dll
2020-09-16 10:23 - 2020-07-17 17:00 - 000164352 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avresample-lav-4.dll
2020-09-16 10:23 - 2020-07-17 17:00 - 000790528 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avutil-lav-56.dll
2022-02-19 03:34 - 2022-02-19 03:34 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\9869cb6358e98ccdb6c777596129a71d\Hardcodet.Wpf.TaskbarNotification.ni.dll
2022-02-19 03:33 - 2022-02-19 03:33 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\18b077c10303cbabeef3c38b49ff6fff\CommonPortable.ni.dll
2022-02-19 03:34 - 2022-02-19 03:34 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\5298e0f24cfbe1c60cf271932b1613e9\NAudio.ni.dll
2017-09-28 00:02 - 2017-09-28 00:02 - 000184832 _____ (NetToolWorks Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\DeviceDetection\NetToolWorks.Snmp.dll
2022-02-19 03:32 - 2022-02-19 03:32 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\cf1630ed9f12e9d84c3af367e3f89c7d\Newtonsoft.Json.ni.dll
2022-02-19 03:34 - 2022-02-19 03:34 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\d8b45ec5ab0fe6016c29421ff4434ebe\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Eldritch\Application Data:20934bcd827daa71a80700bf4f695192 [394]
AlternateDataStreams: C:\Users\Eldritch\Application Data:2e7adecd915fad7ede6cff9c6c6e4e6e [394]
AlternateDataStreams: C:\Users\Eldritch\AppData\Roaming:20934bcd827daa71a80700bf4f695192 [394]
AlternateDataStreams: C:\Users\Eldritch\AppData\Roaming:2e7adecd915fad7ede6cff9c6c6e4e6e [394]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKU\S-1-5-21-1006872022-3032962147-1773234815-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\coIEPlg.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-28] (HP Inc. -> HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine32\22.22.1.58\coIEPlg.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-28] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\coIEPlg.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine32\22.22.1.58\coIEPlg.dll [2022-02-01] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 21:46 - 2021-11-01 03:26 - 000002365 ____N C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
127.0.0.1 checkhost.local
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 8.8.8.8 - 9.9.9.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

BITS: {B5951D05-9C0E-400E-AF13-BCD284D82904} - (HPCeeConnect) -> [NotifyCmdLine: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe "C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeConnect (null)] [files:http://ceement.rssx.hp.com/CeementWA/index.jsp -> C:\Users\Eldritch\hpTemp.txt]
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Net-Peeker Kernel Driver -> NETPEEKER_LWF (enabled)
Ethernet: Net-Peeker Kernel Driver -> NETPEEKER_LWF (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F84B31A6-D9E7-4E85-BF15-5EB0779D1268}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{97ED7732-8B88-4DFD-8F1D-EEAF6D218709}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EE5FBA6-BE53-4BDA-80F3-B557F65D4101}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA1C3B4D-D181-41B9-963C-C28688852319}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{371AF91B-B5A1-46BB-A18E-1357879314EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DA10D9E-CE19-4788-A7A8-5E77002D8008}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{62D7DF36-3924-4A01-B6BD-45053525686F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{525E9E48-4A54-4027-9481-FF9461A28977}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C6A7C38-7769-408D-A89E-B96BB6F69688}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD2E1A92-A384-448D-9F53-C7FCDA04438E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5668F1EC-0CA3-4DFC-A3D2-AC47A1EB035F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{C8D3E13D-87C5-45A8-9212-CC592B83CBBE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13426.20404.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3CB7A96D-E469-466D-A7EE-5430C44FCCD3}C:\program files\ldplayerbox\ldvboxheadless.exe] => (Allow) C:\program files\ldplayerbox\ldvboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [UDP Query User{FB94F484-D47C-4674-8783-97AAAA91815E}C:\program files\ldplayerbox\ldvboxheadless.exe] => (Allow) C:\program files\ldplayerbox\ldvboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [{89E2C169-2E9B-4DD5-82EE-AE4180CD166F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BBA4F9AC-43EE-43D4-AD19-C236D3D26FE5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{44B59D31-850F-45A0-9CBA-7F24EC926094}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2F2C5005-16A6-4167-95D8-601E5DCD058A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EB381A1E-4CA1-4265-B443-FC67D075A4B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GrandChase\GrandChase.exe => No File
FirewallRules: [{C734BC15-492B-42D1-864C-FC72BB043E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GrandChase\GrandChase.exe => No File
FirewallRules: [{97BCF77C-B1AE-48D0-8CAC-527E6E37904C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elsword\ESSTEAM.exe => No File
FirewallRules: [{0E3FE4E5-B72B-49DF-BD12-9F8B8973829D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elsword\ESSTEAM.exe => No File
FirewallRules: [{896330BE-47DF-474B-AABD-AF678D1DF5DF}] => (Allow) C:\Elsword\Elsword\data\x2.exe => No File
FirewallRules: [{E0A8FAB8-4A45-499E-9967-355F3682B1FC}] => (Allow) C:\Elsword\Elsword\data\x2.exe => No File
FirewallRules: [{9FD8780C-7458-4546-B58E-425267B7371D}] => (Allow) C:\Elsword\data\x2.exe (KOG Co., Ltd. -> )
FirewallRules: [{9C7E17C4-BB21-4571-B608-AF310367EF8A}] => (Allow) C:\Elsword\data\x2.exe (KOG Co., Ltd. -> )
FirewallRules: [{EB4A80AD-862E-4FB5-B9C8-AD9C9D8A5AB6}] => (Allow) C:\Program Files (x86)\NetPeeker\NPConsole.exe (eMing Software Inc. -> eMing Software Inc.)
FirewallRules: [{14BAC481-584F-47CD-A432-A04B24091B39}] => (Allow) C:\Program Files (x86)\NetPeeker\NPConsole.exe (eMing Software Inc. -> eMing Software Inc.)
FirewallRules: [{00C80BD4-43B5-4099-A83E-D4D7EE9C1F7B}] => (Allow) C:\Program Files (x86)\NetPeeker\NPAgent.exe (eMing Software Inc. -> eMing Software Inc.)
FirewallRules: [{BE3B9436-B1B1-4BF2-A2EF-250392B83B58}] => (Allow) C:\Program Files (x86)\NetPeeker\NPAgent.exe (eMing Software Inc. -> eMing Software Inc.)
FirewallRules: [{B09A5D7C-D702-4DB1-902A-172ECDA53075}] => (Allow) C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\Minecraft.Windows.exe (Microsoft Corporation -> )
FirewallRules: [{68031A8E-5716-4486-B7DD-DA83F6E244C0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

24-02-2022 22:04:11 Windows Modules Installer
04-03-2022 02:46:17 Scheduled Checkpoint
07-03-2022 03:05:55 Windows Update
10-03-2022 09:37:54 Windows Update

==================== Faulty Device Manager Devices ============

Name: Intel(R) Dual Band Wireless-AC 7265
Description: Intel(R) Dual Band Wireless-AC 7265
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/07/2022 09:52:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program x2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 27b0

Start Time: 01d8317ee39aba30

Termination Time: 16

Application Path: C:\Elsword\data\x2.exe

Report Id: 8e6a9620-2200-4045-b5f4-998631f50201

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (03/07/2022 09:51:38 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode)
at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
at _HPCommRecovery.Tools.Signtool.Verify(String arg)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.....

Error: (02/26/2022 03:33:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: elsword.exe, version: 1.0.0.2, time stamp: 0x620b7e5d
Faulting module name: mshtml.dll, version: 11.0.19041.1526, time stamp: 0xcec159c9
Exception code: 0xc0000005
Fault offset: 0x00356dcc
Faulting process id: 0x3038
Faulting application start time: 0x01d82ae326a99af2
Faulting application path: C:\Elsword\elsword.exe
Faulting module path: C:\Windows\System32\mshtml.dll
Report Id: 177e8a79-f0f9-41b0-a262-045a31c00ffb
Faulting package full name:
Faulting package-relative application ID:

Error: (02/23/2022 12:58:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: elsword.exe, version: 1.0.0.2, time stamp: 0x620b7e5d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1a60
Faulting application start time: 0x01d828720b06eab4
Faulting application path: C:\Elsword\elsword.exe
Faulting module path: unknown
Report Id: 4e32e024-4200-45bc-ac45-95a61270a874
Faulting package full name:
Faulting package-relative application ID:

Error: (02/18/2022 01:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SynTPEnh.exe, version: 19.5.10.75, time stamp: 0x5b247d7b
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000005
Fault offset: 0x00000000000632e0
Faulting process id: 0x1990
Faulting application start time: 0x01d81f67c6f23cd3
Faulting application path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: ba5c915c-4b23-4a0c-8162-1c1624665b0a
Faulting package full name:
Faulting package-relative application ID:

Error: (02/10/2022 12:46:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program x2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 19dc

Start Time: 01d81e2ab6457da7

Termination Time: 12

Application Path: C:\Elsword\data\x2.exe

Report Id: d37895ae-0c49-4efb-9a0a-8c69c533ef74

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (01/25/2022 06:42:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SynTPEnh.exe, version: 19.5.10.75, time stamp: 0x5b247d7b
Faulting module name: ntdll.dll, version: 10.0.19041.1288, time stamp: 0xa280d1d6
Exception code: 0xc0000005
Fault offset: 0x00000000000632e0
Faulting process id: 0x1a10
Faulting application start time: 0x01d80cd409256785
Faulting application path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 565b745f-f35f-40ca-a168-27772c53b2b1
Faulting package full name:
Faulting package-relative application ID:

Error: (01/22/2022 02:32:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: x2.exe, version: 0.0.0.0, time stamp: 0x61dd8625
Faulting module name: x2.exe, version: 0.0.0.0, time stamp: 0x61dd8625
Exception code: 0xc0000005
Fault offset: 0x0038d209
Faulting process id: 0xa24
Faulting application start time: 0x01d80f599d8dc91b
Faulting application path: c:\elsword\data\x2.exe
Faulting module path: c:\elsword\data\x2.exe
Report Id: 1d3c5d63-8bc4-40f8-aab5-fd6ebc0a1789
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/10/2022 09:41:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Extension - 12/16/2018 12:00:00 AM - 20.110.1.1.

Error: (03/10/2022 09:34:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (03/10/2022 12:23:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (03/10/2022 12:21:45 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:40:51 PM on ‎3/‎9/‎2022 was unexpected.

Error: (03/07/2022 03:48:37 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT AUTHORITY)
Description: 9\_TZ.TZ012022-03-06T19:48:37.7374923Z373

Error: (02/19/2022 10:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Minecraft Education Updater service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (02/19/2022 05:38:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (02/19/2022 05:38:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:27:59 AM on ‎2/‎19/‎2022 was unexpected.


Windows Defender:
================
Date: 2021-12-28 19:02:10
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {3FBACBF5-60EA-4C94-BDDC-20E1902C6063}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM

Date: 2021-09-28 19:14:49
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {72243F65-40FF-4772-AAFA-9869C9EC084D}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM

Date: 2021-06-28 22:12:53
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {57D8E8B9-6972-413F-94B5-95953978D4F0}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM

Date: 2021-06-28 17:35:18
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {03725B32-58F8-4236-A0FC-1C47AA1CE8DD}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM

Date: 2021-06-28 17:01:07
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {AF603DF6-8EC0-4AFA-B1ED-0DFDD2A1F01B}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2021-12-28 14:13:10
Description:
Microsoft Defender 바이러스 백신에서 보안 인텔리전스를 업데이트하는 동안 오류가 발생했습니다.
새 보안 인텔리전스 버전:
이전 보안 인텔리전스 버전: 1.323.1194.0
업데이트 원본: Microsoft 업데이트 서버
보안 인텔리전스 형식: 바이러스 백신
업데이트 형식: 전체
사용자: NT AUTHORITY\SYSTEM
현재 엔진 버전:
이전 엔진 버전: 1.1.17400.5
오류 코드: 0x80240022
오류 설명: The program can't check for definition updates.

Date: 2021-12-28 14:13:10
Description:
Microsoft Defender 바이러스 백신에서 보안 인텔리전스를 업데이트하는 동안 오류가 발생했습니다.
새 보안 인텔리전스 버전:
이전 보안 인텔리전스 버전: 1.323.1194.0
업데이트 원본: Microsoft 업데이트 서버
보안 인텔리전스 형식: 바이러스 백신
업데이트 형식: 전체
사용자: NT AUTHORITY\SYSTEM
현재 엔진 버전:
이전 엔진 버전: 1.1.17400.5
오류 코드: 0x80240022
오류 설명: The program can't check for definition updates.

Date: 2021-12-30 00:16:35
Description:
Microsoft Defender 바이러스 백신에서 보안 인텔리전스를 업데이트하는 동안 오류가 발생했습니다.
새 보안 인텔리전스 버전:
이전 보안 인텔리전스 버전: 1.323.1194.0
업데이트 원본: Microsoft 업데이트 서버
보안 인텔리전스 형식: 바이러스 백신
업데이트 형식: 전체
사용자: NT AUTHORITY\SYSTEM
현재 엔진 버전:
이전 엔진 버전: 1.1.17400.5
오류 코드: 0x800b0101
오류 설명: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

CodeIntegrity:
===============
Date: 2022-03-10 09:43:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\{12AEB001-9895-4E02-8156-4D24F66ED236}\Engine\22.22.1.58\symamsi.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.38 05/24/2017
Motherboard: HP 8259
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 88%
Total physical RAM: 8077.22 MB
Available physical RAM: 965.46 MB
Total Virtual: 24077.22 MB
Available Virtual: 14745.53 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.46 GB) (Free:728.49 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.82 GB) (Free:1.55 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b9082327-8c3b-4f6d-b48d-f0ffba1463d2}\ () (Fixed) (Total:0.96 GB) (Free:0.4 GB) NTFS
\\?\Volume{843d68c9-0eaa-4603-9b8a-056f2f57dc16}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 27957957)

Partition: GPT.

==================== End of Addition.txt =======================
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am
Advertisement
Register to Remove

Re: Help with spyware

Unread postby mAL_rEm018 » March 14th, 2022, 5:06 pm

Hello Eldritch,

I will be helping you with your malware related problems. I'm not currently at home, so it will take me a few hours to get back to you.

mAL
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Help with spyware

Unread postby Eldritch » March 15th, 2022, 1:19 am

As per your sig, I'm supposed to reply, right?
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby mAL_rEm018 » March 15th, 2022, 10:59 pm

Hi Eldritch,

I apologize for the delay. My replies will be faster in the future.

I'm looking over your logs, and I'd like to ask from which country you are posting these logs. I ask because the language associated with your computer is English, yet the mistakes by Windows Defender appear in Korean.

Also, has the "stalker" had physical contact with your computer?

There will be more scans to run, but I need answers to these questions before I give further instructions.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Help with spyware

Unread postby Eldritch » March 16th, 2022, 2:35 am

I'm the only one with physical access to my computer.

I'm posting from the Philippines.
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby mAL_rEm018 » March 26th, 2022, 5:23 pm

Hi Eldritch,

As mentioned in the PM I sent you, I need to see a fresh FRST log.

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

Could you also tell me if there have been any changes in your computer's behaviour?

-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following the instructions?
  • Answer to my question
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Help with spyware

Unread postby Eldritch » April 2nd, 2022, 4:46 am

Hello. I got an error from Windows Defender the first time I tried to run FRST64.exe:

Windows protected your PC
Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
More info

I told it to run anyway. After that there were no problems.

As to changes, I don't know if it's anything to be concerned about, but a few days ago, my antivirus expired, so I installed a trial of the same antivirus to tide me over a bit. Ever since, I keep getting disconnected when I change characters on an online game I play (that would be elsword.exe or x2.exe in the files).

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
Ran by Eldritch (administrator) on LAPTOP-1O0LBCKU (HP OMEN by HP Laptop) (02-04-2022 16:40:47)
Running from C:\Users\Eldritch\Downloads
Loaded Profiles: Eldritch
Platform: Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Eming Software Inc. -> eMing Software Inc.) C:\Program Files (x86)\NetPeeker\NetPeeker.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (MPC-HC Team) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC\mpc-hc.exe
(explorer.exe ->) (VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxEM.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (HP Inc. -> HP) C:\Windows\System32\HP3DDGService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\nsWscSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\NortonSecurity.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Shanghai Changzhi Network Technology Co., Ltd. -> ) C:\LDPlayer\LDPlayer64\adb.exe
(svchost.exe ->) (HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1923008 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-07-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP Inc. -> HP)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\Run: [Norton Download Manager{NS-2221544-SHPD-FSD5250006}] => C:\Users\Public\Downloads\Norton\{NS-2221544-SHPD-FSD5250006}\NortonNSDownloader.exe /m (No File)
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\Run: [Norton Download Manager{NS-2221862-SHPD-FSD5270004}] => C:\Users\Public\Downloads\Norton\{NS-2221862-SHPD-FSD5270004}\FSDUI_Custom.exe /m /WIN10_UPGRADE "C:\Users\Eldritch\AppData\Local\Temp\{AA9813CE-5D39-477D-8D00-C43889A406E2}\Upgrade.exe" /m (No File) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.60\Installer\chrmstp.exe [2022-03-31] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041284CD-52F2-4128-8A2F-131DADA82DC8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947136 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {045B5E2C-F2E7-46D5-9C69-2B5244E49D95} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\SymErr.exe [108752 2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {08186AAD-84E4-4AC7-AF6D-047EDDF27F83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [119664 2017-09-28] (HP Inc. -> HP Inc.)
Task: {1F95DB2F-0973-4E80-AB2A-6C794DEA6605} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1540544 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {26A83DDC-8846-4D52-8A59-44B66AF9130F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3CF39398-BD6E-44FD-8C4D-CD99382A8E80} - System32\Tasks\Net-Peeker => C:\Program Files (x86)\NetPeeker\NetPeeker.exe [2720392 2021-12-04] (Eming Software Inc. -> eMing Software Inc.)
Task: {3F24B34A-3EAD-4F05-9BA8-C4012B2D0377} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {431488DB-07D9-46EE-90A5-EA31820619B0} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-07] (HP Inc. -> HP Inc.)
Task: {45613EE1-BC11-4AFD-BE99-26BB71311F17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-16] (Google LLC -> Google LLC)
Task: {51908027-F662-4B10-9B1F-2DE5584DA48D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-28] (HP Inc. -> HP Inc.)
Task: {5FC730B2-6F3D-458C-B068-557ABB9A38ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-28] (HP Inc. -> HP Inc.)
Task: {652D49D2-58ED-4DEC-B238-EC44C4251E00} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {65F2D03D-0D30-443D-BD6B-E87A9D860AA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [216432 2017-09-28] (HP Inc. -> HP Inc.)
Task: {67140C98-40BB-42B3-B8F6-C846E28045D9} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1359728 2017-10-26] (HP Inc. -> HP Development Company, L.P.)
Task: {70F26F66-17E6-48C6-BE29-9DE903828552} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe /hcmode=periodic /periodicruncount=7 (No File)
Task: {7636032B-E19D-40E4-82AE-F432E839EFDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-16] (Google LLC -> Google LLC)
Task: {7A0536EA-F2C6-41F1-8DD3-52392AD85F4B} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\SymErr.exe [108752 2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {80BA2026-6538-4B6A-AD10-76F52F7B956B} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Eldritch\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {91EAFDA1-8AB8-43FB-969C-B4AA2DB30922} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2353000 2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {93B4B5D2-1029-49F5-AF19-098C9FDC0200} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {95DFAB93-653D-4C8F-9F1D-EA52EDABC1A1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\WSCStub.exe [646520 2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {9BA89C55-0FF1-40D1-8861-CCC56952CA4B} - System32\Tasks\Minecraft Education Edition Automatic Updater => C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
Task: {A5F3BC32-46D8-44B8-87E8-0E8B6DFC2CF8} - System32\Tasks\HPCeeScheduleForEldritch => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-25] (Hewlett-Packard Company -> HP Inc.)
Task: {ADA11178-BAB9-4865-9B70-35BFB25D2C0A} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\SymErr.exe [108752 2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {AFAEDD60-67BA-4353-8E24-A6DCCCB2834A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1006872022-3032962147-1773234815-1003 => C:\Users\Eldritch\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {BE8B0A17-05FF-4BB4-A6F2-999E81370990} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-28] (HP Inc. -> HP Inc.)
Task: {C2A16705-DE56-48B3-A66B-A439E3AAD6FC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8460F43-8BF4-4285-B554-E60D9041C039} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-03] (HP Inc. -> HP Inc.)
Task: {D960742B-461D-47F2-8016-F796EBC6A7BF} - System32\Tasks\Norton Security Scan for Eldritch => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.179\Nss.exe [848912 2019-02-16] (Symantec Corporation -> Symantec Corporation)
Task: {EA49841C-E4A6-4E37-8B64-2F02D084AC96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-28] (HP Inc. -> HP Inc.)
Task: {EDC9AC2E-C471-4B51-978E-6A70E82CBCA1} - System32\Tasks\Minecraft Education Weekly Updater => C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
Task: {F44CF734-D669-4851-B84B-7E7B435C78FD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F6C78E75-0C3C-450E-8660-2C43E9495821} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe (No File)
Task: {FACCD9E9-FCBB-44B3-AA8E-3DCC25157A6C} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForEldritch.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{21dcc34c-55ae-4195-a413-07913afacbca}: [NameServer] 8.8.8.8,9.9.9.9
Tcpip\..\Interfaces\{21dcc34c-55ae-4195-a413-07913afacbca}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-30]
Edge Extension: (NoMiner - Block Coin Miners) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbidmaebbffkfehijoocpmgiiglbgaea [2021-11-01]
Edge Extension: (HTTPS Everywhere) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2021-08-23]
Edge Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2021-04-28]
Edge Extension: (Yandex Metrica opt-out add-on) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gchpojdbkmdnbgpmlncnhafkpgnddcmd [2021-04-28]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-01-14]
Edge Extension: (TunnelBear VPN) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2021-12-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: a945rogu.default
FF ProfilePath: C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\a945rogu.default [2020-11-03]
FF ProfilePath: C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release [2022-04-02]
FF Homepage: Mozilla\Firefox\Profiles\sm00eg3n.default-release -> about:blank
FF Extension: (AdGuard AdBlocker) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\adguardadblocker@adguard.com.xpi [2022-03-23]
FF Extension: (TunnelBear VPN) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\browser@tunnelbear.com.xpi [2021-03-31]
FF Extension: (HTTPS Everywhere) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\https-everywhere@eff.org.xpi [2021-07-15]
FF Extension: (Privacy Badger) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-11-30]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-02-02]
FF Extension: (SwagButton) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\shopearn@prodege.com.xpi [2022-02-19] [UpdateUrl:hxxps://ucontent.prdg.io/extensions/sb/install/ff-update-manifest.json]
FF Extension: (Privacy Possum) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2020-09-16]
FF Extension: (minerBlock) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\xd4rker@gmail.com.xpi [2021-04-19]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-03-17]
FF Extension: (No Coin - Block miners on the web!) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\{5657c026-efc3-4860-b43b-16e4eaa8a9aa}.xpi [2021-04-19]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-04-28] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\sm00eg3n.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.1.7\coFFPlgn => not found
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-29] (Oracle America, Inc. -> Oracle Corporation)

Chrome:
=======
CHR Profile: C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default [2022-04-01]
CHR Extension: (Slides) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-16]
CHR Extension: (Docs) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-16]
CHR Extension: (Google Drive) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-17]
CHR Extension: (minerBlock) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2021-04-19]
CHR Extension: (Sheets) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-16]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2021-04-28]
CHR Extension: (HTTPS Everywhere) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2022-03-10]
CHR Extension: (Gmail) - C:\Users\Eldritch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-06] (HP Inc. -> HP Inc.)
R2 hp3ddgsrv; C:\windows\system32\HP3DDGService.exe [130072 2017-09-23] (HP Inc. -> HP)
S4 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-07] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1075744 2017-10-12] (HP Inc. -> HP)
R2 hpsrv; C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe [28192 2017-10-05] (HP Inc. -> HP)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-28] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-14] (HP Inc. -> HP Inc.)
S3 Minecraft Education Updater; C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
R2 NortonSecurity; C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\NortonSecurity.exe [344888 2022-03-05] (NortonLifeLock Inc. -> Symantec Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [11371088 2021-06-30] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 nsWscSvc; C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\nsWscSvc.exe [1059176 2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [50616 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.20.5.40\Definitions\BASHDefs\20220331.011\BHDrvx64.sys [2018784 2022-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\ccSetx64.sys [184312 2022-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2022-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
U3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [60448 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R3 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.20.5.40\Definitions\IPSDefs\20220331.061\IDSvia64.sys [1480144 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 LdVBoxDrv; C:\WINDOWS\system32\DRIVERS\LdVBoxDrv.sys [315232 2021-04-03] (MyTestCertificate -> Oracle Corporation)
R1 NetPeeker; C:\WINDOWS\system32\DRIVERS\netpeeker.sys [407440 2022-03-24] (Eming Software Inc. -> eMing Software Inc.)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\nsvst.sys [56080 2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\SRTSP64.SYS [892600 2022-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\SRTSPX64.SYS [48824 2022-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\SYMEFASI64.SYS [2030768 2022-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\SymELAM.sys [31984 2022-03-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [93120 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files (x86)\Norton Security\NortonData\22.20.5.40\SymPlatform\SymEvnt.sys [712432 2022-01-11] (Symantec Corporation -> Symantec Corporation)
R3 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\Ironx64.SYS [319152 2022-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\symnets.sys [575344 2022-03-05] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616020.00A\wpCtrlDrv.sys [1015760 2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2740480 2022-04-02] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-02 16:40 - 2022-04-02 16:41 - 000030198 _____ C:\Users\Eldritch\Downloads\FRST.txt
2022-04-02 16:38 - 2022-04-02 16:39 - 002365440 _____ (Farbar) C:\Users\Eldritch\Downloads\FRST64.exe
2022-04-01 09:53 - 2022-04-01 09:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-03-31 20:52 - 2022-04-02 00:44 - 000000592 _____ C:\Users\Eldritch\Documents\bad name template 9.txt
2022-03-31 16:20 - 2022-03-31 16:20 - 000000392 _____ C:\Users\Eldritch\Documents\bad name template 8.txt
2022-03-31 10:14 - 2022-03-31 10:14 - 000000000 ____H C:\Users\Eldritch\BIT401B.tmp
2022-03-29 20:36 - 2022-04-01 14:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security
2022-03-29 20:36 - 2022-03-30 17:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-03-29 20:36 - 2022-03-29 20:36 - 000003388 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2022-03-29 08:42 - 2022-03-29 20:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2022-03-29 07:23 - 2022-03-29 17:25 - 000093120 _____ (Broadcom) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2022-03-29 07:23 - 2022-03-29 17:25 - 000010235 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2022-03-29 07:23 - 2022-03-29 07:23 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2022-03-29 07:22 - 2022-03-29 09:29 - 000000000 ____D C:\Program Files (x86)\Norton Security
2022-03-29 07:22 - 2022-03-29 08:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2022-03-29 07:22 - 2022-03-29 07:22 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2022-03-29 02:20 - 2022-03-29 02:22 - 012782912 _____ (NortonLifeLock Inc.) C:\Users\Eldritch\Downloads\NRnR.exe
2022-03-28 23:36 - 2022-03-31 04:46 - 000000238 _____ C:\Users\Eldritch\Documents\bad name template 7.txt
2022-03-25 03:47 - 2022-04-02 16:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-03-24 04:24 - 2022-04-02 16:23 - 000007316 _____ C:\WINDOWS\NetPeeker.cache
2022-03-24 04:24 - 2022-04-02 15:46 - 000487259 _____ C:\WINDOWS\NetPeeker.strdic
2022-03-24 04:24 - 2022-03-24 04:24 - 000003262 _____ C:\WINDOWS\system32\Tasks\Net-Peeker
2022-03-24 04:24 - 2022-03-24 04:24 - 000001129 _____ C:\Users\Public\Desktop\Net-Peeker 4.5.LNK
2022-03-24 04:24 - 2022-03-24 04:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net-Peeker
2022-03-24 04:24 - 2022-03-24 04:24 - 000000000 ____D C:\ProgramData\eMingSoftware
2022-03-24 04:24 - 2021-12-03 13:03 - 003143228 _____ C:\WINDOWS\NetPeeker.ip
2022-03-22 13:19 - 2022-03-22 13:19 - 000000232 _____ C:\Users\Eldritch\Documents\bad name template 6.txt
2022-03-19 14:32 - 2022-04-01 09:08 - 000000507 _____ C:\Users\Eldritch\Documents\bad name template 5.txt
2022-03-18 14:06 - 2022-03-31 18:20 - 000000569 _____ C:\Users\Eldritch\Documents\bad name template 4.txt
2022-03-15 23:40 - 2021-06-30 14:49 - 011371088 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2022-03-15 23:22 - 2022-03-15 23:22 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2022-03-13 12:10 - 2022-03-13 12:10 - 000001284 _____ C:\Users\Eldritch\Documents\bad name template 3.txt
2022-03-11 22:06 - 2022-03-11 22:06 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-11 20:53 - 2022-03-11 20:53 - 000000000 ___HD C:\$WinREAgent
2022-03-10 18:22 - 2022-04-02 16:41 - 000000000 ____D C:\FRST
2022-03-10 17:34 - 2022-03-10 17:34 - 000000201 _____ C:\Users\Eldritch\Documents\report.txt
2022-03-10 14:07 - 2022-03-10 14:07 - 000000300 _____ C:\Users\Eldritch\Documents\inflation template.txt
2022-03-03 10:27 - 2022-03-31 10:14 - 000003280 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForEldritch
2022-03-03 10:27 - 2022-03-31 10:14 - 000000376 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEldritch.job

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-02 16:37 - 2020-09-16 10:23 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\vlc
2022-04-02 16:13 - 2020-12-25 01:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-02 15:47 - 2020-09-16 17:50 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-02 15:20 - 2018-08-28 04:35 - 000000000 ____D C:\Users\Eldritch\AppData\LocalLow\Mozilla
2022-04-02 12:25 - 2020-09-16 08:28 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-02 07:23 - 2022-01-21 06:34 - 002740480 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2022-04-02 02:39 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-31 10:14 - 2020-12-25 01:35 - 000000000 ____D C:\Users\Eldritch
2022-03-31 06:50 - 2020-09-16 18:01 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-30 23:00 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-30 20:19 - 2020-10-29 03:09 - 000007595 _____ C:\Users\Eldritch\AppData\Local\Resmon.ResmonCfg
2022-03-30 19:50 - 2020-09-16 11:31 - 000000000 ____D C:\Users\Eldritch\AppData\Local\D3DSCache
2022-03-30 19:01 - 2021-02-25 18:56 - 000000000 ____D C:\Users\Eldritch\.Ld2VirtualBox
2022-03-30 15:51 - 2021-04-29 03:57 - 000000000 ____D C:\Program Files\Common Files\AV
2022-03-30 15:27 - 2022-01-21 06:22 - 000000000 ____D C:\Elsword
2022-03-29 21:52 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-29 19:29 - 2020-12-25 15:42 - 000479478 _____ C:\WINDOWS\system32\perfh011.dat
2022-03-29 19:29 - 2020-12-25 15:42 - 000133340 _____ C:\WINDOWS\system32\perfc011.dat
2022-03-29 19:29 - 2020-12-25 15:11 - 000499842 _____ C:\WINDOWS\system32\perfh012.dat
2022-03-29 19:29 - 2020-12-25 15:11 - 000133498 _____ C:\WINDOWS\system32\perfc012.dat
2022-03-29 19:29 - 2020-12-25 01:46 - 002142292 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-29 19:27 - 2018-06-28 12:26 - 000000000 __SHD C:\Users\Eldritch\IntelGraphicsProfiles
2022-03-29 19:24 - 2020-12-25 02:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-29 19:24 - 2020-12-25 01:25 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-29 19:23 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-29 19:22 - 2019-12-07 17:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-29 17:22 - 2019-01-17 03:08 - 000000000 ____D C:\Users\Eldritch\Downloads\Utilities
2022-03-29 17:03 - 2021-04-29 05:15 - 000000000 ____D C:\Users\Eldritch\Downloads\Norton
2022-03-29 10:53 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-03-29 09:22 - 2021-10-24 19:45 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2022-03-29 09:20 - 2021-10-24 19:34 - 000000000 ____D C:\Users\Eldritch\AppData\Local\JDownloader 2.0
2022-03-29 07:22 - 2021-04-29 03:28 - 000000000 ____D C:\ProgramData\Norton
2022-03-29 07:16 - 2022-01-18 02:57 - 000000000 ____D C:\Program Files (x86)\Steam
2022-03-29 07:16 - 2021-04-15 07:47 - 000000000 ____D C:\Users\Eldritch\AppData\Local\CrashDumps
2022-03-29 07:16 - 2021-03-30 15:58 - 000000000 ____D C:\WINDOWS\Minidump
2022-03-29 06:06 - 2021-04-29 03:28 - 000000000 ____D C:\ProgramData\NortonInstaller
2022-03-29 05:55 - 2020-09-16 17:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-03-29 04:53 - 2020-09-16 17:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-03-29 02:46 - 2021-06-28 14:59 - 000000000 ____D C:\Program Files\Norton Security
2022-03-29 02:33 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-29 02:32 - 2020-09-16 08:29 - 000000014 _____ C:\WINDOWS\system32\Drivers\RtkR0Log.dat
2022-03-28 20:12 - 2020-09-16 08:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-28 20:12 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-25 06:29 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-24 04:25 - 2019-01-17 19:30 - 000000000 ____D C:\Users\Eldritch\Downloads\Bandwidth managers
2022-03-24 04:24 - 2022-02-18 13:32 - 000407440 _____ (eMing Software Inc.) C:\WINDOWS\system32\Drivers\netpeeker.sys
2022-03-24 04:24 - 2022-02-18 13:31 - 000000000 ____D C:\Program Files (x86)\NetPeeker
2022-03-21 00:34 - 2022-01-19 06:23 - 000117838 _____ C:\WINDOWS\NetPkr.str
2022-03-19 18:10 - 2022-01-19 04:56 - 000000000 ____D C:\Elsword EU
2022-03-19 14:57 - 2020-12-25 01:25 - 000323720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-19 14:54 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-19 14:54 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-19 14:54 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-11 22:17 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-10 19:18 - 2018-12-18 15:45 - 000000000 ____D C:\New folder
2022-03-10 09:56 - 2021-03-04 17:23 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6da1c97b65e68
2022-03-10 09:56 - 2020-12-25 02:14 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-10 01:11 - 2020-10-29 14:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-10 01:11 - 2020-09-17 02:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-10 01:07 - 2020-09-17 02:26 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-10 00:19 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-10 00:19 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-05 23:28 - 2022-02-21 23:26 - 000000568 _____ C:\Users\Eldritch\Documents\bad name template.txt
2022-03-03 18:01 - 2022-02-23 13:33 - 000002141 _____ C:\Users\Eldritch\Documents\quickchat spam template.txt

==================== Files in the root of some directories ========

2021-02-25 18:55 - 2021-02-25 18:55 - 000000064 _____ () C:\Users\Eldritch\AppData\Roaming\changzhi_leidian.data
2020-09-16 10:14 - 2020-09-16 13:03 - 000000050 _____ () C:\Users\Eldritch\AppData\Roaming\MCVi2UserDetail.ini
2020-10-29 03:09 - 2022-03-30 20:19 - 000007595 _____ () C:\Users\Eldritch\AppData\Local\Resmon.ResmonCfg
2021-03-29 08:49 - 2021-03-29 08:49 - 000000000 _____ () C:\Users\Eldritch\AppData\Local\{D22C9E87-6D13-4381-ACC9-C42F4EB41BD8}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby Eldritch » April 2nd, 2022, 4:48 am

Here is the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022
Ran by Eldritch (02-04-2022 16:42:18)
Running from C:\Users\Eldritch\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) (2020-12-24 18:15:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1006872022-3032962147-1773234815-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1006872022-3032962147-1773234815-503 - Limited - Disabled)
Eldritch (S-1-5-21-1006872022-3032962147-1773234815-1001 - Administrator - Enabled) => C:\Users\Eldritch
Guest (S-1-5-21-1006872022-3032962147-1773234815-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1006872022-3032962147-1773234815-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Norton 360 (Disabled - Out of date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Norton 360 (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Norton 360 (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Norton Security (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Norton Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Artix Game Launcher 2.0.5 (HKLM\...\{3BECECC9-207F-4FAE-A1EA-207D7F8B9AB4}) (Version: 2.0.5 - Artix Entertainment, LLC)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.60 - Google LLC)
HP 3D DriveGuard (HKLM-x32\...\{301F57A8-9CF2-4E0B-B742-26A80AF43CE6}) (Version: 6.0.44.1 - HP)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{10F0BF3E-DBDB-422A-8C12-B4D46711D7C8}) (Version: 2.22.2 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.8.37.11 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{4B0A7A8A-ECE5-4639-9A0D-C535F354313D}) (Version: 1.4.26 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{2EC9AB64-3ACA-460D-B309-0A7052B0C8C0}) (Version: 1.1.21.1 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4815 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.3.1019 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1033-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8060a69f-ee27-444b-b126-775f861232ea}) (Version: 20.0.2 - Intel Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 15.6.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.6.8 - KLCP)
LDPlayer (HKLM-x32\...\LDPlayer64) (Version: 4.0.50 - XUANZHI INTERNATIONAL CO., LIMITED)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.55 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Minecraft: Education Edition (HKLM-x32\...\{4B83BB7B-FA66-4CEE-B8F6-92E03A2678E9}) (Version: 1.17.32.00 - Microsoft Studios) Hidden
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.30.5) (Version: 1.17.30.5 - Microsoft Studios)
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.32.00) (Version: 1.17.32.00 - Microsoft Studios)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 98.0.2 (x64 en-GB)) (Version: 98.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 80.0.1 - Mozilla)
NEO: The World Ends with You (HKLM-x32\...\NEO: The World Ends with You_is1) (Version: - )
Net-Peeker 4.5 (HKLM-x32\...\Net-Peeker 4.5) (Version: 4.5 - eMing Software Inc.)
Norton Security (HKLM-x32\...\NGC) (Version: 22.22.2.10 - NortonLifeLock Inc)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.179 - Symantec Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 472.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.19 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.162 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.19.627.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - Oracle Corporation LdVBoxDrv System (12/28/2016 2.0.0) (HKLM\...\C4B5ABF7DEBC0ED3EF1000EB14DAF65B01E12AD0) (Version: 12/28/2016 2.0.0 - Oracle Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Wise Memory Optimizer 4.1.1 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 4.1.1 - WiseCleaner.com, Inc.)
Wurm Online (HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\{7DAA6BBC-E728-402C-9A4F-D6923118E160}_is1) (Version: 1.0 - Code Club AB)

Packages:
=========
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2021-01-01] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.443.0_x86__v10z8vjag6ke6 [2020-09-17] (HP Inc.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2021-01-02] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13426.20404.0_x86__8wekyb3d8bbwe [2020-12-28] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-09-17] (Netflix, Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\buShell.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\buShell.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\buShell.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\buShell.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\buShell.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\buShell.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\buShell.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\NavShExt.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\NavShExt.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxDTCM.dll [2018-08-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-09-23] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-22] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\buShell.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\NavShExt.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\windows\system32\huffyuv.dll [55296 2005-01-22] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\windows\system32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-19] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-26] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-25] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-09-16 10:23 - 2020-07-17 17:00 - 000317952 _____ () [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll
2022-02-12 04:20 - 2022-02-12 04:20 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\8956024c41f40c678a29e10c0c2d78d3\Interop.IWshRuntimeLibrary.ni.dll
2020-09-16 10:23 - 2020-07-17 17:00 - 000267776 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVAudio.ax
2020-09-16 10:23 - 2020-07-17 17:00 - 000541184 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\LAVSplitter.ax
2020-09-16 10:23 - 2020-07-17 17:00 - 013046784 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-58.dll
2020-09-16 10:23 - 2020-07-17 17:00 - 003689472 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-58.dll
2020-09-16 10:23 - 2020-07-17 17:00 - 000158208 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avresample-lav-4.dll
2020-09-16 10:23 - 2020-07-17 17:00 - 000783360 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-56.dll
2022-02-19 03:34 - 2022-02-19 03:34 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\9869cb6358e98ccdb6c777596129a71d\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-11-03 18:57 - 2019-02-22 00:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-02-19 03:34 - 2022-02-19 03:34 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\5298e0f24cfbe1c60cf271932b1613e9\NAudio.ni.dll
2022-02-19 03:32 - 2022-02-19 03:32 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\cf1630ed9f12e9d84c3af367e3f89c7d\Newtonsoft.Json.ni.dll
2022-02-19 03:34 - 2022-02-19 03:34 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\d8b45ec5ab0fe6016c29421ff4434ebe\log4net.ni.dll
2022-03-24 04:24 - 2020-12-17 20:57 - 001367552 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NetPeeker\LIBEAY32.dll
2022-03-24 04:24 - 2020-12-17 20:57 - 000336384 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NetPeeker\ssleay32.dll
2022-03-24 04:24 - 2020-12-17 20:57 - 001063936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NetPeeker\platforms\qwindows.dll
2022-03-24 04:24 - 2020-12-17 20:57 - 004681728 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NetPeeker\Qt5Core.dll
2022-03-24 04:24 - 2020-12-17 20:57 - 004878848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NetPeeker\Qt5Gui.dll
2022-03-24 04:24 - 2020-12-17 20:57 - 000848896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NetPeeker\Qt5Network.dll
2022-03-24 04:24 - 2020-12-17 20:57 - 004495360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NetPeeker\Qt5Widgets.dll
2022-03-24 04:24 - 2020-12-17 20:57 - 000229888 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NetPeeker\Qt5WinExtras.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Eldritch\Application Data:20934bcd827daa71a80700bf4f695192 [394]
AlternateDataStreams: C:\Users\Eldritch\Application Data:2e7adecd915fad7ede6cff9c6c6e4e6e [394]
AlternateDataStreams: C:\Users\Eldritch\AppData\Roaming:20934bcd827daa71a80700bf4f695192 [394]
AlternateDataStreams: C:\Users\Eldritch\AppData\Roaming:2e7adecd915fad7ede6cff9c6c6e4e6e [394]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKU\S-1-5-21-1006872022-3032962147-1773234815-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\coIEPlg.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-28] (HP Inc. -> HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.22.2.10\coIEPlg.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-28] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.22.2.10\coIEPlg.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.22.2.10\coIEPlg.dll [2022-03-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 21:46 - 2021-11-01 03:26 - 000002365 ____N C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 http://www.fitgirlrepacks.in # Fake FitGirl site
127.0.0.1 checkhost.local
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 http://www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 http://www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 http://www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 http://www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 http://www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 http://www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 http://www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 http://www.fitgirl-repack.org # Fake FitGirl site

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 8.8.8.8 - 9.9.9.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Net-Peeker Kernel Driver -> NETPEEKER_LWF (enabled)
Ethernet: Net-Peeker Kernel Driver -> NETPEEKER_LWF (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F84B31A6-D9E7-4E85-BF15-5EB0779D1268}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{97ED7732-8B88-4DFD-8F1D-EEAF6D218709}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EE5FBA6-BE53-4BDA-80F3-B557F65D4101}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA1C3B4D-D181-41B9-963C-C28688852319}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{371AF91B-B5A1-46BB-A18E-1357879314EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DA10D9E-CE19-4788-A7A8-5E77002D8008}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{62D7DF36-3924-4A01-B6BD-45053525686F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{525E9E48-4A54-4027-9481-FF9461A28977}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C6A7C38-7769-408D-A89E-B96BB6F69688}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD2E1A92-A384-448D-9F53-C7FCDA04438E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5668F1EC-0CA3-4DFC-A3D2-AC47A1EB035F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{C8D3E13D-87C5-45A8-9212-CC592B83CBBE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13426.20404.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3CB7A96D-E469-466D-A7EE-5430C44FCCD3}C:\program files\ldplayerbox\ldvboxheadless.exe] => (Allow) C:\program files\ldplayerbox\ldvboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [UDP Query User{FB94F484-D47C-4674-8783-97AAAA91815E}C:\program files\ldplayerbox\ldvboxheadless.exe] => (Allow) C:\program files\ldplayerbox\ldvboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [{89E2C169-2E9B-4DD5-82EE-AE4180CD166F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BBA4F9AC-43EE-43D4-AD19-C236D3D26FE5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{44B59D31-850F-45A0-9CBA-7F24EC926094}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2F2C5005-16A6-4167-95D8-601E5DCD058A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EB381A1E-4CA1-4265-B443-FC67D075A4B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GrandChase\GrandChase.exe (KOG Co., Ltd. -> KOG)
FirewallRules: [{C734BC15-492B-42D1-864C-FC72BB043E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GrandChase\GrandChase.exe (KOG Co., Ltd. -> KOG)
FirewallRules: [{9FD8780C-7458-4546-B58E-425267B7371D}] => (Allow) C:\Elsword\data\x2.exe (KOG Co., Ltd. -> )
FirewallRules: [{9C7E17C4-BB21-4571-B608-AF310367EF8A}] => (Allow) C:\Elsword\data\x2.exe (KOG Co., Ltd. -> )
FirewallRules: [{B09A5D7C-D702-4DB1-902A-172ECDA53075}] => (Allow) C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\Minecraft.Windows.exe (Microsoft Corporation -> )
FirewallRules: [{29E1E9FD-02D1-4E3B-B2FA-23274967D8AD}] => (Allow) C:\Elsword EU\data\x2.exe (KOG Co., Ltd. -> )
FirewallRules: [{1D25B279-6F7E-4E57-A8CB-9BB63BBBF526}] => (Allow) C:\Elsword EU\data\x2.exe (KOG Co., Ltd. -> )
FirewallRules: [{3CE0FDEF-EDB4-4959-83F5-DB186EDC86D7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

16-03-2022 04:01:03 Windows Update
19-03-2022 15:00:11 Windows Update
25-03-2022 09:32:08 Windows Update

==================== Faulty Device Manager Devices ============

Name: Intel(R) Dual Band Wireless-AC 7265
Description: Intel(R) Dual Band Wireless-AC 7265
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/29/2022 07:22:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/29/2022 07:22:23 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/29/2022 07:22:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/29/2022 07:22:23 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]


System errors:
=============
Error: (03/30/2022 10:51:07 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-1O0LBCKU)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (03/30/2022 08:37:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/30/2022 08:37:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect.

Error: (03/30/2022 07:48:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/30/2022 07:48:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect.

Error: (03/29/2022 07:24:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (03/29/2022 09:26:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (03/29/2022 07:02:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading


Windows Defender:
================
Date: 2022-03-29 02:26:58
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {14DC8451-0FB1-484E-8770-BC97570A14D5}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM

Date: 2022-03-29 01:44:19
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {56425242-43BE-4F90-816E-B11834BA0CEF}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM

Date: 2021-12-28 19:02:10
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {3FBACBF5-60EA-4C94-BDDC-20E1902C6063}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM

Date: 2021-09-28 19:14:49
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {72243F65-40FF-4772-AAFA-9869C9EC084D}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM

Date: 2021-06-28 22:12:53
Description:
Microsoft Defender 바이러스 백신 검사가 완료되기 전에 중지되었습니다.
검사 ID: {57D8E8B9-6972-413F-94B5-95953978D4F0}
검사 유형: 맬웨어 방지
검사 매개 변수: 빠른 검사
사용자: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2022-03-29 07:01:42
Description:
Microsoft Defender 바이러스 백신에서 보안 인텔리전스를 업데이트하는 동안 오류가 발생했습니다.
새 보안 인텔리전스 버전:
이전 보안 인텔리전스 버전: 1.323.1194.0
업데이트 원본: Microsoft 업데이트 서버
보안 인텔리전스 형식: 바이러스 백신
업데이트 형식: 전체
사용자: NT AUTHORITY\SYSTEM
현재 엔진 버전:
이전 엔진 버전: 1.1.17400.5
오류 코드: 0x80240022
오류 설명: The program can't check for definition updates.

Date: 2022-03-29 07:01:42
Description:
Microsoft Defender 바이러스 백신에서 보안 인텔리전스를 업데이트하는 동안 오류가 발생했습니다.
새 보안 인텔리전스 버전:
이전 보안 인텔리전스 버전: 1.323.1194.0
업데이트 원본: Microsoft 업데이트 서버
보안 인텔리전스 형식: 바이러스 백신
업데이트 형식: 전체
사용자: NT AUTHORITY\SYSTEM
현재 엔진 버전:
이전 엔진 버전: 1.1.17400.5
오류 코드: 0x80240022
오류 설명: The program can't check for definition updates.

Date: 2022-03-29 02:04:14
Description:
Microsoft Defender 바이러스 백신에서 보안 인텔리전스를 업데이트하는 동안 오류가 발생했습니다.
새 보안 인텔리전스 버전:
이전 보안 인텔리전스 버전: 1.323.1194.0
업데이트 원본: Microsoft 업데이트 서버
보안 인텔리전스 형식: 바이러스 백신
업데이트 형식: 전체
사용자: NT AUTHORITY\SYSTEM
현재 엔진 버전:
이전 엔진 버전: 1.1.17400.5
오류 코드: 0x80240022
오류 설명: The program can't check for definition updates.

Date: 2022-03-29 02:04:14
Description:
Microsoft Defender 바이러스 백신에서 보안 인텔리전스를 업데이트하는 동안 오류가 발생했습니다.
새 보안 인텔리전스 버전:
이전 보안 인텔리전스 버전: 1.323.1194.0
업데이트 원본: Microsoft 업데이트 서버
보안 인텔리전스 형식: 바이러스 백신
업데이트 형식: 전체
사용자: NT AUTHORITY\SYSTEM
현재 엔진 버전:
이전 엔진 버전: 1.1.17400.5
오류 코드: 0x80240022
오류 설명: The program can't check for definition updates.

Date: 2021-12-28 14:13:10
Description:
Microsoft Defender 바이러스 백신에서 보안 인텔리전스를 업데이트하는 동안 오류가 발생했습니다.
새 보안 인텔리전스 버전:
이전 보안 인텔리전스 버전: 1.323.1194.0
업데이트 원본: Microsoft 업데이트 서버
보안 인텔리전스 형식: 바이러스 백신
업데이트 형식: 전체
사용자: NT AUTHORITY\SYSTEM
현재 엔진 버전:
이전 엔진 버전: 1.1.17400.5
오류 코드: 0x80240022
오류 설명: The program can't check for definition updates.

CodeIntegrity:
===============
Date: 2022-04-02 13:24:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Norton Security\Engine\22.22.2.10\symamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.38 05/24/2017
Motherboard: HP 8259
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 53%
Total physical RAM: 8077.22 MB
Available physical RAM: 3741.62 MB
Total Virtual: 24077.22 MB
Available Virtual: 17796.26 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.46 GB) (Free:724.62 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.82 GB) (Free:1.55 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b9082327-8c3b-4f6d-b48d-f0ffba1463d2}\ () (Fixed) (Total:0.96 GB) (Free:0.4 GB) NTFS
\\?\Volume{843d68c9-0eaa-4603-9b8a-056f2f57dc16}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 27957957)

Partition: GPT.

==================== End of Addition.txt =======================
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby Gary R » April 12th, 2022, 2:24 am

Do you still need help with this problem ?

If so, please do the following ...

Download and Run this tool created by Norton to remove their products ... https://support.norton.com/sp/en/us/hom ... /v60392881 .... follow the instructions for remove only.

Next ...

Download and Run this tool created by McAfee to remove their products ... https://service.mcafee.com/?articleId=T ... ticle-view ... follow option 2 to use McAfee Consumer Product Removal tool (MCPR)

There is no need for 3rd Party AV programs with Windows 10, so we're going to be using Windows Security to protect you.

Next ....

Click Search and in the search box type Programs
Click on Add and Remove Programs
Uninstall the following program .... Net-Peeker 4.5


Reboot your computer (this is important)


Next ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    SearchAll:Norton;McAfee;Net-Peeker;eMing

    • Press the Search Files button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with spyware

Unread postby Gary R » April 15th, 2022, 12:40 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware