Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with spyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with spyware

Unread postby Eldritch » April 15th, 2022, 1:52 pm

Hello, my computer started acting up after a Windows update, and I spent a number of days trying to restore it to working order, ending up in having to reset it. And it completely slipped my mind to check up on my thread. Which led to my previous topic getting closed. So let's try this again

I am being stalked online. I want to know if there's spyware on my computer and if there's anything I can do about it.

Stalker can accurately tell my online status and what I'm doing, including the contents of customer service tickets I've submitted. Probably aware of this topic I'm making right now.

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2022
Ran by Eldritch (administrator) on LAPTOP-1O0LBCKU (HP OMEN by HP Laptop) (16-04-2022 01:37:35)
Running from C:\Users\Eldritch\Desktop
Loaded Profiles: Eldritch
Platform: Microsoft Windows 10 Home Version 21H1 19043.1620 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (MPC-HC Team) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxEM.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (HP Inc. -> HP) C:\Windows\System32\HP3DDGService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.3.9\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.3.9\nsWscSvc.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhmig.inf_amd64_715167e770b0a27c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-07-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP Inc. -> HP)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [300160 2021-10-27] (Locktime Software s.r.o. -> Locktime Software)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {130AB2AA-03F2-4FFB-9EBD-74E343307920} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {1498311B-DDF4-48EA-A28C-74FF76977E05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134768 2021-04-01] (HP Inc. -> HP Inc.)
Task: {15041582-8DF8-41CA-B2CD-DD1FCDD0B598} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2353000 2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {1D568DFF-9620-4DCE-8378-7778BCC20FA4} - System32\Tasks\Minecraft Education Edition Automatic Updater => C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
Task: {237A37EC-641B-4601-9777-D3C1B7FDC6D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.)
Task: {2ABBF8B8-CD50-4F8B-A0B7-696E14A5B0CB} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {348CACF8-0E05-4545-B0AA-B1C52FC1EB54} - System32\Tasks\HPCeeScheduleForEldritch => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-25] (Hewlett-Packard Company -> HP Inc.)
Task: {37292EA8-F458-47ED-A55C-5A3A1CCF5FD5} - \Microsoft\Windows\WindowsUpdate\sih -> No File <==== ATTENTION
Task: {3891CB81-CF07-4ECD-A7CE-59544F84AF7D} - \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask -> No File <==== ATTENTION
Task: {431488DB-07D9-46EE-90A5-EA31820619B0} - \HPJumpStartLaunch -> No File <==== ATTENTION
Task: {58562EF0-5036-4779-8F5F-16F28BAA0FCA} - System32\Tasks\Minecraft Education Weekly Updater => C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
Task: {64CCB79F-EF30-4F8A-9098-65B0D7EA3F51} - \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display -> No File <==== ATTENTION
Task: {65F2D03D-0D30-443D-BD6B-E87A9D860AA3} - \Hewlett-Packard\HP Support Assistant\Product Configurator -> No File <==== ATTENTION
Task: {67140C98-40BB-42B3-B8F6-C846E28045D9} - \HP\HP CoolSense\HP CoolSense Start at Logon -> No File <==== ATTENTION
Task: {80BA2026-6538-4B6A-AD10-76F52F7B956B} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {9B480ADA-7047-4A44-A01C-213CF1A576AB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A0FE9C1E-5A00-48DE-A113-F82ECE38669E} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.3.9\WSCStub.exe [646520 2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {A7D7AC5D-9E0E-492D-B128-044AA7BC7691} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-28] (HP Inc. -> HP Inc.)
Task: {BE8B0A17-05FF-4BB4-A6F2-999E81370990} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.)
Task: {C0839513-4076-4641-A90C-D1D75585747D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [984432 2021-04-01] (HP Inc. -> HP Inc.)
Task: {D0218C70-9C99-4043-BF17-667E1AE5C42E} - \Microsoft\Windows\UpdateOrchestrator\Reboot -> No File <==== ATTENTION
Task: {D411B0B7-BF86-4FC1-B232-6DBBB9B86A66} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.22.3.9\SymErr.exe [108240 2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {D8460F43-8BF4-4285-B554-E60D9041C039} - \HPAudioSwitch -> No File <==== ATTENTION
Task: {EA49841C-E4A6-4E37-8B64-2F02D084AC96} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {F203F14B-E3B4-4B2A-BF9A-C9177AFA9B7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2021-04-01] (HP Inc. -> HP Inc.)
Task: {FACCD9E9-FCBB-44B3-AA8E-3DCC25157A6C} - \HPEA3JOBS -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForEldritch.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4aac5e63-f4ec-4f50-ad62-d354ab547a53}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-15]
Edge HomePage: Default -> edge://downloads/all
Edge StartupUrls: Default -> "edge://downloads/all"
Edge Session Restore: Default -> is enabled.
Edge Extension: (NoMiner - Block Coin Miners) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbidmaebbffkfehijoocpmgiiglbgaea [2022-04-09]
Edge Extension: (AdGuard AdBlocker) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2022-04-15]
Edge Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2022-04-10]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-04-09]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-10]
Edge Extension: (AdBlock Doctor) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lojfohldolbkplldokkjgjmcffealmka [2022-04-15]
Edge Extension: (uBlocker - #1 Adblock Tool for Chrome) - C:\Users\Eldritch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ppdonaappkjkbgbncmmjencphdclioab [2022-04-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: d9hqv429.default
FF ProfilePath: C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\d9hqv429.default [2022-04-10]
FF ProfilePath: C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\opbxbrfx.default-release [2022-04-16]
FF Homepage: Mozilla\Firefox\Profiles\opbxbrfx.default-release -> about:blank
FF Extension: (AdGuard AdBlocker) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\opbxbrfx.default-release\Extensions\adguardadblocker@adguard.com.xpi [2022-04-10]
FF Extension: (Privacy Badger) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\opbxbrfx.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2022-04-10]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\opbxbrfx.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-04-10]
FF Extension: (Privacy Possum) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\opbxbrfx.default-release\Extensions\woop-NoopscooPsnSXQ@jetpack.xpi [2022-04-10]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\opbxbrfx.default-release\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2022-04-10] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Extension: (block-miners) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\opbxbrfx.default-release\Extensions\{74b0af75-8791-44e2-95a6-7f0ab94143ec}.xpi [2022-04-10]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Eldritch\AppData\Roaming\Mozilla\Firefox\Profiles\opbxbrfx.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFPlgn => not found
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-04-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-04-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-19] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-06] (HP Inc. -> HP Inc.)
R2 hp3ddgsrv; C:\windows\system32\HP3DDGService.exe [130072 2017-09-23] (HP Inc. -> HP)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-07] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1075744 2017-10-12] (HP Inc. -> HP)
R2 hpsrv; C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe [28192 2017-10-05] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [403576 2021-04-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-14] (HP Inc. -> HP Inc.)
S3 Minecraft Education Updater; C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [5813760 2022-02-02] (Microsoft Studios) [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [19072 2021-10-27] (Locktime Software s.r.o. -> Locktime Software)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.3.9\NortonSecurity.exe [344888 2022-04-05] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.3.9\nsWscSvc.exe [1059176 2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmig.inf_amd64_715167e770b0a27c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvhmig.inf_amd64_715167e770b0a27c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [50616 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.22.2.10\Definitions\BASHDefs\20220414.011\BHDrvx64.sys [2018784 2022-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\ccSetx64.sys [191200 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [60448 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.22.2.10\Definitions\IPSDefs\20220414.061\IDSvia64.sys [1515512 2022-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [193688 2021-10-26] (Locktime Software s.r.o. -> Locktime Software)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\nsvst.sys [56080 2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\SRTSP64.SYS [941256 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\SRTSPX64.SYS [50376 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\SYMEFASI64.SYS [2030768 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\SymELAM.sys [31984 2022-04-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [93120 2022-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.22.2.10\SymPlatform\SymEvnt.sys [712432 2021-06-16] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\Ironx64.SYS [319152 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\symnets.sys [575344 2022-04-05] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [443664 2022-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616030.009\wpCtrlDrv.sys [1015760 2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2740480 2022-04-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U3 aspnet_state; no ImagePath
S3 EraserUtilDrv11912; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11912.sys [X]
S3 MpKsl9853b280; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{292CB3A4-6CC4-48E8-B180-BD02398BA68D}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-16 01:37 - 2022-04-16 01:39 - 000023624 _____ C:\Users\Eldritch\Desktop\FRST.txt
2022-04-16 01:34 - 2022-04-16 01:35 - 002366464 _____ (Farbar) C:\Users\Eldritch\Desktop\FRST64.exe
2022-04-16 00:00 - 2022-04-16 00:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-04-15 07:54 - 2022-04-15 07:54 - 000004451 _____ C:\Users\Eldritch\Documents\Templates.7z
2022-04-14 03:03 - 2022-04-14 03:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-04-10 22:35 - 2022-04-10 22:35 - 000000000 ____D C:\Program Files\Common Files\AV
2022-04-10 18:10 - 2022-04-10 18:10 - 000002339 _____ C:\Users\Public\Desktop\Minecraft Education Edition.lnk
2022-04-10 18:08 - 2022-04-10 18:08 - 000003748 _____ C:\WINDOWS\system32\Tasks\Minecraft Education Weekly Updater
2022-04-10 18:08 - 2022-04-10 18:08 - 000003438 _____ C:\WINDOWS\system32\Tasks\Minecraft Education Edition Automatic Updater
2022-04-10 18:08 - 2022-04-10 18:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Studios
2022-04-10 14:32 - 2022-04-10 14:32 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-04-10 14:32 - 2022-04-10 14:32 - 000011791 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-04-10 14:31 - 2022-04-10 14:31 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-04-10 14:31 - 2022-04-10 14:31 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-04-10 13:29 - 2022-04-10 13:29 - 000000000 ___HD C:\$WinREAgent
2022-04-10 08:58 - 2022-04-10 09:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-04-10 08:33 - 2022-04-10 08:33 - 000001866 _____ C:\Users\Eldritch\Desktop\Minecraft.lnk
2022-04-10 08:16 - 2022-04-10 08:16 - 000192736 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2022-04-10 08:16 - 2022-04-10 08:16 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Sun
2022-04-10 08:16 - 2022-04-10 08:16 - 000000000 ____D C:\ProgramData\Oracle
2022-04-10 08:15 - 2022-04-10 08:15 - 000000000 ____D C:\Program Files\Java
2022-04-10 07:39 - 2022-04-10 07:39 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-04-10 07:39 - 2022-04-10 07:39 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-04-10 05:43 - 2022-04-10 05:45 - 006434896 _____ (Oleg N. Scherbakov) C:\Users\Eldritch\Downloads\HPSupportSolutionsFramework-12.19.53.13.exe
2022-04-10 05:32 - 2022-04-10 16:10 - 000000376 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEldritch.job
2022-04-10 05:32 - 2022-04-10 05:32 - 000003280 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForEldritch
2022-04-10 05:32 - 2022-04-10 05:32 - 000000000 ____H C:\Users\Eldritch\BITDEBA.tmp
2022-04-10 03:23 - 2022-04-10 03:23 - 000000000 ____D C:\Users\Eldritch\Documents\MCCToolchestPE
2022-04-10 03:23 - 2022-04-10 03:23 - 000000000 ____D C:\Users\Eldritch\AppData\Local\jILhSZuRqThbQPTW9VU
2022-04-10 03:22 - 2022-04-10 03:22 - 000002673 _____ C:\Users\Public\Desktop\MCC Tool Chest PE.lnk
2022-04-10 03:22 - 2022-04-10 03:22 - 000002673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MCC Tool Chest PE.lnk
2022-04-10 03:22 - 2022-04-10 03:22 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Downloaded Installations
2022-04-10 03:22 - 2022-04-10 03:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCC Tool Chest PE
2022-04-10 03:22 - 2022-04-10 03:22 - 000000000 ____D C:\Program Files (x86)\MCCToolChestPE
2022-04-10 03:10 - 2022-04-11 07:31 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Minecraft Education Edition
2022-04-10 03:09 - 2022-04-10 03:09 - 000000000 ____D C:\ProgramData\Microsoft Studios
2022-04-10 03:08 - 2022-04-13 19:10 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\.minecraft
2022-04-10 03:08 - 2022-04-10 06:36 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2022-04-10 02:21 - 2022-04-09 13:11 - 000000000 ____D C:\WINDOWS\Panther
2022-04-10 02:08 - 2022-04-10 02:16 - 000000000 ____D C:\Users\Eldritch\AppData\Local\NPE
2022-04-10 02:03 - 2022-04-09 14:38 - 000000000 ____D C:\Windows.old
2022-04-10 02:02 - 2022-04-10 02:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-04-10 02:01 - 2022-04-10 02:01 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2022-04-10 02:01 - 2022-04-10 02:01 - 000000000 ____D C:\Program Files\Synaptics
2022-04-10 01:58 - 2022-04-10 01:58 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-04-10 01:57 - 2022-04-10 01:57 - 000000000 ____D C:\WINDOWS\Setup
2022-04-10 01:54 - 2022-04-10 01:54 - 000000000 ____D C:\WINDOWS\TextInput
2022-04-10 01:54 - 2022-04-10 01:54 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-04-10 01:54 - 2022-04-10 01:54 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2022-04-10 01:54 - 2022-04-10 01:54 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-04-10 01:48 - 2022-04-10 01:48 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-04-10 01:48 - 2022-04-10 01:48 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2022-04-10 01:48 - 2022-04-10 01:48 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-04-10 01:48 - 2022-04-09 11:27 - 000000000 ____D C:\WINDOWS\OCR
2022-04-10 01:45 - 2022-04-16 01:34 - 000000000 ____D C:\Users\Eldritch\AppData\Local\CrashDumps
2022-04-10 01:44 - 2022-04-10 01:44 - 000000000 ____D C:\WINDOWS\addins
2022-04-10 01:44 - 2022-04-10 01:44 - 000000000 ____D C:\ProgramData\ssh
2022-04-10 01:44 - 2022-04-10 01:44 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-04-10 01:44 - 2022-04-10 01:44 - 000000000 ____D C:\Program Files\MSBuild
2022-04-10 01:44 - 2022-04-10 01:44 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-04-10 01:44 - 2022-04-10 01:44 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-04-10 01:44 - 2022-04-09 13:32 - 000000000 ____D C:\WINDOWS\HoloShell
2022-04-10 01:42 - 2022-04-10 16:17 - 000499842 _____ C:\WINDOWS\system32\perfh012.dat
2022-04-10 01:42 - 2022-04-10 16:17 - 000133498 _____ C:\WINDOWS\system32\perfc012.dat
2022-04-10 01:42 - 2022-04-10 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ko
2022-04-10 01:42 - 2022-04-10 01:41 - 000159618 _____ C:\WINDOWS\system32\perfi012.dat
2022-04-10 01:42 - 2022-04-10 01:41 - 000033406 _____ C:\WINDOWS\system32\perfd012.dat
2022-04-10 01:41 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\ko
2022-04-10 01:37 - 2022-04-10 16:17 - 000489798 _____ C:\WINDOWS\system32\perfh011.dat
2022-04-10 01:37 - 2022-04-10 16:17 - 000133474 _____ C:\WINDOWS\system32\perfc011.dat
2022-04-10 01:37 - 2022-04-10 01:37 - 000144624 _____ C:\WINDOWS\system32\perfi011.dat
2022-04-10 01:37 - 2022-04-10 01:37 - 000033402 _____ C:\WINDOWS\system32\perfd011.dat
2022-04-10 01:37 - 2022-04-10 01:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ja
2022-04-10 01:37 - 2022-04-10 01:37 - 000000000 ____D C:\WINDOWS\system32\ja
2022-04-10 01:35 - 2022-04-10 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-04-10 01:34 - 2022-04-10 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-04-10 01:34 - 2022-04-10 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-04-10 01:34 - 2022-04-10 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-04-10 01:34 - 2022-04-10 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-04-10 01:34 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-04-10 01:34 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-04-10 01:34 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-04-10 01:34 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-04-10 01:34 - 2022-04-10 01:34 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2022-04-10 01:34 - 2022-04-10 01:34 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2022-04-10 01:33 - 2022-04-10 01:33 - 000000000 ____D C:\WINDOWS\system32\0409
2022-04-10 01:33 - 2022-04-10 01:33 - 000000000 ____D C:\WINDOWS\DigitalLocker
2022-04-10 01:27 - 2022-04-10 02:17 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-04-10 01:27 - 2022-04-10 01:22 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2022-04-10 01:27 - 2022-04-10 01:22 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2022-04-10 01:27 - 2022-04-10 01:22 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2022-04-10 01:27 - 2022-04-10 01:22 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2022-04-10 01:26 - 2022-04-10 01:22 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2022-04-10 01:26 - 2022-04-10 01:22 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-04-10 01:26 - 2022-04-10 01:22 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2022-04-10 01:26 - 2022-04-10 01:22 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2022-04-10 01:26 - 2022-04-10 01:22 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2022-04-10 01:25 - 2022-04-15 22:42 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-10 01:25 - 2022-04-15 22:32 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-10 01:25 - 2022-04-15 21:47 - 000000000 ____D C:\WINDOWS\ServiceState
2022-04-10 01:25 - 2022-04-14 07:28 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-10 01:25 - 2022-04-11 10:59 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2022-04-10 01:25 - 2022-04-10 18:08 - 000000000 ___RD C:\Program Files (x86)
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ____D C:\WINDOWS\SystemResources
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ____D C:\WINDOWS\Provisioning
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-04-10 01:25 - 2022-04-10 16:06 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-04-10 01:25 - 2022-04-10 05:29 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-04-10 01:25 - 2022-04-10 03:55 - 000000000 ____D C:\WINDOWS\appcompat
2022-04-10 01:25 - 2022-04-10 02:17 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-04-10 01:25 - 2022-04-10 02:03 - 000000000 __RHD C:\Users\Public\Libraries
2022-04-10 01:25 - 2022-04-10 01:54 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-04-10 01:25 - 2022-04-10 01:54 - 000000000 ____D C:\WINDOWS\SystemApps
2022-04-10 01:25 - 2022-04-10 01:48 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-04-10 01:25 - 2022-04-10 01:48 - 000000000 ____D C:\WINDOWS\system32\setup
2022-04-10 01:25 - 2022-04-10 01:48 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-04-10 01:25 - 2022-04-10 01:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-04-10 01:25 - 2022-04-10 01:42 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-04-10 01:25 - 2022-04-10 01:42 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-04-10 01:25 - 2022-04-10 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-04-10 01:25 - 2022-04-10 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\system32\Com
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\WINDOWS\IME
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\Program Files\Common Files\System
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-04-10 01:25 - 2022-04-10 01:41 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-04-10 01:25 - 2022-04-10 01:34 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-04-10 01:25 - 2022-04-10 01:33 - 000000000 ____D C:\Program Files\Windows NT
2022-04-10 01:25 - 2022-04-10 01:33 - 000000000 ____D C:\Program Files (x86)\Windows NT
2022-04-10 01:25 - 2022-04-10 01:28 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2022-04-10 01:25 - 2022-04-10 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-04-10 01:25 - 2022-04-10 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-04-10 01:25 - 2022-04-10 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-04-10 01:25 - 2022-04-10 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-04-10 01:25 - 2022-04-10 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2022-04-10 01:25 - 2022-04-10 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ___SD C:\WINDOWS\system32\Nui
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\ti-et
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\ta-in
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\si-lk
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\osa-Osge-001
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\my-mm
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\icsxml
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\ias
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\ff-Adlm-SN
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\downlevel
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\am-et
2022-04-10 01:25 - 2022-04-10 01:27 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-04-10 01:25 - 2022-04-10 01:26 - 000000000 __RSD C:\WINDOWS\Media
2022-04-10 01:25 - 2022-04-10 01:26 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2022-04-10 01:25 - 2022-04-10 01:26 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2022-04-10 01:25 - 2022-04-10 01:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-04-10 01:25 - 2022-04-10 01:26 - 000000000 ____D C:\WINDOWS\L2Schemas
2022-04-10 01:25 - 2022-04-10 01:26 - 000000000 ____D C:\WINDOWS\IdentityCRL
2022-04-10 01:25 - 2022-04-10 01:26 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-04-10 01:25 - 2022-04-10 01:26 - 000000000 ____D C:\WINDOWS\Cursors
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 __SHD C:\Program Files\Windows Sidebar
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\Web
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\WaaS
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\Vss
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\tracing
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\TAPI
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\winevt
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\ras
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\IME
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\DriverState
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\System
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SKB
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\security
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\schemas
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\SchCache
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\rescache
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\PLA
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\Performance
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\ModemLogs
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\InputMethod
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\Globalization
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\Containers
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\Branding
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\ProgramData\USOShared
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\Program Files\Windows Security
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\Program Files\Windows Portable Devices
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\Program Files\Common Files\Services
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2022-04-10 01:25 - 2022-04-10 01:25 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2022-04-10 01:25 - 2022-04-09 20:57 - 000000000 ____D C:\Program Files\Windows Defender
2022-04-10 01:25 - 2022-04-09 13:43 - 000000000 ____D C:\WINDOWS\Help
2022-04-10 01:25 - 2022-04-09 13:32 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-04-10 01:25 - 2022-04-09 13:21 - 000000000 ____D C:\ProgramData\USOPrivate
2022-04-10 01:25 - 2022-04-09 13:00 - 000000000 ____D C:\WINDOWS\Registration
2022-04-10 01:25 - 2022-04-09 11:28 - 000000000 ____D C:\WINDOWS\system32\spool
2022-04-10 01:25 - 2022-04-09 11:27 - 000000000 ____D C:\WINDOWS\Resources
2022-04-10 01:25 - 2022-04-09 11:23 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-04-10 01:25 - 2022-04-09 10:37 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-04-10 01:25 - 2022-04-09 10:27 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2022-04-10 01:23 - 2022-04-11 20:22 - 000000000 ____D C:\WINDOWS\INF
2022-04-10 01:13 - 2022-04-10 14:43 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-04-10 01:04 - 2022-04-10 01:26 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Wise Memory Optimzer
2022-04-10 01:03 - 2022-04-10 01:03 - 000000000 ____D C:\Program Files\Wise
2022-04-10 01:00 - 2022-04-10 01:00 - 000000000 ____D C:\Users\Eldritch\AppData\Local\mbam
2022-04-10 00:55 - 2022-04-15 14:07 - 094109696 _____ C:\WINDOWS\system32\config\SYSTEM
2022-04-10 00:55 - 2022-04-15 14:07 - 093585408 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-04-10 00:55 - 2022-04-15 14:07 - 002621440 _____ C:\WINDOWS\system32\config\DEFAULT
2022-04-10 00:55 - 2022-04-15 14:07 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2022-04-10 00:55 - 2022-04-15 14:07 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2022-04-10 00:55 - 2022-04-15 14:07 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2022-04-10 00:55 - 2022-04-10 14:43 - 000000000 ____D C:\WINDOWS\servicing
2022-04-10 00:55 - 2022-04-10 01:25 - 000000000 ____D C:\WINDOWS\system32\SMI
2022-04-10 00:55 - 2022-04-09 23:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-04-10 00:34 - 2022-04-10 00:34 - 000000000 ____D C:\Program Files\7-Zip
2022-04-10 00:05 - 2022-04-10 00:36 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-10 00:05 - 2022-04-10 00:05 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Mozilla
2022-04-10 00:05 - 2022-04-10 00:05 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Mozilla
2022-04-10 00:04 - 2022-04-14 19:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-04-10 00:04 - 2022-04-14 19:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-10 00:04 - 2022-04-14 03:03 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-09 23:40 - 2022-04-15 21:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security
2022-04-09 23:40 - 2022-04-09 23:40 - 000003374 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2022-04-09 23:40 - 2022-04-09 23:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-04-09 23:12 - 2022-04-09 23:12 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\MPC-HC
2022-04-09 23:06 - 2022-04-09 23:08 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2022-04-09 23:06 - 2022-04-09 23:06 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2022-04-09 23:05 - 2019-12-28 17:00 - 000784384 _____ C:\WINDOWS\system32\xvidcore.dll
2022-04-09 23:05 - 2019-12-28 17:00 - 000681984 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2022-04-09 23:05 - 2019-12-28 17:00 - 000310784 _____ C:\WINDOWS\system32\xvidvfw.dll
2022-04-09 23:05 - 2019-12-28 17:00 - 000284160 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2022-04-09 23:05 - 2017-07-30 18:50 - 003850240 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll
2022-04-09 23:05 - 2017-07-30 18:50 - 003799552 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll
2022-04-09 23:05 - 2015-10-25 00:00 - 000112128 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2022-04-09 23:05 - 2015-02-26 00:27 - 000473088 _____ (hxxp://www.mp3dev.org/) C:\WINDOWS\SysWOW64\lameACM.acm
2022-04-09 23:05 - 2012-07-21 18:55 - 000180736 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2022-04-09 23:05 - 2012-07-21 18:54 - 000122880 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm
2022-04-09 23:05 - 2012-05-22 05:48 - 000000415 _____ C:\WINDOWS\SysWOW64\lame_acm.xml
2022-04-09 23:05 - 2011-12-08 01:37 - 000148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2022-04-09 23:05 - 2011-12-08 01:32 - 000216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll
2022-04-09 23:05 - 2005-01-22 07:53 - 000055296 _____ C:\WINDOWS\system32\huffyuv.dll
2022-04-09 23:05 - 2004-05-19 02:16 - 000039936 _____ (Disappearing Inc.) C:\WINDOWS\SysWOW64\huffyuv.dll
2022-04-09 23:04 - 2022-04-09 23:05 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2022-04-09 22:49 - 2022-04-09 22:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-04-09 22:24 - 2022-04-09 22:24 - 000093120 _____ (Broadcom) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2022-04-09 22:24 - 2022-04-09 22:24 - 000010235 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2022-04-09 22:23 - 2022-04-09 23:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2022-04-09 22:23 - 2022-04-09 22:23 - 000000000 ____D C:\Program Files\Norton Security
2022-04-09 22:22 - 2022-04-09 22:22 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Locktime
2022-04-09 22:22 - 2022-04-09 22:22 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2022-04-09 22:18 - 2022-04-09 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2022-04-09 22:18 - 2022-04-09 22:18 - 000000000 ____D C:\ProgramData\Locktime
2022-04-09 22:18 - 2022-04-09 22:18 - 000000000 ____D C:\Program Files\Locktime Software
2022-04-09 21:39 - 2022-04-09 21:39 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Locktime Software
2022-04-09 20:59 - 2022-04-10 10:31 - 000007627 _____ C:\Users\Eldritch\AppData\Local\Resmon.ResmonCfg
2022-04-09 20:42 - 2022-04-09 20:42 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\SeriousBit
2022-04-09 20:38 - 2022-04-09 20:38 - 000000000 ____D C:\ProgramData\SeriousBit
2022-04-09 20:36 - 2016-01-15 08:41 - 000042128 _____ (SeriousBit) C:\WINDOWS\system32\Drivers\nbdrv.sys
2022-04-09 20:29 - 2022-04-15 22:24 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\vlc
2022-04-09 20:28 - 2022-04-10 01:33 - 000000000 ____D C:\Program Files\VideoLAN
2022-04-09 20:25 - 2022-04-16 00:40 - 002740480 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2022-04-09 19:52 - 2022-04-09 19:55 - 012782912 _____ (NortonLifeLock Inc.) C:\Users\Eldritch\Downloads\NRnR (1).exe
2022-04-09 14:05 - 2022-04-09 14:05 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Hewlett-Packard
2022-04-09 14:04 - 2022-04-09 14:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-04-09 14:01 - 2022-04-10 05:52 - 000000000 ____D C:\Users\Eldritch\AppData\Local\HP
2022-04-09 14:01 - 2022-04-09 22:24 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2022-04-09 14:00 - 2022-04-10 02:08 - 000000000 ____D C:\ProgramData\Norton
2022-04-09 14:00 - 2022-04-09 14:04 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\HP
2022-04-09 14:00 - 2022-04-09 14:00 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\HP Active Health
2022-04-09 14:00 - 2022-04-09 14:00 - 000000000 ____D C:\Users\Eldritch\AppData\Local\HP JumpStart Apps
2022-04-09 14:00 - 2022-04-09 14:00 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Hewlett-Packard
2022-04-09 13:59 - 2022-04-09 14:05 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\hpqLog
2022-04-09 13:59 - 2022-04-09 13:59 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Crashpad
2022-04-09 13:50 - 2022-04-09 13:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2022-04-09 13:48 - 2022-03-18 00:33 - 000082432 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2022-04-09 13:48 - 2022-03-18 00:33 - 000071168 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2022-04-09 13:39 - 2022-04-09 13:39 - 000000000 ____D C:\NVIDIA
2022-04-09 13:37 - 2022-04-09 20:31 - 000000000 ____D C:\Program Files (x86)\NetPeeker
2022-04-09 13:37 - 2022-04-09 13:37 - 000000016 _____ C:\WINDOWS\NetPeeker.strdic
2022-04-09 13:31 - 2022-04-09 13:31 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Comms
2022-04-09 13:22 - 2022-04-09 13:22 - 000000000 ____D C:\Users\Eldritch\AppData\Local\CEF
2022-04-09 13:21 - 2022-04-10 02:34 - 000000000 ____D C:\Users\Eldritch\AppData\Local\D3DSCache
2022-04-09 13:21 - 2022-04-09 13:21 - 000000000 ____D C:\ProgramData\NortonInstaller
2022-04-09 13:19 - 2022-04-09 13:19 - 000000000 ____D C:\Users\Eldritch\AppData\Local\OneDrive
2022-04-09 13:17 - 2022-04-09 13:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-04-09 13:14 - 2022-04-11 03:19 - 000000000 ____D C:\ProgramData\Packages
2022-04-09 13:14 - 2022-04-10 09:21 - 000000000 ____D C:\Users\Eldritch\AppData\Local\NVIDIA
2022-04-09 13:14 - 2022-04-09 13:14 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Publishers
2022-04-09 13:12 - 2022-04-15 22:32 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Packages
2022-04-09 13:12 - 2022-04-09 13:13 - 000000000 ____D C:\Users\Eldritch\AppData\Local\Intel
2022-04-09 13:12 - 2022-04-09 13:12 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Synaptics
2022-04-09 13:12 - 2022-04-09 13:12 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Adobe
2022-04-09 13:12 - 2022-04-09 13:12 - 000000000 ____D C:\Users\Eldritch\AppData\Local\VirtualStore
2022-04-09 13:11 - 2022-04-09 13:12 - 000000000 ____D C:\Users\Eldritch\AppData\Local\ConnectedDevicesPlatform
2022-04-09 13:11 - 2022-04-09 13:11 - 000000020 ___SH C:\Users\Eldritch\ntuser.ini
2022-04-09 13:11 - 2022-04-09 13:11 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Intel
2022-04-09 12:03 - 2022-04-09 12:03 - 000000000 _SHDL C:\Users\Default User
2022-04-09 12:03 - 2022-04-09 12:03 - 000000000 _SHDL C:\Users\All Users
2022-04-09 11:55 - 2022-04-10 16:17 - 002142332 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-09 11:53 - 2022-04-09 11:53 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2022-04-09 11:30 - 2022-04-10 05:32 - 000000000 ____D C:\Users\Eldritch
2022-04-09 10:55 - 2022-04-09 10:55 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bang & Olufsen Audio Control.lnk
2022-04-09 10:54 - 2022-04-15 14:07 - 000000014 _____ C:\WINDOWS\system32\Drivers\RtkR0Log.dat
2022-04-09 10:54 - 2022-04-09 10:54 - 000041396 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2022-04-09 10:54 - 2022-04-09 10:54 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2022-04-09 10:54 - 2022-04-09 10:54 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-04-09 10:54 - 2022-04-09 10:54 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2022-04-09 10:54 - 2022-04-09 10:54 - 000000000 ____D C:\ProgramData\SRS Labs
2022-04-09 10:54 - 2022-04-09 10:54 - 000000000 ____D C:\Program Files\Realtek
2022-04-09 10:53 - 2022-04-15 21:47 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-09 10:53 - 2022-04-10 00:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-04-09 10:53 - 2022-04-09 10:53 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-04-09 10:53 - 2022-04-09 10:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-04-09 10:52 - 2022-04-10 05:08 - 000000000 ____D C:\ProgramData\Intel
2022-04-09 10:52 - 2022-04-09 13:47 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2022-04-09 10:52 - 2022-04-09 11:24 - 000000000 ____D C:\Program Files\Intel
2022-04-09 10:52 - 2022-04-09 10:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2022-04-09 10:52 - 2022-04-09 10:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2022-04-09 10:52 - 2022-04-09 10:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2022-04-09 10:52 - 2022-04-09 10:52 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-04-09 10:52 - 2022-04-09 10:52 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2022-04-09 10:50 - 2022-04-10 10:02 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-09 10:50 - 2022-04-10 10:02 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-09 10:49 - 2022-04-09 20:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-04-09 10:48 - 2022-04-15 21:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-09 10:28 - 2022-04-15 22:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-09 10:28 - 2022-04-10 16:10 - 000332656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-04-08 08:36 - 2022-04-08 08:36 - 000000112 ___SH C:\bootTel.dat
2022-04-07 23:16 - 2022-04-08 00:57 - 000000000 ____D C:\Users\Eldritch\Downloads\Games
2022-04-07 23:16 - 2022-03-18 11:07 - 000715920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-04-07 23:16 - 2022-03-18 11:04 - 005729728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-04-07 23:15 - 2022-03-18 11:10 - 001905912 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-04-07 23:15 - 2022-03-18 11:10 - 001905912 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-04-07 23:15 - 2022-03-18 11:10 - 001478392 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-04-07 23:15 - 2022-03-18 11:10 - 001478392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-04-07 23:15 - 2022-03-18 11:10 - 001467864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-04-07 23:15 - 2022-03-18 11:10 - 001432328 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-04-07 23:15 - 2022-03-18 11:10 - 001432328 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-04-07 23:15 - 2022-03-18 11:10 - 001209432 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-04-07 23:15 - 2022-03-18 11:10 - 001145616 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-04-07 23:15 - 2022-03-18 11:10 - 001145616 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-04-07 23:15 - 2022-03-18 11:07 - 000795728 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-04-07 23:15 - 2022-03-18 11:07 - 000636504 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-04-07 23:15 - 2022-03-18 11:06 - 042310288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2022-04-07 23:15 - 2022-03-18 11:06 - 002121664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-04-07 23:15 - 2022-03-18 11:06 - 001600680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-04-07 23:15 - 2022-03-18 11:06 - 001529920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-04-07 23:15 - 2022-03-18 11:06 - 001175696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-04-07 23:15 - 2022-03-18 11:06 - 000981672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-04-07 23:15 - 2022-03-18 11:06 - 000712640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-04-07 23:15 - 2022-03-18 11:05 - 008610472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-04-07 23:15 - 2022-03-18 11:05 - 007713856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-04-07 23:15 - 2022-03-18 11:05 - 005101536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-04-07 23:15 - 2022-03-18 11:05 - 002931880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-04-07 23:15 - 2022-03-18 11:05 - 000792232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-04-07 23:15 - 2022-03-18 11:05 - 000456848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-04-07 23:15 - 2022-03-18 11:03 - 000850064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-04-07 23:15 - 2022-03-18 11:02 - 007611808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-04-07 23:15 - 2022-03-18 11:02 - 006458864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-04-07 23:15 - 2022-03-18 00:33 - 000089337 _____ C:\WINDOWS\system32\nvinfo.pb
2022-04-07 10:57 - 2022-04-07 10:57 - 000000000 ____H C:\Users\Eldritch\BITE329.tmp
2022-03-24 04:24 - 2022-04-09 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net-Peeker

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-16 01:38 - 2022-03-10 18:22 - 000000000 ____D C:\FRST
2022-04-16 00:50 - 2018-08-28 04:35 - 000000000 ____D C:\Users\Eldritch\AppData\LocalLow\Mozilla
2022-04-15 21:48 - 2018-06-28 12:26 - 000000000 __SHD C:\Users\Eldritch\IntelGraphicsProfiles
2022-04-14 07:28 - 2020-09-16 08:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-11 04:15 - 2020-12-25 01:25 - 000008192 ___SH (Microsoft Corporation) C:\DumpStack.log.tmp
2022-04-11 03:55 - 2021-04-29 05:15 - 000000000 ____D C:\Users\Eldritch\Downloads\Norton
2022-04-10 18:10 - 2020-08-28 05:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Education Edition
2022-04-10 08:16 - 2018-09-25 03:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-04-10 05:12 - 2017-11-04 17:30 - 000000000 ____D C:\ProgramData\Package Cache
2022-04-10 04:20 - 2019-01-17 19:30 - 000000000 ____D C:\Users\Eldritch\Downloads\Bandwidth managers
2022-04-10 03:08 - 2021-02-01 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2022-04-10 02:18 - 2021-11-01 01:36 - 000000000 ____D C:\NEO - The World Ends with You
2022-04-10 02:17 - 2022-01-18 02:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2022-04-10 01:32 - 2019-01-17 03:08 - 000000000 ____D C:\Users\Eldritch\Downloads\Utilities
2022-04-10 01:03 - 2021-03-30 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2022-04-10 00:34 - 2019-06-02 03:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-04-09 23:05 - 2018-09-03 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2022-04-09 14:05 - 2017-11-04 17:32 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-04-09 13:48 - 2018-01-16 22:29 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-04-09 13:47 - 2018-01-16 22:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-04-09 13:18 - 2018-06-28 12:30 - 000000000 ___RD C:\Users\Eldritch\OneDrive
2022-04-09 13:12 - 2018-06-28 12:26 - 000000000 ___RD C:\Users\Eldritch\3D Objects
2022-04-09 13:12 - 2017-10-06 07:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-04-09 11:57 - 2022-01-18 03:49 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-04-09 11:57 - 2021-02-25 18:12 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LDPlayer64
2022-04-09 11:57 - 2020-12-22 12:14 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antamedia
2022-04-09 11:57 - 2020-12-17 09:01 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gametree
2022-04-09 11:52 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-04-09 11:28 - 2018-01-16 22:34 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2022-04-09 11:27 - 2018-01-16 22:39 - 000000000 ____D C:\WINDOWS\HP
2022-04-09 11:25 - 2018-01-16 22:37 - 000000000 ____D C:\ProgramData\Synaptics
2022-04-09 11:25 - 2018-01-16 22:27 - 000000000 ____D C:\Program Files (x86)\Realtek
2022-04-09 11:25 - 2017-11-04 17:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2022-04-09 11:25 - 2017-11-04 17:32 - 000000000 ___RD C:\Program Files (x86)\Online Services
2022-04-09 11:25 - 2017-11-04 17:32 - 000000000 ____D C:\ProgramData\HP
2022-04-09 11:25 - 2017-11-04 17:32 - 000000000 ____D C:\ProgramData\Apple
2022-04-09 11:24 - 2018-01-16 22:27 - 000000000 ____D C:\Program Files (x86)\Intel
2022-04-09 11:24 - 2017-11-04 17:32 - 000000000 ___RD C:\Program Files\Online Services
2022-04-09 11:24 - 2017-11-04 17:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-04-09 11:24 - 2017-11-04 17:31 - 000000000 ____D C:\Program Files (x86)\HP
2022-04-09 11:24 - 2017-11-04 17:31 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-04-09 11:23 - 2018-01-16 22:34 - 000000000 ____D C:\Program Files\Common Files\Intel
2022-04-09 11:23 - 2017-11-04 17:34 - 000000000 ____D C:\Program Files\HPCommRecovery
2022-04-09 11:23 - 2017-11-04 17:31 - 000000000 ____D C:\Program Files\HP
2022-04-09 00:34 - 2022-01-18 03:49 - 000000000 ____D C:\GrandChase
2022-04-07 23:24 - 2021-11-22 07:46 - 000000000 ____D C:\Users\Eldritch\Downloads\BGM
2022-04-07 22:14 - 2021-02-25 18:56 - 000000000 ____D C:\Users\Eldritch\.Ld2VirtualBox
2022-04-06 22:30 - 2020-11-03 18:57 - 000000000 ____D C:\Users\Eldritch\Downloads\Notes
2022-03-30 15:27 - 2022-01-21 06:22 - 000000000 ____D C:\Elsword
2022-03-29 09:22 - 2021-10-24 19:45 - 000000000 ____D C:\Users\Eldritch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2022-03-19 18:10 - 2022-01-19 04:56 - 000000000 ____D C:\Elsword EU

==================== Files in the root of some directories ========

2022-04-09 20:59 - 2022-04-10 10:31 - 000007627 _____ () C:\Users\Eldritch\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am
Advertisement
Register to Remove

Re: Help with spyware

Unread postby Eldritch » April 15th, 2022, 1:54 pm

And here is the Addition log. Preview said the first post was too long with this included, so had to put it on another post.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2022
Ran by Eldritch (16-04-2022 01:40:42)
Running from C:\Users\Eldritch\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1620 (X64) (2022-04-09 05:11:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1006872022-3032962147-1773234815-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1006872022-3032962147-1773234815-503 - Limited - Disabled)
Eldritch (S-1-5-21-1006872022-3032962147-1773234815-1001 - Administrator - Enabled) => C:\Users\Eldritch
Guest (S-1-5-21-1006872022-3032962147-1773234815-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1006872022-3032962147-1773234815-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP 3D DriveGuard (HKLM-x32\...\{301F57A8-9CF2-4E0B-B742-26A80AF43CE6}) (Version: 6.0.44.1 - HP)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{10F0BF3E-DBDB-422A-8C12-B4D46711D7C8}) (Version: 2.22.2 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{FF81F9EB-61C1-48A4-8EE5-45C5D61BC0E0}) (Version: 12.19.53.13 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{4B0A7A8A-ECE5-4639-9A0D-C535F354313D}) (Version: 1.4.26 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{2EC9AB64-3ACA-460D-B309-0A7052B0C8C0}) (Version: 1.1.21.1 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4815 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.3.1019 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000071-0190-1033-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8060a69f-ee27-444b-b126-775f861232ea}) (Version: 20.0.2 - Intel Corporation)
Java 8 Update 321 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
K-Lite Mega Codec Pack 16.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.9.5 - KLCP)
MCC Tool Chest PE (HKLM-x32\...\{822D45B5-B729-4511-8967-2714CE611B8D}) (Version: 0.00.0100 - MCCToolChest)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.39 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Minecraft: Education Edition (HKLM-x32\...\{4B83BB7B-FA66-4CEE-B8F6-92E03A2678E9}) (Version: 1.17.32.00 - Microsoft Studios) Hidden
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.32.00) (Version: 1.17.32.00 - Microsoft Studios)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 99.0.1 (x64 en-US)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0 - Mozilla)
NetLimiter 4 (HKLM\...\{6B87DB1D-BC93-44BF-B156-9F3BA64CE86D}) (Version: 4.1.12.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.1.12.0) (Version: 4.1.12.0 - Locktime Software)
Norton Security (HKLM-x32\...\NGC) (Version: 22.22.3.9 - NortonLifeLock Inc)
NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.162 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.19.627.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8228 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Wise Memory Optimizer 4.1.6 (HKLM\...\Wise Memory Optimizer_is1) (Version: 4.1.6 - WiseCleaner.com, Inc.)

Packages:
=========
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2022-04-10] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.443.0_x86__v10z8vjag6ke6 [2022-04-09] (HP Inc.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13426.20404.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13426.20404.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13426.20404.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13426.20404.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13426.20404.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13426.20404.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13426.20404.0_x86__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-04-10] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-04-09] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1006872022-3032962147-1773234815-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Eldritch\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1006872022-3032962147-1773234815-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Eldritch\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1006872022-3032962147-1773234815-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Eldritch\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126951.inf_amd64_94804e3918169543\igfxDTCM.dll [2018-08-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvhmig.inf_amd64_715167e770b0a27c\nvshext.dll [2022-03-18] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.3.9\buShell.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.3.9\NavShExt.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\windows\system32\huffyuv.dll [55296 2005-01-22] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\windows\system32\lagarith.dll [148992 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-19] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-26] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-25] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-04-09 23:04 - 2022-02-28 17:00 - 000375296 _____ () [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\libbluray.dll
2022-04-11 11:13 - 2022-04-11 11:13 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\4e12ea4b2f7cb4f9a7240a1e99f31942\BRIDGECommon.ni.dll
2022-04-10 14:48 - 2022-04-10 14:48 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\2aa319e6981eb4e74b026e428c565105\BridgeExtension.ni.dll
2022-04-10 14:49 - 2022-04-10 14:49 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\e0ee64a9410fcbbfa5405839ed775541\CleanStartController.ni.dll
2022-04-10 14:50 - 2022-04-10 14:50 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\9c61e232f3d811f8cd51449aadb71385\Interop.IWshRuntimeLibrary.ni.dll
2022-04-10 14:49 - 2022-04-10 14:49 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\dbc8609c9992952ae1d75e9c6c439088\RegistrationUtilities.ni.dll
2022-04-09 23:04 - 2022-02-28 17:00 - 000304128 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVAudio.ax
2022-04-09 23:04 - 2022-02-28 17:00 - 000652288 _____ (1f0.de - Hendrik Leppkes) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVSplitter.ax
2022-04-09 23:04 - 2022-02-28 17:00 - 014062080 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avcodec-lav-59.dll
2022-04-09 23:04 - 2022-02-28 17:00 - 005100544 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avformat-lav-59.dll
2022-04-09 23:04 - 2022-02-28 17:00 - 000678400 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\avutil-lav-57.dll
2022-04-09 23:04 - 2022-02-28 17:00 - 000122368 _____ (FFmpeg Project) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\swresample-lav-4.dll
2022-04-10 14:49 - 2022-04-10 14:49 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\3ac4f2deb6cc74cf95730338d1de9520\Hardcodet.Wpf.TaskbarNotification.ni.dll
2022-04-10 14:48 - 2022-04-10 14:48 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\0aaeb86bc829bc531877985eee056616\CommonPortable.ni.dll
2022-04-10 00:34 - 2021-12-26 22:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-04-10 14:50 - 2022-04-10 14:50 - 001585152 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\2d006b21116e08c21e98099cf6673402\NAudio.ni.dll
2022-04-10 14:47 - 2022-04-10 14:47 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\ac644a39262c8a347e2fa74944e77bc1\Newtonsoft.Json.ni.dll
2022-04-10 14:49 - 2022-04-10 14:49 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\28f0d6365316e8772022d17e3bdfedd7\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Eldritch\Application Data:2e7adecd915fad7ede6cff9c6c6e4e6e [394]
AlternateDataStreams: C:\Users\Eldritch\AppData\Roaming:2e7adecd915fad7ede6cff9c6c6e4e6e [394]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.3.9\coIEPlg.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll [2022-04-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-04-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-28] (HP Inc. -> HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.3.9\coIEPlg.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-28] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.3.9\coIEPlg.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.3.9\coIEPlg.dll [2022-04-05] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 21:46 - 2017-09-29 21:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1006872022-3032962147-1773234815-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5668F1EC-0CA3-4DFC-A3D2-AC47A1EB035F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{D28FF3CC-2F93-431E-B48F-8CAC4DC373E3}] => (Allow) C:\Program Files (x86)\NetPeeker\NPConsole.exe => No File
FirewallRules: [{4CE30AB9-F798-4701-9EA5-8824D3735846}] => (Allow) C:\Program Files (x86)\NetPeeker\NPConsole.exe => No File
FirewallRules: [{CED12F8E-4D1B-4769-954F-1E640656A1E6}] => (Allow) C:\Elsword\data\x2.exe (KOG Co., Ltd. -> )
FirewallRules: [{1B630BB6-070F-46D9-AAB4-5F68D849700D}] => (Allow) C:\Elsword\data\x2.exe (KOG Co., Ltd. -> )
FirewallRules: [{FA163615-A0F0-4EE6-87D3-094649AF5B56}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F5574039-CA2C-42AA-82F0-D71994D4FB2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{12C110E4-3D14-47FC-961E-C6CA63EDD960}] => (Allow) C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\Minecraft.Windows.exe (Microsoft Corporation -> )

==================== Restore Points =========================

11-04-2022 12:20:17 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/16/2022 01:34:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NLClientApp.exe, version: 4.1.12.0, time stamp: 0x617862af
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1566, time stamp: 0x0833f2d4
Exception code: 0xc000041d
Fault offset: 0x0000000000034f69
Faulting process id: 0x137c
Faulting application start time: 0x01d850cff0614c02
Faulting application path: C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f0b26c9c-a67e-4f1d-9875-304909a6c3db
Faulting package full name:
Faulting package-relative application ID:

Error: (04/16/2022 01:34:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NLClientApp.exe, version: 4.1.12.0, time stamp: 0x617862af
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1566, time stamp: 0x0833f2d4
Exception code: 0xe0434352
Fault offset: 0x0000000000034f69
Faulting process id: 0x137c
Faulting application start time: 0x01d850cff0614c02
Faulting application path: C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: d9328c33-e0e9-49f4-bcc7-9238de6e77f7
Faulting package full name:
Faulting package-relative application ID:

Error: (04/16/2022 01:34:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: NLClientApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
at System.Windows.Media.Composition.DUCE+Channel.SyncFlush()
at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean, System.Nullable`1<ChannelSet>)
at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr)
at System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

Error: (04/15/2022 11:57:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 99.0.1.8136, time stamp: 0x62547a44
Faulting module name: mozglue.dll, version: 99.0.1.8136, time stamp: 0x62547a2f
Exception code: 0x80000003
Fault offset: 0x00000000000581de
Faulting process id: 0x119c
Faulting application start time: 0x01d85076490888cd
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: 81b846a8-0f62-4113-8f51-6f4c91c4ee4b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/15/2022 02:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: usoclient.exe, version: 10.0.19041.1503, time stamp: 0x96524c58
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x528
Faulting application start time: 0x01d85029c1aac1b4
Faulting application path: C:\WINDOWS\System32\usoclient.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: d7b157db-0921-4fec-a5ba-cc3ec24d2044
Faulting package full name:
Faulting package-relative application ID:

Error: (04/14/2022 07:58:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: usoclient.exe, version: 10.0.19041.1503, time stamp: 0x96524c58
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x15d4
Faulting application start time: 0x01d84ff6ebd29c32
Faulting application path: C:\WINDOWS\System32\usoclient.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 8ada0b1e-2869-4263-96e2-e17e136e714a
Faulting package full name:
Faulting package-relative application ID:

Error: (04/14/2022 08:48:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: usoclient.exe, version: 10.0.19041.1503, time stamp: 0x96524c58
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x1078
Faulting application start time: 0x01d84f9952691702
Faulting application path: C:\WINDOWS\System32\usoclient.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 31723c74-028d-443d-92a3-b90ba7083082
Faulting package full name:
Faulting package-relative application ID:

Error: (04/14/2022 01:55:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: usoclient.exe, version: 10.0.19041.1503, time stamp: 0x96524c58
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x7bc
Faulting application start time: 0x01d84f5fb245d3bb
Faulting application path: C:\WINDOWS\System32\usoclient.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 6ebc2d7b-f65c-482a-86c0-d0d8cc859baf
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/15/2022 10:32:29 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-1O0LBCKU)
Description: Unable to start a DCOM Server: Microsoft.MicrosoftEdge_44.19041.1266.0_neutral__8wekyb3d8bbwe!MicrosoftEdge as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (04/15/2022 09:47:12 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/14/2022 07:55:51 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/11/2022 12:20:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Extension - 12/16/2018 12:00:00 AM - 20.110.1.1.

Error: (04/11/2022 07:16:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (04/10/2022 06:05:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Minecraft Education Updater service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (04/10/2022 04:07:25 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (04/10/2022 05:51:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================Event[0]:

Date: 2022-04-09 20:20:01
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.363.62.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19100.5
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-04-09 11:31:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 0.0.0.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024004a
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===============
Date: 2022-04-16 01:23:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.3.9\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2022-04-15 21:58:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.3.9\symamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.38 05/24/2017
Motherboard: HP 8259
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 8077.22 MB
Available physical RAM: 3424.2 MB
Total Virtual: 8077.22 MB
Available Virtual: 2330.13 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.46 GB) (Free:723.07 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.82 GB) (Free:1.55 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b9082327-8c3b-4f6d-b48d-f0ffba1463d2}\ () (Fixed) (Total:0.96 GB) (Free:0.4 GB) NTFS
\\?\Volume{843d68c9-0eaa-4603-9b8a-056f2f57dc16}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 27957957)

Partition: GPT.

==================== End of Addition.txt =======================
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby Gary R » April 16th, 2022, 12:48 am

Please follow the instructions I posted in your previous topic ... https://www.malwareremoval.com/forum/vi ... 99#p667125 .... and when you've finished post the Search.txt log I asked for in your new topic, and we'll take things from there.

Please note that unless you let me know in advance that you're not going to be able to reply within 3 days, then I will close any topic that has not received a reply in that time.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25696
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with spyware

Unread postby Eldritch » April 16th, 2022, 7:34 pm

Hello, Preview said the post was too long, so I attached Search.txt.
You do not have the required permissions to view the files attached to this post.
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby Gary R » April 17th, 2022, 12:55 am

Looking over your search log now. Because of the number of orphan entries found, it will take me a while to create a script to remove them, but I'll be back as soon as I have.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25696
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with spyware

Unread postby Gary R » April 17th, 2022, 3:03 am

OK, lets remove the orphans on your computer ...

  • Download the file Fixlist.txt attached to this post to your Desktop. (must be in this location)
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Fix button.
    • FRST will process the fixlist and when finished it will produce a log named Fixlog.txt
    • Please attach it to your next reply.

Next ...

REBOOT YOUR COMPUTER ..... this is important.

Next ...

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please attach them to your next reply.
You do not have the required permissions to view the files attached to this post.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25696
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with spyware

Unread postby Eldritch » April 17th, 2022, 7:04 pm

Hello, here are the logs you asked for.
You do not have the required permissions to view the files attached to this post.
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby Gary R » April 18th, 2022, 2:41 am

OK, no obvious signs of an active infection on your machine, but there are a few things that need attention.

First ....

I notice you have a number of Ad blocking add-ons on your various browsers, having more than one will only slow down your browser. So I recommend you choose one to keep, and remove the rest. Personally I use uBlockOrigin ... https://ublockorigin.com/ ... as it's relatively light on resources, and can be configured to add as many or as few blocking lists as you wish.

Next ...

Please uninstall the following Chrome extension(s) ...

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]


https://www.timeatlas.com/uninstall-chrome-extensions/

Next ...

  • Download the file Fixlist.txt attached to this post to your Desktop. (must be in this location)
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Fix button.
    • FRST will process the fixlist and when finished it will produce a log named Fixlog.txt
    • Please post it in your next reply.

Next ...

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please attach them in your next reply.
You do not have the required permissions to view the files attached to this post.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25696
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with spyware

Unread postby Eldritch » April 18th, 2022, 6:56 pm

I don't have Chrome installed right now, though. Should I do something with Edge or Firefox? Should I install Chrome? Also, you mean one adblocker per browser, right?

By the way, yesterday, while I was playing Elsword, my entire computer screen suddenly went black for a few seconds and when the display came back, my desktop resolution had changed. When I checked Device Manager, both of my Display adapters had yellow exclamation points on them, and apparently Windows had disabled them because they were causing problems. I enabled them again and everything went back to normal, but is this something to be concerned about?

I'm kind of stalled on that second step, so please clarify how I should continue.

...Actually, what is CHR-HKLM? I can't find any mention of it in the article you linked me.
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby Gary R » April 19th, 2022, 12:41 am

Yes, one ad-blocker per browser.

The extension you'd need to look for is .... iikflkcanblccfahdhdonehdalibjnif| .... which is why I highlighted it in red.

However if you don't have Chrome installed then skip stage 2, the Chrome entries in your FRST log are obviously just orphans, they're not overly important, and we can remove them later if necessary.

So just follow the instructions to run the Fixlist, and then post me the Fixlog, and then run a new scan with FRST, and attach your new Frst.txt and Addition.txt.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25696
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with spyware

Unread postby Eldritch » April 19th, 2022, 4:09 pm

That string of characters doesn't look like any of the extensions I've ever installed...

In any case, here are the logs you asked for.
You do not have the required permissions to view the files attached to this post.
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby Gary R » April 19th, 2022, 5:44 pm

Latest logs look good, however since you don't have Chrome installed, and there are still Chrome entries in FRST.txt, I'd like to run a search to see what Chrome orphans are still on your machine.

So ....

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    SearchAll: chrome; google

    • Press the Search Files button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply (or attach it if it is too large to post).

Next ...

I'd also like you to run an online scan for me ...

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25696
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with spyware

Unread postby Eldritch » April 21st, 2022, 2:17 am

Um... I messed up the ESET scan. I automatically clicked the Continue button without saving a scan log.

On the first scan it found a Potentially Unwanted Program, which was the JDownloader installer in my Downloads folder. ESET deleted it. There was only that one detection, but I ran another scan just so I could save a log.

Here is the scan log from the second ESET scan:

2022/04/21 14:08:09 PM
Files scanned: 400723
Detected files: 0
Cleaned files: 0
Total scan time: 02:56:53
Scan status: Finished

The Search log from FRST64 is too long, so I've attached it.
You do not have the required permissions to view the files attached to this post.
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am

Re: Help with spyware

Unread postby Gary R » April 21st, 2022, 3:17 am

It's clear from your search log that Chrome did not properly uninstall from your computer.

As there are literally thousands of entries remaining, it is not practical to write a script to remove them, so please do the following ...

First ...

Re-install Chrome ... https://www.google.co.uk/chrome/

I know this sounds counter intuitive, but by re-installing, we can give it another chance to uninstall properly.

Next ...

Reboot your computer (this is important)

Next ...

Uninstall Chrome, using these instructions ... https://support.google.com/chrome/answe ... rm=Desktop ... and ensure you use the option to Also delete your browsing data.

Next ...

Reboot your computer

Next ...

Please run a new scan with FRST, and post me your new Frst.txt and Addition.txt logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25696
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help with spyware

Unread postby Eldritch » April 23rd, 2022, 5:42 am

Hello, here are the logs you asked for.
You do not have the required permissions to view the files attached to this post.
Eldritch
Regular Member
 
Posts: 19
Joined: March 10th, 2022, 6:45 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware