Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I need help removing a program called Active search bar

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 24th, 2022, 10:39 am

Hello i have recenly been having problem with a program called Active Search bar.

This program somehow got onto my pc and since then it has been altering certain things in my browser. I have since then installed a better anti virus program and it's been giving me constant hits for Pup's and adds/trackers.
I have attempted to remove this program myself but since it's somehow 'managed by your organisation' i have failed to remove it for longer then a few hours.
I have tried using various malware removers and anti virus programs but they all seem to fail at removing this program.

If any more details or such are required please reach out to me!
Many thanks in advance for helping me out with this problem.




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-05-2022
Ran by rickn (administrator) on DESKTOP-EOI4ID8 (PC Specialist LTD NH5x_NH7x_HHx_HJx_HKx) (24-05-2022 16:32:12)
Running from C:\Users\rickn\Downloads
Loaded Profiles: rickn
Platform: Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <53>
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2205.1001.6.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.65.8001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.65.8001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_1d904fb473804a73\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f82b8b1a0b601f77\RtkAudUService64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\rickn\AppData\Local\Microsoft\OneDrive\22.089.0426.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f82b8b1a0b601f77\RtkAudUService64.exe [1343080 2021-09-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [Discord] => C:\Users\rickn\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-05-21] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\rickn\AppData\Local\Microsoft\Teams\Update.exe [2508480 2022-05-07] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3146944 2022-03-31] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [WallpaperEngine] => D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe [3379360 2021-12-04] (Skutta, Kristjan -> )
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\101.0.4951.67\Installer\chrmstp.exe [2022-05-24] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-05-24]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03365467-0A45-48E2-B0FD-AFC765FB2115} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Schedule #3 created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {0A0AD7D2-4F96-415C-9BD3-39DA28DBE932} - System32\Tasks\MicrosoftPrintWorkflowService => powershell -File C:/Windows/System32/PrintWorkflowService.ps1
Task: {1D101E3C-9320-43D3-BE80-3A85AC9CCCD1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1DBD0454-445D-448E-9B73-6FDEC699FA44} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {1FC0A381-3112-436D-83B4-F837D3C39271} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {213E43C7-7913-4521-9B53-7EC03C0A44A7} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\OS Edition Upgrade event listener created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {2629DB6D-666A-41D1-9EB8-3D81688297AC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {26FB7D69-6334-431F-873C-FE2C15F738CC} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {294BA742-94FC-4D2D-8FC9-E5D25FC35DE2} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {2B85620C-3C6F-4D00-A1C0-800B6F5187CA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E6DB80A-9827-4CB7-8A8E-BB480173E339} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {36CC2CF8-C8AB-45D6-9B8F-1E80D72C5F3D} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C89A338-3432-4B14-851F-BF3908D4D53E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144784 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {4572DBD5-BF32-4323-85A0-24598E76D8CA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {461BE116-827F-4797-9DF4-25B3E8455AE5} - System32\Tasks\Opera scheduled assistant Autoupdate 1642411863 => C:\Users\rickn\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\rickn\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {48C7A445-80DA-40F7-9DBC-F1DD5070E665} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-05-24] (Google LLC -> Google LLC)
Task: {4A73F7AD-5678-4DF5-904D-A8EF77628876} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894016 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {50457816-5D25-4482-B544-1B221E9970B3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {5124B93A-C153-4779-8BFD-51AE4B1A2281} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144784 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D7B3483-E8FB-4463-B9AE-ADD736605C67} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Schedule to run OMADMClient by server => C:\windows\system32\omadmclient.exe [431616 2022-05-12] (Microsoft Windows -> Microsoft Corporation)
Task: {696C78A6-5DCC-4C08-9008-93E74500E711} - System32\Tasks\MicrosoftPrintWorkflowService_2 => powershell -File C:/Windows/System32/PrintWorkflowService.ps1
Task: {6DB6CD30-319F-4B6E-B359-A9D136703866} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Schedule to run OMADMClient by client => C:\windows\system32\omadmclient.exe [431616 2022-05-12] (Microsoft Windows -> Microsoft Corporation)
Task: {6FD90A83-16B1-4B11-9441-3129D90F4ABC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894016 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {7227FD53-DFBF-4075-A789-B81C63AF80B3} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F14F186-6C9E-486B-AB0E-B7B3C0E7F32E} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\101.0.1210.39\Installer\setup.exe [3206048 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F3DB21F-4BF4-4EA1-8A65-18F9938A1006} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80A11D42-EE61-4518-8574-C93782EA5B7D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Win10 S Mode event listener created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {8E204512-BE65-4188-B37E-1705451F3EB7} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96C5BD2A-5615-438C-A364-E70912138FE6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Passport for Work alert created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {A4F00516-5249-42D7-A544-6B90C7768504} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A90B14DB-CBD4-4324-81B7-63EE050780D4} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {B9B7642C-54FB-48EA-882B-2E104322DCC4} - System32\Tasks\Opera scheduled Autoupdate 1642411857 => C:\Users\rickn\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {D3D30B52-03E0-4E3C-9447-8C61BB6AE7CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-05-24] (Google LLC -> Google LLC)
Task: {ED0BEDCE-FB13-480E-8D82-870FF0526BAF} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4103336 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFE158A7-6A34-45C8-A613-5EF40DF77FDC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Maintenance Schedule created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {F45F06B0-7235-432F-B36F-F968B3B31CCF} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Provisioning initiated session => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{141af3ea-9ed4-4fdf-9a1b-8178c52f2df3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44777945-0752-4cab-9686-cb3de5aa4490}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rickn\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-24]
Edge DefaultSearchURL: Default -> hxxps://customsearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
Edge DefaultSearchKeyword: Default -> csb
Edge Extension: (the web) - C:\Users\rickn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hbkoplpognibijnebmppjnjhmpigoiae [2022-05-19]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\rickn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-24]
Edge Extension: (Dictionary Extension) - C:\Users\rickn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibedapgehhbeliiebcombkimidojbjl [2022-05-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default [2022-05-24]
CHR DefaultSearchURL: Default -> hxxps://activesearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
CHR DefaultSearchKeyword: Default -> asb
CHR DefaultSuggestURL: Default -> hxxps://activesearchbar.me/suggest/?q={searchTerms}
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-24]
CHR Extension: (the web) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkofdnfadkamabkgjdjcddeopopbdjhg [2022-05-24]
CHR Extension: (Google Updater) - C:\Windows\InternalKernelGrid [2022-05-14]
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old [2022-05-24] <==== ATTENTION
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-17]
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-05-24]
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-05-24]
CHR HomePage: Profile 2 -> hxxp://www.google.com/
CHR DefaultSearchURL: Profile 2 -> hxxps://activesearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
CHR DefaultSearchKeyword: Profile 2 -> asb
CHR DefaultSuggestURL: Profile 2 -> hxxps://activesearchbar.me/suggest/?q={searchTerms}
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-20]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-05-24]
CHR Extension: (the web) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkofdnfadkamabkgjdjcddeopopbdjhg [2022-05-24]
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\System Profile [2022-05-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\rickn\AppData\Roaming\Opera Software\Opera Stable [2022-01-17]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\rickn\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-17]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\rickn\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-09-17] (BattlEye Innovations e.K. -> )
S2 CCDCHUService; C:\windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\DCHUService.exe [79128 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11762616 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
S2 HKClipSvc; C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe [431696 2019-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-19] (Malwarebytes Inc. -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [975088 2022-04-22] (McAfee, LLC -> McAfee, LLC)
S3 OfficeSvcManagerAddons; C:\windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2575064 2022-03-31] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3494672 2022-03-31] (Electronic Arts, Inc. -> Electronic Arts)
S2 UWPService; C:\windows\SysWOW64\Creative.UWPRPCService.exe [357288 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 EpicOnlineServices; "C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_1d904fb473804a73\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_1d904fb473804a73\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiBridge; C:\windows\System32\drivers\AcpiBridge.sys [54176 2021-09-08] (Insyde Software Corp. -> Insyde Software Corporation)
S3 AppleLowerFilter; C:\windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 bhtsddr; C:\windows\System32\drivers\bhtsddr.sys [172600 2021-03-25] (BayHub Technology Inc. -> BayHubTech)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [103888 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 HKKbdFltr; C:\windows\system32\DRIVERS\HKKbdFltr.sys [40320 2019-03-06] (WDKTestCert stone.cheng,131963286194994418 -> Insyde Software Corp.)
R3 HKMouFltr; C:\windows\system32\DRIVERS\HKMouFltr.sys [38552 2019-03-06] (WDKTestCert stone.cheng,131963286194994418 -> Insyde Software Corp.)
R3 iaLPSS2_GPIO2_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-27] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-27] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2020-11-06] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R0 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [223176 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [194512 2022-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [70088 2022-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [181992 2022-05-24] (Malwarebytes Inc. -> Malwarebytes)
R3 MBfilt; C:\windows\system32\drivers\MBfilt64.sys [34712 2021-03-02] (WDKTestCert ctl_avpbuild,131450919658074287 -> Creative Technology Ltd.)
R3 nvpcf; C:\windows\System32\drivers\nvpcf.sys [200992 2021-03-16] (NVIDIA Corporation -> NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [1366408 2021-02-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-24 16:32 - 2022-05-24 16:32 - 000028138 _____ C:\Users\rickn\Downloads\FRST.txt
2022-05-24 16:32 - 2022-05-24 16:32 - 000000000 ____D C:\FRST
2022-05-24 16:30 - 2022-05-24 16:31 - 002367488 _____ (Farbar) C:\Users\rickn\Downloads\FRST64.exe
2022-05-24 16:30 - 2022-05-24 16:30 - 002072064 _____ (Farbar) C:\Users\rickn\Downloads\FRST.exe
2022-05-24 16:20 - 2022-05-24 16:20 - 013471344 _____ C:\Users\rickn\Downloads\MB-SupportTool.exe
2022-05-24 16:20 - 2022-05-24 16:20 - 002367488 _____ (Farbar) C:\Users\rickn\Downloads\FRSTEnglish.exe
2022-05-24 16:11 - 2022-05-24 16:11 - 008551608 _____ (Malwarebytes) C:\Users\rickn\Downloads\adwcleaner.exe
2022-05-24 16:11 - 2022-05-24 16:11 - 000000000 ____D C:\AdwCleaner
2022-05-24 16:09 - 2022-05-24 16:09 - 000001357 _____ C:\Users\rickn\Downloads\delete_chrome_policies.zip
2022-05-24 16:09 - 2022-05-24 16:09 - 000000000 ____D C:\Users\rickn\Downloads\delete_chrome_policies
2022-05-24 16:05 - 2022-05-24 16:10 - 000000000 ____D C:\Program Files (x86)\Google
2022-05-24 16:05 - 2022-05-24 16:05 - 001414600 _____ (Google LLC) C:\Users\rickn\Downloads\ChromeSetup.exe
2022-05-24 15:58 - 2022-05-24 15:58 - 000000000 ____D C:\Users\rickn\AppData\Roaming\Sun
2022-05-24 15:54 - 2022-05-24 15:54 - 000000000 ____D C:\Users\rickn\AppData\Local\Publishers
2022-05-24 15:51 - 2022-05-24 16:19 - 000181992 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2022-05-24 15:51 - 2022-05-24 15:51 - 000194512 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2022-05-24 15:51 - 2022-05-24 15:51 - 000070088 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2022-05-24 15:41 - 2022-05-24 15:41 - 095381752 _____ (McAfee, LLC) C:\Users\rickn\Downloads\McAfee_Malware_Cleaner.exe
2022-05-24 10:26 - 2022-05-24 10:26 - 000000000 ____D C:\Users\rickn\Downloads\The_Realm_of_Lucira_-_Public_Release_045c
2022-05-24 10:25 - 2022-05-24 10:26 - 000000000 ____D C:\Users\rickn\AppData\Local\WinZip
2022-05-24 10:25 - 2022-05-24 10:25 - 000003662 _____ C:\windows\system32\Tasks\WinZip Update Notifier 2
2022-05-24 10:25 - 2022-05-24 10:25 - 000003660 _____ C:\windows\system32\Tasks\WinZip Update Notifier 3
2022-05-24 10:25 - 2022-05-24 10:25 - 000003660 _____ C:\windows\system32\Tasks\WinZip Update Notifier 1
2022-05-24 10:25 - 2022-05-24 10:25 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-05-24 10:25 - 2022-05-24 10:25 - 000001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Image Manager.lnk
2022-05-24 10:25 - 2022-05-24 10:25 - 000001917 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip PDF Express.lnk
2022-05-24 10:25 - 2022-05-24 10:25 - 000001905 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Secure Backup.lnk
2022-05-24 10:25 - 2022-05-24 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-05-24 10:25 - 2022-05-24 10:25 - 000000000 ____D C:\Program Files\WinZip
2022-05-24 10:21 - 2022-05-24 10:21 - 001016648 _____ (WinZip Computing) C:\Users\rickn\Downloads\winzip26.exe
2022-05-24 10:07 - 2022-05-24 10:07 - 128842576 _____ C:\Users\rickn\Downloads\The_Realm_of_Lucira_-_Public_Release_045c.7z
2022-05-24 10:05 - 2022-05-24 10:05 - 001245725 _____ C:\Users\rickn\Downloads\(No Glow) Revamped Bloodline (V0.2.9 Public).7z
2022-05-20 15:38 - 2022-05-20 15:38 - 000000000 ____D C:\Users\rickn\Downloads\InHerOwnHands-v064a
2022-05-20 14:13 - 2022-05-20 14:13 - 000000000 ____D C:\Users\rickn\Downloads\SteamyParadise-ChapterX_v0.9.6Patreon-pc
2022-05-20 14:12 - 2022-05-20 14:12 - 000000000 ____D C:\Users\rickn\Downloads\Lust_Campus-C5-pc
2022-05-20 14:12 - 2022-05-20 14:12 - 000000000 ____D C:\Users\rickn\Downloads\Eternum-0.3.0-pc
2022-05-20 14:12 - 2022-05-20 14:12 - 000000000 ____D C:\Users\rickn\Downloads\CollegeCraze-0.21-pc
2022-05-20 14:08 - 2022-05-20 14:16 - 905509213 _____ C:\Users\rickn\Downloads\InHerOwnHands-v064a.zip
2022-05-20 14:00 - 2022-05-20 14:01 - 207143139 _____ C:\Users\rickn\Downloads\Lust_Campus-C5-pc.zip
2022-05-20 13:57 - 2022-05-20 13:58 - 839101865 _____ C:\Users\rickn\Downloads\CollegeCraze-0.21-pc.zip
2022-05-20 13:53 - 2022-05-20 13:57 - 2859901393 _____ C:\Users\rickn\Downloads\Eternum-0.3.0-pc.zip
2022-05-20 13:45 - 2022-05-20 13:45 - 205729930 _____ C:\Users\rickn\Downloads\HnS2-v1.0-windows.7z
2022-05-20 13:44 - 2022-05-20 13:44 - 361067653 _____ C:\Users\rickn\Downloads\SteamyParadise-ChapterX_v0.9.6Patreon-pc.zip
2022-05-19 10:22 - 2022-05-19 10:22 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Rel_Pink
2022-05-19 10:11 - 2022-05-19 10:11 - 002546400 _____ (Malwarebytes) C:\Users\rickn\Downloads\MBSetup-2Co.2Co.exe
2022-05-19 10:11 - 2022-05-19 10:11 - 002546400 _____ (Malwarebytes) C:\Users\rickn\Downloads\MBSetup-2Co.2Co (1).exe
2022-05-19 10:09 - 2022-05-19 10:09 - 000000000 ____D C:\Users\rickn\AppData\Local\mbam
2022-05-19 10:08 - 2022-05-19 10:13 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-19 10:08 - 2022-05-19 10:12 - 000223176 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2022-05-19 10:08 - 2022-05-19 10:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-19 10:08 - 2022-05-19 10:12 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-19 10:08 - 2022-05-19 10:08 - 000239560 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2022-05-19 10:08 - 2022-05-19 10:08 - 000103888 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2022-05-19 10:08 - 2022-05-19 10:08 - 000021480 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamElam.sys
2022-05-19 10:07 - 2022-05-19 10:07 - 001883976 _____ (Malwarebytes) C:\Users\rickn\Downloads\MBSetup-090357.090357.exe
2022-05-19 09:55 - 2022-05-19 09:55 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Rel.Pink
2022-05-18 13:59 - 2022-05-18 13:59 - 000302520 _____ C:\Users\rickn\Downloads\indexformulier.pdf
2022-05-17 10:30 - 2022-05-19 09:57 - 000000000 ____D C:\Users\rickn\Downloads\bmotv_0_4_4_f1_unlocked_windows
2022-05-17 10:17 - 2022-05-17 10:17 - 1646761436 _____ C:\Users\rickn\Downloads\PATH_TO_PARADISE_v0.85_R.rar
2022-05-17 10:14 - 2022-05-17 10:21 - 671268268 _____ C:\Users\rickn\Downloads\bmotv_0_4_4_f1_unlocked_windows.zip
2022-05-17 10:14 - 2022-05-17 10:14 - 291097086 _____ C:\Users\rickn\Downloads\ThePriceOfFlesh-market.7z
2022-05-16 10:51 - 2022-05-16 10:51 - 000047599 _____ C:\Users\rickn\Downloads\urenverantwoording-bpv-leerjaar-3-21-22.xlsx
2022-05-14 12:56 - 2022-05-14 12:56 - 000000000 ____D C:\Program Files\Google
2022-05-14 12:55 - 2022-05-14 12:55 - 000000000 ____D C:\windows\InternalKernelGrid
2022-05-13 23:24 - 2022-05-13 23:24 - 000000028 ____H C:\.GamingRoot
2022-05-13 23:24 - 2022-05-13 23:24 - 000000000 ____D C:\XboxGames
2022-05-12 09:45 - 2022-05-12 09:45 - 000288768 _____ C:\windows\system32\Windows.Management.InprocObjects.dll
2022-05-12 09:45 - 2022-05-12 09:45 - 000093696 _____ C:\windows\system32\Drivers\cimfs.sys
2022-05-12 09:45 - 2022-05-12 09:45 - 000011799 _____ C:\windows\system32\DrtmAuthTxt.wim
2022-05-12 09:39 - 2022-05-12 09:39 - 000000000 ___HD C:\$WinREAgent
2022-05-10 09:24 - 2022-05-24 10:31 - 000000000 ____D C:\Users\rickn\AppData\Local\WeMod
2022-05-10 09:23 - 2022-05-10 09:24 - 097548400 _____ (WeMod) C:\Users\rickn\Downloads\WeMod-8.0.13.exe
2022-05-09 13:15 - 2022-05-09 13:15 - 000000000 ____D C:\Users\rickn\Downloads\NoMoreMoney-2.7.2-pc-GOLD
2022-05-09 12:27 - 2022-05-09 12:27 - 000000000 ____D C:\Users\rickn\Downloads\NoMoreMoney-2.7.2-Joker WT & Cheat Mod
2022-05-09 12:10 - 2022-05-09 12:10 - 000000000 ____D C:\Users\rickn\Downloads\SweetSweetAdventure-0.3.2.0-pc
2022-05-09 12:09 - 2022-05-09 12:09 - 000000000 ____D C:\Users\rickn\Downloads\COEDConquest-0.9-pc
2022-05-09 11:56 - 2022-05-09 11:57 - 000000000 ____D C:\Users\rickn\Downloads\The_Whore_of_Babylon_Demon_Queen_Rework_Helen_and_Silvia_Public
2022-05-09 10:19 - 2022-05-09 10:19 - 001171456 _____ C:\Users\rickn\Downloads\NIAutoclicker.x32.exe
2022-05-09 09:56 - 2022-05-09 09:56 - 000000000 ____D C:\windows\ShellServiceLog
2022-05-09 09:52 - 2022-05-09 09:52 - 059667656 _____ C:\Users\rickn\Downloads\AutoClicker_x64LTS.exe
2022-05-09 09:52 - 2022-05-09 09:52 - 059667656 _____ C:\Users\rickn\Downloads\AutoClicker_x64LTS (1).exe
2022-05-09 09:52 - 2022-05-09 09:52 - 000004641 ____R C:\windows\system32\PrintWorkflowService.ps1
2022-05-09 09:52 - 2022-05-09 09:52 - 000003592 _____ C:\windows\system32\Tasks\MicrosoftPrintWorkflowService_2
2022-05-09 09:52 - 2022-05-09 09:52 - 000003518 _____ C:\windows\system32\Tasks\MicrosoftPrintWorkflowService
2022-05-09 09:52 - 2022-05-09 09:52 - 000000036 _____ C:\windows\system32\mfmpeg2srsnk.data
2022-05-06 20:54 - 2022-03-17 16:55 - 004874856 _____ (Intel Corporation) C:\windows\system32\Drivers\Netwtw10.sys
2022-05-06 20:54 - 2022-03-17 16:55 - 001626192 _____ (Intel Corporation) C:\windows\system32\IntelIHVRouter08.dll
2022-05-06 20:54 - 2022-03-17 16:11 - 048759416 _____ C:\windows\system32\Drivers\Netwfw10.dat
2022-05-02 15:56 - 2022-05-02 15:56 - 000000000 ____D C:\Users\rickn\AppData\Local\Foxhole
2022-05-02 14:10 - 2022-05-02 14:10 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Oracle
2022-04-29 14:26 - 2022-04-29 14:26 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\WildQuill
2022-04-29 14:15 - 2022-04-29 14:15 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Dirty Ink Games
2022-04-29 14:14 - 2022-04-29 14:14 - 000000000 ____D C:\Users\rickn\Downloads\Price-Of-Power-Ch10
2022-04-29 14:14 - 2022-04-29 14:14 - 000000000 ____D C:\Users\rickn\Downloads\BigBrotherRenPy_RemakeStory-1.0-pc_fix10_compressed
2022-04-29 14:09 - 2022-04-29 14:47 - 000000000 ____D C:\Users\rickn\Downloads\Sunwave_Hotel_windows_0.11.4
2022-04-29 14:08 - 2022-04-29 14:09 - 014182527 _____ C:\Users\rickn\Downloads\Price-Of-Power-Ch10.zip
2022-04-29 14:03 - 2022-04-29 14:10 - 553583432 _____ C:\Users\rickn\Downloads\Hard Times At Sequoia State Park.rar
2022-04-29 13:58 - 2022-04-29 14:08 - 966319961 _____ C:\Users\rickn\Downloads\Sunwave_Hotel_windows_0.11.4.zip
2022-04-29 13:56 - 2022-04-29 13:56 - 634665751 _____ C:\Users\rickn\Downloads\BigBrotherRenPy_RemakeStory-1.0-pc_fix10_compressed.zip
2022-04-28 15:50 - 2022-04-28 15:50 - 006046996 _____ C:\Users\rickn\Downloads\OptiFine_1.16.5_HD_U_G8.jar
2022-04-28 13:09 - 2022-04-28 13:18 - 000000000 ____D C:\Users\rickn\OneDrive\Afbeeldingen\Documenten\Endless Space 2
2022-04-28 13:09 - 2022-04-28 13:09 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Amplitude studios
2022-04-26 10:09 - 2022-04-26 10:09 - 000000000 ____D C:\Users\rickn\AppData\Local\Ndemic Creations
2022-04-25 21:40 - 2022-04-25 21:40 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\SKS
2022-04-25 17:22 - 2022-04-26 10:09 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Ndemic Creations
2022-04-25 13:33 - 2022-04-25 13:33 - 000000918 _____ C:\Users\rickn\Downloads\Documents - Shortcut.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-24 16:22 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-05-24 16:12 - 2021-06-10 04:29 - 000000000 ____D C:\ProgramData\NVIDIA
2022-05-24 16:11 - 2021-06-17 13:16 - 000000000 ____D C:\Users\rickn\AppData\Roaming\discord
2022-05-24 16:07 - 2021-07-18 19:20 - 000000000 ____D C:\Users\rickn\AppData\Local\Origin
2022-05-24 16:06 - 2021-06-17 13:22 - 000000000 ____D C:\Program Files (x86)\Steam
2022-05-24 16:05 - 2021-06-10 02:44 - 000003578 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-05-24 16:05 - 2021-06-10 02:44 - 000003454 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-05-24 16:05 - 2021-06-10 02:44 - 000002722 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-05-24 16:01 - 2021-06-18 16:57 - 000000000 ____D C:\Users\rickn\AppData\Local\CrashDumps
2022-05-24 15:59 - 2021-06-10 02:50 - 000840618 _____ C:\windows\system32\PerfStringBackup.INI
2022-05-24 15:59 - 2019-12-07 11:13 - 000000000 ____D C:\windows\INF
2022-05-24 15:56 - 2021-06-10 02:42 - 000002635 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-05-24 15:55 - 2019-12-07 11:14 - 000000000 ____D C:\windows\system32\NDF
2022-05-24 15:54 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-05-24 15:54 - 2019-12-07 11:14 - 000000000 ____D C:\windows\AppReadiness
2022-05-24 15:53 - 2021-07-18 19:20 - 000000000 ____D C:\ProgramData\Origin
2022-05-24 15:52 - 2021-06-17 13:16 - 000000000 ____D C:\Users\rickn\AppData\Local\Discord
2022-05-24 15:52 - 2021-06-17 13:15 - 000000000 ___RD C:\Users\rickn\OneDrive
2022-05-24 15:52 - 2021-06-17 13:14 - 000000000 __SHD C:\Users\rickn\IntelGraphicsProfiles
2022-05-24 15:51 - 2021-07-10 10:38 - 000000000 ____D C:\Users\rickn\AppData\Roaming\WeMod
2022-05-24 15:51 - 2021-06-10 02:45 - 000000000 ____D C:\Program Files\Microsoft Office
2022-05-24 15:51 - 2021-06-10 02:42 - 000000006 ____H C:\windows\Tasks\SA.DAT
2022-05-24 15:51 - 2021-06-10 02:42 - 000000000 ____D C:\Intel
2022-05-24 15:51 - 2021-06-10 02:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-05-24 15:51 - 2019-12-07 11:03 - 000786432 _____ C:\windows\system32\config\BBI
2022-05-24 10:31 - 2021-07-10 10:38 - 000000000 ____D C:\Users\rickn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2022-05-24 10:31 - 2021-06-17 13:16 - 000000000 ____D C:\Users\rickn\AppData\Local\SquirrelTemp
2022-05-24 10:28 - 2021-06-10 02:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-05-24 10:25 - 2021-06-17 13:44 - 000000000 ____D C:\ProgramData\WinZip
2022-05-24 10:24 - 2021-06-17 13:14 - 000000000 ____D C:\Users\rickn\AppData\Local\Packages
2022-05-24 10:03 - 2021-06-10 02:41 - 000000000 ____D C:\windows\system32\SleepStudy
2022-05-19 11:49 - 2021-06-20 11:41 - 000000000 ____D C:\Users\rickn\AppData\Roaming\RenPy
2022-05-19 10:08 - 2021-06-17 13:35 - 000000000 ____D C:\Users\rickn\AppData\Roaming\.minecraft
2022-05-19 10:08 - 2019-12-07 11:14 - 000000000 ___HD C:\windows\ELAMBKUP
2022-05-18 14:00 - 2021-06-17 13:16 - 000000000 ____D C:\Users\rickn\AppData\Local\PlaceholderTileLogoFolder
2022-05-16 11:03 - 2021-06-17 13:14 - 000000000 ____D C:\Users\rickn\AppData\Local\D3DSCache
2022-05-13 23:24 - 2021-11-22 10:17 - 000132560 _____ (Microsoft Corporation) C:\windows\system32\gamelaunchhelper.dll
2022-05-13 23:24 - 2021-06-17 13:32 - 000131072 _____ (Microsoft Corporation) C:\windows\system32\gamingtcuihelpers.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 002274768 _____ (Microsoft Corporation) C:\windows\system32\xgameruntime.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 000394704 _____ (Microsoft Corporation) C:\windows\system32\gameplatformservices.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 000222672 _____ (Microsoft Corporation) C:\windows\system32\gamingservicesproxy.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 000198096 _____ (Microsoft Corporation) C:\windows\system32\gameconfighelper.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 000062952 _____ (Microsoft Corporation) C:\windows\system32\gamemodcontrol.exe
2022-05-12 23:34 - 2021-06-10 02:41 - 000439016 _____ C:\windows\system32\FNTCACHE.DAT
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ___SD C:\windows\system32\UNP
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ____D C:\windows\SystemResources
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ____D C:\windows\system32\migwiz
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ____D C:\windows\bcastdvr
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-05-12 23:33 - 2021-06-17 13:12 - 000000000 ____D C:\Users\rickn
2022-05-12 09:48 - 2019-12-07 11:03 - 000000000 ____D C:\windows\CbsTemp
2022-05-11 22:18 - 2021-12-11 13:19 - 000003588 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3213200753-566367429-3474330375-1001
2022-05-11 22:18 - 2021-06-17 13:15 - 000003378 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3213200753-566367429-3474330375-1001
2022-05-11 22:18 - 2021-06-17 13:15 - 000002386 _____ C:\Users\rickn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-05-11 11:03 - 2021-06-17 14:39 - 000000000 ____D C:\Users\rickn\AppData\Roaming\paradox-launcher-v2
2022-05-11 09:50 - 2021-06-19 22:10 - 000000000 ____D C:\windows\system32\MRT
2022-05-11 09:49 - 2021-06-19 22:10 - 145501456 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2022-05-10 08:57 - 2021-06-17 13:50 - 000000000 ____D C:\Users\rickn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-05-09 09:15 - 2022-04-17 13:00 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Unity
2022-05-07 22:16 - 2021-11-22 10:15 - 000004784 _____ C:\windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-05-07 09:28 - 2021-06-22 14:44 - 000002371 _____ C:\Users\rickn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-05-02 15:56 - 2021-07-12 14:01 - 000000000 ____D C:\Users\rickn\AppData\Local\UnrealEngine
2022-04-30 21:46 - 2021-06-17 15:10 - 000000000 ____D C:\Users\rickn\AppData\Local\NVIDIA Corporation

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2022
Ran by rickn (24-05-2022 16:32:47)
Running from C:\Users\rickn\Downloads
Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) (2021-06-11 07:37:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3213200753-566367429-3474330375-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3213200753-566367429-3474330375-503 - Limited - Disabled)
Guest (S-1-5-21-3213200753-566367429-3474330375-501 - Limited - Disabled)
rickn (S-1-5-21-3213200753-566367429-3474330375-1001 - Administrator - Enabled) => C:\Users\rickn
WDAGUtilityAccount (S-1-5-21-3213200753-566367429-3474330375-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{48142e49-e29f-49dd-a151-5b90ff553ab4}) (Version: 2.18.7185.0 - UL)
3DMark (HKLM-x32\...\{DEE2FB12-F371-4A16-86B6-32BD1E5FD306}) (Version: 2.18.7185.0 - UL) Hidden
7-Zip 19.00 (x64) (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Badlion Client (HKLM-x32\...\1de14785-dd8c-5cd2-aae8-d4a376f81d78) (Version: 3.3.3 - Badlion)
Cheat Engine 7.3 (HKLM-x32\...\Cheat Engine_is1) (Version: - Cheat Engine)
ControlCenter 3.0 Package v3.42 (HKLM-x32\...\{52CF73F1-9FE1-4917-AE56-55BF319988EC}) (Version: 3.42 - Control Center)
Discord (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM-x32\...\{407FF531-5AD9-4518-8304-5B54747A19DA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
DZSALauncher version 0.0.5.2 (HKLM-x32\...\DZSALauncher_is1) (Version: 0.0.5.2 - Maca134)
Epic Games Launcher (HKLM-x32\...\{7733DDD0-3513-4A99-BFFE-A6D73BE49B50}) (Version: 1.2.35.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM-x32\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Fallout New California (HKLM-x32\...\FONC) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 101.0.4951.67 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{80ec5470-ac51-4956-b2dc-87dc2cdaa04b}) (Version: 10.1.18698.8258 - Intel(R) Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{8E7A81EF-0B97-4CD2-94E5-CD9E5A2767F4}) (Version: 10.1.18698.8258 - Intel Corporation) Hidden
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.384 - Intel Corporation)
Intel(R) LMS (HKLM-x32\...\{EEBB42F5-AD42-480E-B9B5-4ABD2CB6B609}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2110.15.0.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{CB6870FB-561A-4C01-AFBA-24E5F13DCBC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{D0CA8C15-9932-4952-B3B6-71CF65CD9A60}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM-x32\...\{C6A61C2D-5CD0-42AA-BC42-5F5B573289C0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM-x32\...\{9B007174-D269-4F39-870E-8E1621B3D673}) (Version: 30.100.2104.1 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM-x32\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2104.1 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000040-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.40.0.2 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MagicLauncher 0.1.4 (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\1e614cf8-89e3-599c-ae29-80ee7e65385b) (Version: 0.1.4 - Jadfii)
Malwarebytes version 4.5.9.198 (HKLM-x32\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\OneDriveSetup.exe) (Version: 22.089.0426.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Teams) (Version: 1.5.00.11163 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM-x32\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.112.50486 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM-x32\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive)
PCMark 10 (HKLM-x32\...\{6C46334D-C1E9-40CB-9F2D-86A8A0B689BA}) (Version: 2.1.2508.0 - UL) Hidden
PCMark 10 (HKLM-x32\...\{7b4092b0-5def-4653-8e5d-9427a36fd823}) (Version: 2.1.2508.0 - UL)
QModManager (Below Zero) (HKLM-x32\...\{A535470D-3403-46A2-8D44-28AD4B90C9A3}_is1) (Version: 4.3.0 - QModManager)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.19042.21344 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.46.1231.2020 - Realtek)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 125.1.10585 - Ubisoft)
Vortex (HKLM-x32\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.5.10 - Black Tree Gaming Ltd.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.697 - McAfee, LLC)
WeMod (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\WeMod) (Version: 8.1.0 - WeMod)
WinZip 26.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}) (Version: 26.0.15033 - Corel Corporation)

Packages:
=========
8 Zip - unpack RAR, ZIP, 7z for free -> C:\Program Files\WindowsApps\BooStudioLLC.8ZipLite_1.4.34.0_x64__b6e429xa66pga [2021-09-01] (Finebits OÜ) [MS Ad]
Control Center 3.0 -> C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_3.59.1.0_x64__6h6z29zh29qx0 [2021-10-13] (CLEVO CO.)
Fan Speed Setting -> C:\Program Files\WindowsApps\CLEVOCO.504814C03D814_3.47.0.0_x64__6h6z29zh29qx0 [2021-07-14] (CLEVO CO.)
Flexikey -> C:\Program Files\WindowsApps\CLEVOCO.Flexikey_3.10.0.0_x86__6h6z29zh29qx0 [2021-06-17] (CLEVO CO.)
Fn hot keys and OSD -> C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_3.77.0.0_x64__6h6z29zh29qx0 [2022-02-26] (CLEVO CO.) [Startup Task]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-30] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-21] (INTEL CORP) [Startup Task]
Led Keyboard Setting -> C:\Program Files\WindowsApps\CLEVOCO.LedKeyboardSetting_3.32.0.0_x64__6h6z29zh29qx0 [2021-06-17] (CLEVO CO.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-06-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-06-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.5120.0_x64__8wekyb3d8bbwe [2022-05-20] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-23] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-27] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.27.254.0_x64__dt26b99r8h8gj [2021-10-08] (Realtek Semiconductor Corp)
Sound Blaster Cinema 6 -> C:\Program Files\WindowsApps\CreativeTechnologyLtd.SoundBlasterCinema6_3.0.17.0_x86__13fcda18mhdz2 [2021-06-17] (Creative Technology Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0 [2022-05-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3213200753-566367429-3474330375-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\rickn\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3213200753-566367429-3474330375-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\rickn\OneDrive\Bureaublad\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-19] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\rickn\OneDrive\Bureaublad\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_1d904fb473804a73\nvshext.dll [2021-04-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\rickn\OneDrive\Bureaublad\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-19] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --google-base-url=hxxps://activesearchbar.me --extensions-on-chrome-urls --disable-features=OutdatedBuildDetector --load-extension=C:\Windows\InternalKernelGrid

==================== Loaded Modules (Whitelisted) =============

2022-01-17 11:41 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Users\rickn\OneDrive\Bureaublad\7-Zip\7-zip.dll
2022-01-22 13:03 - 2021-11-26 15:10 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-01-22 13:03 - 2021-11-26 15:10 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2022-01-22 13:03 - 2021-11-26 15:10 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3213200753-566367429-3474330375-1001 -> DefaultScope {0D25C636-15A7-4F59-8EFE-B5495753A241} URL =
SearchScopes: HKU\S-1-5-21-3213200753-566367429-3474330375-1001 -> {0D25C636-15A7-4F59-8EFE-B5495753A241} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-06-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-04-22] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-04-22] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\sharepoint.com -> hxxps://eduofficenl-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2022-05-24 16:12 - 000000852 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rickn\Downloads\swampdav.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/24/2022 04:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2021.21090.10008.0, time stamp: 0x616f6f86
Faulting module name: ntdll.dll, version: 10.0.19041.1682, time stamp: 0x7b5414ec
Exception code: 0xc0000374
Fault offset: 0x00000000000ff249
Faulting process id: 0x4e4
Faulting application start time: 0x01d86f761e5e13f0
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 9fc3ad8b-9c44-4f70-9a39-219f29c78f86
Faulting package full name: Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (05/24/2022 03:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.19041.1503, time stamp: 0xc40fe88f
Faulting module name: MBAPO264.dll, version: 2.1.6.0, time stamp: 0x603cc822
Exception code: 0xc0000005
Fault offset: 0x000000000007137a
Faulting process id: 0x43c0
Faulting application start time: 0x01d86f758e41b68f
Faulting application path: C:\windows\system32\AUDIODG.EXE
Faulting module path: C:\windows\System32\MBAPO264.dll
Report Id: 12604e65-c4a7-4082-a4a9-beb2362b25cd
Faulting package full name:
Faulting package-relative application ID:

Error: (05/24/2022 03:51:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (05/24/2022 03:51:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (05/24/2022 03:41:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/24/2022 03:41:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
The resource loader failed to find MUI file.
.

Error: (05/24/2022 10:22:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
The resource loader failed to find MUI file.
.

Error: (05/24/2022 10:18:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winzip64.exe, version: 50.250.14275.0, time stamp: 0x5f74b3a5
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1706, time stamp: 0x458acb5b
Exception code: 0xc000041d
Fault offset: 0x0000000000034fd9
Faulting process id: 0x7c20
Faulting application start time: 0x01d86f46daf9509f
Faulting application path: C:\Program Files\WinZip\winzip64.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: e527c47c-4311-4e12-853c-61f424d45311
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (05/24/2022 04:12:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee WebAdvisor service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (05/24/2022 04:12:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (05/24/2022 04:12:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/24/2022 04:12:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/24/2022 04:11:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/24/2022 04:11:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Graphics Command Center Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2022 04:11:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2022 04:11:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee WebAdvisor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Restart the service.


Windows Defender:
================
Date: 2022-05-09 09:56:05
Description:
Microsoft Defender Antivirus has detected a suspicious behavior.
Name: Behavior:Win32/DroppedKnownMalware
Severity: Low
Category: Suspicious Behaviour
Path Found: file:_C:\Users\rickn\AppData\Local\Temp\oWUMC6ct\partners\RFileStp7N.tmp; process:_1080
Detection Origin: Local machine
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: C:\Users\rickn\AppData\Local\Temp\oWUMC6ct\partners\RFileStp7N.tmp
Security intelligence ID: 41453017067075
Security intelligence Version: AV: 1.363.1630.0, AS: 1.363.1630.0
Engine Version: 1.1.19200.5
Fidelity Label: Low
Target File Name:

Date: 2022-05-09 09:55:38
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=1
Name: PUAMarketing:Win32/Comscore
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\rickn\AppData\Local\Temp\oWUMC6ct\partners\poinstaller.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\rickn\AppData\Local\Temp\oWUMC6ct\partners\RFileStp7N.tmp
Security intelligence Version: AV: 1.363.1630.0, AS: 1.363.1630.0, NIS: 1.363.1630.0
Engine Version: AM: 1.1.19200.5, NIS: 1.1.19200.5
Event[0]:

Date: 2022-05-15 00:43:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.363.1914.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-04-07 14:49:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.1467.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2022-04-07 14:49:43
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.1467.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80070070
Error description: There is not enough space on the disk.

Date: 2022-04-07 14:49:43
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.1467.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80070070
Error description: There is not enough space on the disk.

CodeIntegrity:
===============
Date: 2022-05-19 10:12:45
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2022-05-13 15:29:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-15 22:22:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-15 21:04:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_66833df3e698aea2\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-01-17 10:31:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: INSYDE Corp. 1.07.03TPCS 05/13/2021
Motherboard: CLEVO NHxxHJHK
Processor: 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 16163.3 MB
Available physical RAM: 9559.71 MB
Total Virtual: 24260.02 MB
Available Virtual: 15686.12 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.61 GB) (Free:8.27 GB) (Model: 256GB PCS PCIe M.2 SSD) NTFS
Drive d: (New Volume) (Fixed) (Total:476.92 GB) (Free:84.15 GB) (Model: 512GB PCS 2.5" SSD) NTFS
Drive e: (BOOT) (Removable) (Total:0.24 GB) (Free:0.21 GB) FAT32
Drive f: () (Removable) (Total:14.19 GB) (Free:14.19 GB) FAT32

\\?\Volume{7cbd5960-f45c-457e-aba6-46d42670b94f}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{b50f01d5-73d3-4a9e-a926-223daa228df5}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 7D53E3E2)

Partition: GPT.

==========================================================
Disk: 2 (Size: 14.5 GB) (Disk ID: 6C586E13)
Partition 1: (Not Active) - (Size=256 MB) - (Type=0C)
Partition 2: (Not Active) - (Size=14.2 GB) - (Type=0C)

==================== End of Addition.txt =======================
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am
Advertisement
Register to Remove

Re: I need help removing a program called Active search bar

Unread postby pgmigg » May 24th, 2022, 10:54 am

Hello Count_Dutchula,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5247
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 24th, 2022, 11:05 am

I have read the above and understand the important guidelines.
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby pgmigg » May 24th, 2022, 3:35 pm

Hello Count_Dutchula,

Step 1.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5247
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 24th, 2022, 3:52 pm

First of many thanks for responding so quickly!
As to your first question i did not have any problems executing these instructions.
This computer is for personal use only.

In the next posts i will include the logs you requested.
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 24th, 2022, 3:53 pm

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\event_pictures\egg_cracked.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\interface\icons\ship_parts\ship_part_world_cracker.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\interface\icons\technologies\tech_pk_cracker.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\effects\extra_dimensional_cracks.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\effects\extra_dimensional_cracks.mesh
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\effects\extra_dimensional_cracks_portal.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\apocalypse_planet_effects\cracked_planet_01_diffuse.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\apocalypse_planet_effects\cracked_planet_01_normal.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\apocalypse_planet_effects\cracked_planet_01_specular.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\apocalypse_planet_effects\cracked_planet_core_glow.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\distant_stars_planets\cracked_infected_planet_01_diffuse.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\distant_stars_planets\cracked_infected_planet_01_normal.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\distant_stars_planets\cracked_infected_planet_01_specular.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\distant_stars_planets\infected_cracked_planet.mesh
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\distant_stars_planets\infected_cracked_planet_explosion.anim
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\planets\distant_stars_planets\infected_cracked_planet_idle.anim
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\ui\apocalypse_frontend_crack_glow.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\ui\apocalypse_frontend_crack_glow.mesh
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\models\ui\apocalypse_frontend_crack_glow_2.dds
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\particles\shattered_infected_planet_crack_effect.asset
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\particles\shattered_planet_crack_effect.asset
c:\program files (x86)\steam\steamapps\common\stellaris\gfx\portraits\environments\pc_egg_cracked_sky.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\1107423111\gfx\portraits\environments\pc_egg_cracked_sky.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\1419304439\gfx\interface\icons\ship_parts\colossus\ship_part_dm_world_cracker.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\1419304439\gfx\interface\icons\ship_parts\colossus\ship_part_he_world_cracker.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\1419304439\gfx\interface\icons\ship_parts\colossus\ship_part_se_world_cracker.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\1419304439\gfx\interface\icons\technologies\tech_dm_world_cracker.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\1419304439\gfx\interface\icons\technologies\tech_se_world_cracker.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\1623423360\gfx\portraits\environments\pc_egg_cracked_sky.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\1890873104\gfx\portraits\environments\pc_egg_cracked_sky.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2178603631\gfx\models\effects\phanon_dimensional_rift_cracks.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2486649583\gfx\portraits\environments\pc_egg_cracked_sky.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_1_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_1_era2_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_1_era3_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_2_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_2_era2_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_2_era3_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_3_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_3_era2_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_3_era3_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_4_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_4_era2_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_4_era3_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_5_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_5_era2_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_5_era3_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2628406026\gfx\interface\icons\technologies\tech_crack.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\2791119024\gfx\portraits\environments\pc_egg_cracked_sky.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\685413774\gfx\portraits\environments\pc_egg_cracked_sky.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\688086068\gfx\portraits\environments\pc_egg_cracked_sky.dds
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\common\anomalies\mem_cracked_anomaly_category.txt
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\common\global_ship_designs\mem_cracked_designs.txt
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\common\special_projects\mem_cracked_projects.txt
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\common\static_modifiers\mem_cracked_modifiers.txt
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\events\mem_cracked.txt
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_braz_por.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_english.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_french.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_german.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_polish.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_russian.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_simp_chinese.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_spanish.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation\mem_cracked_l_traditional_chinese.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\727000451\localisation_synced\mem_cracked_names.yml
c:\program files (x86)\steam\steamapps\workshop\content\281990\865040033\gfx\interface\icons\planet_modifiers\gpm_cracking_surface.dds
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.1645.1.11\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.1645.1.11\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\r\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.1706.1.7\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.1706.1.7\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\r\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\f\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.964_none_9a882af90ea09cc3\r\ssh-keygen.exe
scanner sequence 3.ZZ.11.OBNAC0
----- EOF -----
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 24th, 2022, 3:54 pm

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19043, Installed 20210611083727.000000+060
Processor: 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz, Intel64 Family 6 Model 141 Stepping 1, CPU Count: 16
Total Physical RAM: 16 GB
Graphics Card: NVIDIA GeForce RTX 3050 Ti Laptop GPU
Hard Drives: C: 237 GB (10 GB Free); D: 476 GB (84 GB Free);
Motherboard: CLEVO NHxxHJHK, ver Not Applicable, s/n Not Applicable
System: INSYDE Corp., ver MSTEST - 2, s/n Not Applicable
Antivirus: Windows Defender, Disabled
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 24th, 2022, 3:57 pm

Codecheck Version 1.0

05024
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby pgmigg » May 25th, 2022, 12:09 am

Hello Count_Dutchula,

Let's start our treatment...

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    WebAdvisor by McAfee
    Cheat Engine
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 2.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
    Edge DefaultSearchURL: Default -> hxxps://customsearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
    CHR DefaultSearchURL: Default -> hxxps://activesearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
    CHR DefaultSuggestURL: Default -> hxxps://activesearchbar.me/suggest/?q={searchTerms}
    CHR DefaultSearchURL: Profile 2 -> hxxps://activesearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
    CHR DefaultSuggestURL: Profile 2 -> hxxps://activesearchbar.me/suggest/?q={searchTerms}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --google-base-url=hxxps://activesearchbar.me --extensions-on-chrome-urls --disable-features=OutdatedBuildDetector --load-extension=C:\Windows\InternalKernelGrid
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-24]
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-24]
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-20]
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-20]
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-04-22] (McAfee, LLC -> McAfee, LLC)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-04-22] (McAfee, LLC -> McAfee, LLC)
    CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old [2022-05-24] <==== ATTENTION
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
    C:\Program Files\McAfee
    C:\Users\rickn\Downloads\McAfee_Malware_Cleaner.exe
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart - if not, please do it manually. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 3.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.
  1. Please close all open programs and windows.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer if it is occurred.
  4. Please be sure that 90 Days Files check box under Optional Scan section is checked.
  5. Please be sure that Addition.txt check box under Optional Scan section is checked.
  6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  7. Please post the content of the both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt log file
  3. Contents of the FRST.txt log file after fresh FRST scan
  4. Contents of the Addition.txt log file after fresh FRST scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5247
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 25th, 2022, 5:39 am

I did not have any problems executing the instructions.
In the following posts i will include the logs requested
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 25th, 2022, 5:39 am

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-05-2022
Ran by rickn (25-05-2022 11:34:54) Run:1
Running from C:\Users\rickn\OneDrive\Bureaublad
Loaded Profiles: rickn
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Edge DefaultSearchURL: Default -> hxxps://customsearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
CHR DefaultSearchURL: Default -> hxxps://activesearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
CHR DefaultSuggestURL: Default -> hxxps://activesearchbar.me/suggest/?q={searchTerms}
CHR DefaultSearchURL: Profile 2 -> hxxps://activesearchbar.me/search?q={searchTerms}&s=rg_om&u=%USERID%
CHR DefaultSuggestURL: Profile 2 -> hxxps://activesearchbar.me/suggest/?q={searchTerms}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --google-base-url=hxxps://activesearchbar.me --extensions-on-chrome-urls --disable-features=OutdatedBuildDetector --load-extension=C:\Windows\InternalKernelGrid
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-20]
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-04-22] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-04-22] (McAfee, LLC -> McAfee, LLC)
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old [2022-05-24] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
C:\Program Files\McAfee
C:\Users\rickn\Downloads\McAfee_Malware_Cleaner.exe

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"Edge DefaultSearchURL" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-24] => Error: No automatic fix found for this entry.
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-24] => Error: No automatic fix found for this entry.
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-20] => Error: No automatic fix found for this entry.
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-20] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default_Old => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
"C:\Program Files\McAfee" => not found
C:\Users\rickn\Downloads\McAfee_Malware_Cleaner.exe => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 239636232 B
Java, Discord, Steam htmlcache => 885429987 B
Windows/system/drivers => 16702778 B
Edge => 0 B
Chrome => 220704725 B
Firefox => 0 B
Opera => 14697160 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 43272 B
NetworkService => 5110108 B
rickn => 19787427 B

RecycleBin => 13972216414 B
EmptyTemp: => 14.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:35:27 ====
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 25th, 2022, 5:43 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-05-2022
Ran by rickn (administrator) on DESKTOP-EOI4ID8 (PC Specialist LTD NH5x_NH7x_HHx_HJx_HKx) (25-05-2022 11:40:40)
Running from C:\Users\rickn\OneDrive\Bureaublad
Loaded Profiles: rickn
Platform: Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Discord Inc. -> Discord Inc.) C:\Users\rickn\AppData\Local\Discord\app-1.0.9004\Discord.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEMN.exe
(explorer.exe ->) (CLEVO CO.) C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_3.77.0.0_x64__6h6z29zh29qx0\FnKey\FnKey.exe
(explorer.exe ->) (Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(explorer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2205.1001.6.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(explorer.exe ->) (Skutta, Kristjan -> ) D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\rickn\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_66833df3e698aea2\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.65.8001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.65.8001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\DCHUService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.) C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_1d904fb473804a73\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f82b8b1a0b601f77\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\rickn\AppData\Local\Microsoft\OneDrive\22.089.0426.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2203.4603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f82b8b1a0b601f77\RtkAudUService64.exe [1343080 2021-09-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [Discord] => C:\Users\rickn\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-05-21] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\rickn\AppData\Local\Microsoft\Teams\Update.exe [2508480 2022-05-07] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3146944 2022-03-31] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [WallpaperEngine] => D:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe [3379360 2021-12-04] (Skutta, Kristjan -> )
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\101.0.4951.67\Installer\chrmstp.exe [2022-05-24] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-05-24]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03365467-0A45-48E2-B0FD-AFC765FB2115} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Schedule #3 created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {0A0AD7D2-4F96-415C-9BD3-39DA28DBE932} - System32\Tasks\MicrosoftPrintWorkflowService => powershell -File C:/Windows/System32/PrintWorkflowService.ps1
Task: {1D101E3C-9320-43D3-BE80-3A85AC9CCCD1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1DBD0454-445D-448E-9B73-6FDEC699FA44} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {1FC0A381-3112-436D-83B4-F837D3C39271} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {213E43C7-7913-4521-9B53-7EC03C0A44A7} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\OS Edition Upgrade event listener created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {2629DB6D-666A-41D1-9EB8-3D81688297AC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {26FB7D69-6334-431F-873C-FE2C15F738CC} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {294BA742-94FC-4D2D-8FC9-E5D25FC35DE2} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {2B85620C-3C6F-4D00-A1C0-800B6F5187CA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2E6DB80A-9827-4CB7-8A8E-BB480173E339} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {36CC2CF8-C8AB-45D6-9B8F-1E80D72C5F3D} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C89A338-3432-4B14-851F-BF3908D4D53E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144784 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {4572DBD5-BF32-4323-85A0-24598E76D8CA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {461BE116-827F-4797-9DF4-25B3E8455AE5} - System32\Tasks\Opera scheduled assistant Autoupdate 1642411863 => C:\Users\rickn\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\rickn\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {48C7A445-80DA-40F7-9DBC-F1DD5070E665} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File)
Task: {4A73F7AD-5678-4DF5-904D-A8EF77628876} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894016 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {50457816-5D25-4482-B544-1B221E9970B3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {5124B93A-C153-4779-8BFD-51AE4B1A2281} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144784 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D7B3483-E8FB-4463-B9AE-ADD736605C67} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Schedule to run OMADMClient by server => C:\windows\system32\omadmclient.exe [431616 2022-05-12] (Microsoft Windows -> Microsoft Corporation)
Task: {696C78A6-5DCC-4C08-9008-93E74500E711} - System32\Tasks\MicrosoftPrintWorkflowService_2 => powershell -File C:/Windows/System32/PrintWorkflowService.ps1
Task: {6DB6CD30-319F-4B6E-B359-A9D136703866} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Schedule to run OMADMClient by client => C:\windows\system32\omadmclient.exe [431616 2022-05-12] (Microsoft Windows -> Microsoft Corporation)
Task: {6FD90A83-16B1-4B11-9441-3129D90F4ABC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894016 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {7227FD53-DFBF-4075-A789-B81C63AF80B3} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F14F186-6C9E-486B-AB0E-B7B3C0E7F32E} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\101.0.1210.39\Installer\setup.exe [3206048 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F3DB21F-4BF4-4EA1-8A65-18F9938A1006} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80A11D42-EE61-4518-8574-C93782EA5B7D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Win10 S Mode event listener created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {8E204512-BE65-4188-B37E-1705451F3EB7} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96C5BD2A-5615-438C-A364-E70912138FE6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Passport for Work alert created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {A4F00516-5249-42D7-A544-6B90C7768504} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A90B14DB-CBD4-4324-81B7-63EE050780D4} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [3158704 2022-03-02] (Corel Corporation -> Corel Corporation)
Task: {B9B7642C-54FB-48EA-882B-2E104322DCC4} - System32\Tasks\Opera scheduled Autoupdate 1642411857 => C:\Users\rickn\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {D3D30B52-03E0-4E3C-9447-8C61BB6AE7CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (No File)
Task: {ED0BEDCE-FB13-480E-8D82-870FF0526BAF} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4103336 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFE158A7-6A34-45C8-A613-5EF40DF77FDC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Maintenance Schedule created by enrollment client => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)
Task: {F45F06B0-7235-432F-B36F-F968B3B31CCF} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\1FD7FE1C-7B5E-41EE-80B6-5D5D6FC206AF\Provisioning initiated session => C:\windows\system32\deviceenroller.exe [448512 2022-02-13] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{141af3ea-9ed4-4fdf-9a1b-8178c52f2df3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44777945-0752-4cab-9686-cb3de5aa4490}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rickn\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-25]
Edge DefaultSearchKeyword: Default -> csb
Edge Extension: (the web) - C:\Users\rickn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hbkoplpognibijnebmppjnjhmpigoiae [2022-05-19]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\rickn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-24]
Edge Extension: (Dictionary Extension) - C:\Users\rickn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibedapgehhbeliiebcombkimidojbjl [2022-05-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default [2022-05-25]
CHR DefaultSearchKeyword: Default -> asb
CHR Extension: (McAfee® WebAdvisor) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-24]
CHR Extension: (the web) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkofdnfadkamabkgjdjcddeopopbdjhg [2022-05-24]
CHR Extension: (Google Updater) - C:\Windows\InternalKernelGrid [2022-05-14]
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-05-25]
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-05-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-25]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\rickn\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-05-25]
CHR Profile: C:\Users\rickn\AppData\Local\Google\Chrome\User Data\System Profile [2022-05-25]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\rickn\AppData\Roaming\Opera Software\Opera Stable [2022-05-25]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\rickn\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-17]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\rickn\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-09-17] (BattlEye Innovations e.K. -> )
R2 CCDCHUService; C:\windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\DCHUService.exe [79128 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11762616 2022-05-24] (Microsoft Corporation -> Microsoft Corporation)
R2 HKClipSvc; C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe [431696 2019-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-19] (Malwarebytes Inc. -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2575064 2022-03-31] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3494672 2022-03-31] (Electronic Arts, Inc. -> Electronic Arts)
R2 UWPService; C:\windows\SysWOW64\Creative.UWPRPCService.exe [357288 2020-12-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 EpicOnlineServices; "C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_1d904fb473804a73\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_1d904fb473804a73\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiBridge; C:\windows\System32\drivers\AcpiBridge.sys [54176 2021-09-08] (Insyde Software Corp. -> Insyde Software Corporation)
R3 AppleLowerFilter; C:\windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 bhtsddr; C:\windows\System32\drivers\bhtsddr.sys [172600 2021-03-25] (BayHub Technology Inc. -> BayHubTech)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [103888 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 HKKbdFltr; C:\windows\system32\DRIVERS\HKKbdFltr.sys [40320 2019-03-06] (WDKTestCert stone.cheng,131963286194994418 -> Insyde Software Corp.)
R3 HKMouFltr; C:\windows\system32\DRIVERS\HKMouFltr.sys [38552 2019-03-06] (WDKTestCert stone.cheng,131963286194994418 -> Insyde Software Corp.)
R3 iaLPSS2_GPIO2_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-27] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-27] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2020-11-06] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R0 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [223176 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [194512 2022-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [70088 2022-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [181992 2022-05-25] (Malwarebytes Inc. -> Malwarebytes)
R3 MBfilt; C:\windows\system32\drivers\MBfilt64.sys [34712 2021-03-02] (WDKTestCert ctl_avpbuild,131450919658074287 -> Creative Technology Ltd.)
R3 nvpcf; C:\windows\System32\drivers\nvpcf.sys [200992 2021-03-16] (NVIDIA Corporation -> NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [1366408 2021-02-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-25 11:36 - 2022-05-25 11:36 - 000194512 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2022-05-25 11:36 - 2022-05-25 11:36 - 000181992 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2022-05-25 11:36 - 2022-05-25 11:36 - 000070088 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2022-05-24 21:50 - 2022-05-24 21:50 - 002270936 _____ (Cermak Technologies, Inc.) C:\Users\rickn\Downloads\SysInfo.exe
2022-05-24 21:47 - 2022-05-24 21:47 - 000001008 _____ C:\Users\rickn\Downloads\CKScanner - Shortcut.lnk
2022-05-24 21:45 - 2022-05-24 21:45 - 000468480 _____ () C:\Users\rickn\Downloads\CKScanner.exe
2022-05-24 21:45 - 2022-05-24 21:45 - 000468480 _____ () C:\Users\rickn\Downloads\CKScanner (1).exe
2022-05-24 19:59 - 2022-05-24 19:59 - 000000000 ____D C:\Users\rickn\AppData\Roaming\launcher
2022-05-24 16:32 - 2022-05-25 11:40 - 000000000 ____D C:\FRST
2022-05-24 16:32 - 2022-05-24 16:33 - 000045988 _____ C:\Users\rickn\Downloads\FRST.txt
2022-05-24 16:32 - 2022-05-24 16:33 - 000032252 _____ C:\Users\rickn\Downloads\Addition.txt
2022-05-24 16:30 - 2022-05-24 16:30 - 002072064 _____ (Farbar) C:\Users\rickn\Downloads\FRST.exe
2022-05-24 16:20 - 2022-05-24 16:20 - 013471344 _____ C:\Users\rickn\Downloads\MB-SupportTool.exe
2022-05-24 16:20 - 2022-05-24 16:20 - 002367488 _____ (Farbar) C:\Users\rickn\Downloads\FRSTEnglish.exe
2022-05-24 16:11 - 2022-05-24 16:11 - 008551608 _____ (Malwarebytes) C:\Users\rickn\Downloads\adwcleaner.exe
2022-05-24 16:11 - 2022-05-24 16:11 - 000000000 ____D C:\AdwCleaner
2022-05-24 16:09 - 2022-05-24 16:09 - 000001357 _____ C:\Users\rickn\Downloads\delete_chrome_policies.zip
2022-05-24 16:09 - 2022-05-24 16:09 - 000000000 ____D C:\Users\rickn\Downloads\delete_chrome_policies
2022-05-24 16:05 - 2022-05-24 18:55 - 000000000 ____D C:\Program Files (x86)\Google
2022-05-24 16:05 - 2022-05-24 16:05 - 001414600 _____ (Google LLC) C:\Users\rickn\Downloads\ChromeSetup.exe
2022-05-24 15:58 - 2022-05-24 15:58 - 000000000 ____D C:\Users\rickn\AppData\Roaming\Sun
2022-05-24 15:54 - 2022-05-24 15:54 - 000000000 ____D C:\Users\rickn\AppData\Local\Publishers
2022-05-24 10:26 - 2022-05-24 10:26 - 000000000 ____D C:\Users\rickn\Downloads\The_Realm_of_Lucira_-_Public_Release_045c
2022-05-24 10:25 - 2022-05-24 10:26 - 000000000 ____D C:\Users\rickn\AppData\Local\WinZip
2022-05-24 10:25 - 2022-05-24 10:25 - 000003662 _____ C:\windows\system32\Tasks\WinZip Update Notifier 2
2022-05-24 10:25 - 2022-05-24 10:25 - 000003660 _____ C:\windows\system32\Tasks\WinZip Update Notifier 3
2022-05-24 10:25 - 2022-05-24 10:25 - 000003660 _____ C:\windows\system32\Tasks\WinZip Update Notifier 1
2022-05-24 10:25 - 2022-05-24 10:25 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-05-24 10:25 - 2022-05-24 10:25 - 000001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Image Manager.lnk
2022-05-24 10:25 - 2022-05-24 10:25 - 000001917 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip PDF Express.lnk
2022-05-24 10:25 - 2022-05-24 10:25 - 000001905 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Secure Backup.lnk
2022-05-24 10:25 - 2022-05-24 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-05-24 10:25 - 2022-05-24 10:25 - 000000000 ____D C:\Program Files\WinZip
2022-05-24 10:21 - 2022-05-24 10:21 - 001016648 _____ (WinZip Computing) C:\Users\rickn\Downloads\winzip26.exe
2022-05-24 10:07 - 2022-05-24 10:07 - 128842576 _____ C:\Users\rickn\Downloads\The_Realm_of_Lucira_-_Public_Release_045c.7z
2022-05-24 10:05 - 2022-05-24 10:05 - 001245725 _____ C:\Users\rickn\Downloads\(No Glow) Revamped Bloodline (V0.2.9 Public).7z
2022-05-20 15:38 - 2022-05-20 15:38 - 000000000 ____D C:\Users\rickn\Downloads\InHerOwnHands-v064a
2022-05-20 14:13 - 2022-05-20 14:13 - 000000000 ____D C:\Users\rickn\Downloads\SteamyParadise-ChapterX_v0.9.6Patreon-pc
2022-05-20 14:12 - 2022-05-20 14:12 - 000000000 ____D C:\Users\rickn\Downloads\Lust_Campus-C5-pc
2022-05-20 14:12 - 2022-05-20 14:12 - 000000000 ____D C:\Users\rickn\Downloads\Eternum-0.3.0-pc
2022-05-20 14:12 - 2022-05-20 14:12 - 000000000 ____D C:\Users\rickn\Downloads\CollegeCraze-0.21-pc
2022-05-20 14:08 - 2022-05-20 14:16 - 905509213 _____ C:\Users\rickn\Downloads\InHerOwnHands-v064a.zip
2022-05-20 14:00 - 2022-05-20 14:01 - 207143139 _____ C:\Users\rickn\Downloads\Lust_Campus-C5-pc.zip
2022-05-20 13:57 - 2022-05-20 13:58 - 839101865 _____ C:\Users\rickn\Downloads\CollegeCraze-0.21-pc.zip
2022-05-20 13:53 - 2022-05-20 13:57 - 2859901393 _____ C:\Users\rickn\Downloads\Eternum-0.3.0-pc.zip
2022-05-20 13:45 - 2022-05-20 13:45 - 205729930 _____ C:\Users\rickn\Downloads\HnS2-v1.0-windows.7z
2022-05-20 13:44 - 2022-05-20 13:44 - 361067653 _____ C:\Users\rickn\Downloads\SteamyParadise-ChapterX_v0.9.6Patreon-pc.zip
2022-05-19 10:22 - 2022-05-19 10:22 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Rel_Pink
2022-05-19 10:11 - 2022-05-19 10:11 - 002546400 _____ (Malwarebytes) C:\Users\rickn\Downloads\MBSetup-2Co.2Co.exe
2022-05-19 10:11 - 2022-05-19 10:11 - 002546400 _____ (Malwarebytes) C:\Users\rickn\Downloads\MBSetup-2Co.2Co (1).exe
2022-05-19 10:09 - 2022-05-19 10:09 - 000000000 ____D C:\Users\rickn\AppData\Local\mbam
2022-05-19 10:08 - 2022-05-19 10:13 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-19 10:08 - 2022-05-19 10:12 - 000223176 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2022-05-19 10:08 - 2022-05-19 10:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-19 10:08 - 2022-05-19 10:12 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-19 10:08 - 2022-05-19 10:08 - 000239560 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2022-05-19 10:08 - 2022-05-19 10:08 - 000103888 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2022-05-19 10:08 - 2022-05-19 10:08 - 000021480 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamElam.sys
2022-05-19 10:07 - 2022-05-19 10:07 - 001883976 _____ (Malwarebytes) C:\Users\rickn\Downloads\MBSetup-090357.090357.exe
2022-05-19 09:55 - 2022-05-19 09:55 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Rel.Pink
2022-05-18 13:59 - 2022-05-18 13:59 - 000302520 _____ C:\Users\rickn\Downloads\indexformulier.pdf
2022-05-17 10:30 - 2022-05-19 09:57 - 000000000 ____D C:\Users\rickn\Downloads\bmotv_0_4_4_f1_unlocked_windows
2022-05-17 10:17 - 2022-05-17 10:17 - 1646761436 _____ C:\Users\rickn\Downloads\PATH_TO_PARADISE_v0.85_R.rar
2022-05-17 10:14 - 2022-05-17 10:21 - 671268268 _____ C:\Users\rickn\Downloads\bmotv_0_4_4_f1_unlocked_windows.zip
2022-05-17 10:14 - 2022-05-17 10:14 - 291097086 _____ C:\Users\rickn\Downloads\ThePriceOfFlesh-market.7z
2022-05-16 10:51 - 2022-05-16 10:51 - 000047599 _____ C:\Users\rickn\Downloads\urenverantwoording-bpv-leerjaar-3-21-22.xlsx
2022-05-14 12:56 - 2022-05-14 12:56 - 000000000 ____D C:\Program Files\Google
2022-05-14 12:55 - 2022-05-14 12:55 - 000000000 ____D C:\windows\InternalKernelGrid
2022-05-13 23:24 - 2022-05-13 23:24 - 000000028 ____H C:\.GamingRoot
2022-05-13 23:24 - 2022-05-13 23:24 - 000000000 ____D C:\XboxGames
2022-05-12 09:45 - 2022-05-12 09:45 - 000288768 _____ C:\windows\system32\Windows.Management.InprocObjects.dll
2022-05-12 09:45 - 2022-05-12 09:45 - 000093696 _____ C:\windows\system32\Drivers\cimfs.sys
2022-05-12 09:45 - 2022-05-12 09:45 - 000011799 _____ C:\windows\system32\DrtmAuthTxt.wim
2022-05-12 09:39 - 2022-05-12 09:39 - 000000000 ___HD C:\$WinREAgent
2022-05-10 09:24 - 2022-05-24 10:31 - 000000000 ____D C:\Users\rickn\AppData\Local\WeMod
2022-05-10 09:23 - 2022-05-10 09:24 - 097548400 _____ (WeMod) C:\Users\rickn\Downloads\WeMod-8.0.13.exe
2022-05-09 13:15 - 2022-05-09 13:15 - 000000000 ____D C:\Users\rickn\Downloads\NoMoreMoney-2.7.2-pc-GOLD
2022-05-09 12:27 - 2022-05-09 12:27 - 000000000 ____D C:\Users\rickn\Downloads\NoMoreMoney-2.7.2-Joker WT & Cheat Mod
2022-05-09 12:10 - 2022-05-09 12:10 - 000000000 ____D C:\Users\rickn\Downloads\SweetSweetAdventure-0.3.2.0-pc
2022-05-09 12:09 - 2022-05-09 12:09 - 000000000 ____D C:\Users\rickn\Downloads\COEDConquest-0.9-pc
2022-05-09 11:56 - 2022-05-09 11:57 - 000000000 ____D C:\Users\rickn\Downloads\The_Whore_of_Babylon_Demon_Queen_Rework_Helen_and_Silvia_Public
2022-05-09 09:56 - 2022-05-09 09:56 - 000000000 ____D C:\windows\ShellServiceLog
2022-05-09 09:52 - 2022-05-09 09:52 - 000004641 ____R C:\windows\system32\PrintWorkflowService.ps1
2022-05-09 09:52 - 2022-05-09 09:52 - 000003592 _____ C:\windows\system32\Tasks\MicrosoftPrintWorkflowService_2
2022-05-09 09:52 - 2022-05-09 09:52 - 000003518 _____ C:\windows\system32\Tasks\MicrosoftPrintWorkflowService
2022-05-09 09:52 - 2022-05-09 09:52 - 000000036 _____ C:\windows\system32\mfmpeg2srsnk.data
2022-05-06 20:54 - 2022-03-17 16:55 - 004874856 _____ (Intel Corporation) C:\windows\system32\Drivers\Netwtw10.sys
2022-05-06 20:54 - 2022-03-17 16:55 - 001626192 _____ (Intel Corporation) C:\windows\system32\IntelIHVRouter08.dll
2022-05-06 20:54 - 2022-03-17 16:11 - 048759416 _____ C:\windows\system32\Drivers\Netwfw10.dat
2022-05-02 15:56 - 2022-05-02 15:56 - 000000000 ____D C:\Users\rickn\AppData\Local\Foxhole
2022-05-02 14:10 - 2022-05-02 14:10 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Oracle
2022-04-29 14:26 - 2022-04-29 14:26 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\WildQuill
2022-04-29 14:15 - 2022-04-29 14:15 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Dirty Ink Games
2022-04-29 14:08 - 2022-04-29 14:09 - 014182527 _____ C:\Users\rickn\Downloads\Price-Of-Power-Ch10.zip
2022-04-29 14:03 - 2022-04-29 14:10 - 553583432 _____ C:\Users\rickn\Downloads\Hard Times At Sequoia State Park.rar
2022-04-29 13:58 - 2022-04-29 14:08 - 966319961 _____ C:\Users\rickn\Downloads\Sunwave_Hotel_windows_0.11.4.zip
2022-04-29 13:56 - 2022-04-29 13:56 - 634665751 _____ C:\Users\rickn\Downloads\BigBrotherRenPy_RemakeStory-1.0-pc_fix10_compressed.zip
2022-04-28 15:50 - 2022-04-28 15:50 - 006046996 _____ C:\Users\rickn\Downloads\OptiFine_1.16.5_HD_U_G8.jar
2022-04-28 13:09 - 2022-04-28 13:18 - 000000000 ____D C:\Users\rickn\OneDrive\Afbeeldingen\Documenten\Endless Space 2
2022-04-28 13:09 - 2022-04-28 13:09 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Amplitude studios
2022-04-26 10:09 - 2022-04-26 10:09 - 000000000 ____D C:\Users\rickn\AppData\Local\Ndemic Creations
2022-04-25 21:40 - 2022-04-25 21:40 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\SKS
2022-04-25 17:22 - 2022-04-26 10:09 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Ndemic Creations
2022-04-25 13:33 - 2022-04-25 13:33 - 000000918 _____ C:\Users\rickn\Downloads\Documents - Shortcut.lnk
2022-04-22 15:04 - 2022-04-22 15:04 - 006604810 _____ C:\Users\rickn\Downloads\OptiFine_1.18.2_HD_U_H7.jar
2022-04-22 15:03 - 2022-04-22 15:03 - 006473656 _____ C:\Users\rickn\Downloads\OptiFine_1.18_HD_U_H3.jar
2022-04-22 14:03 - 2022-04-22 14:03 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-04-20 10:28 - 2022-04-20 10:28 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Sonpih
2022-04-17 13:03 - 2022-04-17 13:03 - 000000000 ____D C:\Users\rickn\AppData\Local\install
2022-04-17 13:00 - 2022-05-09 09:15 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Unity
2022-04-17 13:00 - 2022-04-17 13:00 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\VRChat
2022-04-17 12:58 - 2022-04-17 12:58 - 000162816 _____ C:\windows\system32\DataStoreCacheDumpTool.exe
2022-04-17 12:58 - 2022-04-17 12:58 - 000048640 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2022-04-17 12:58 - 2022-04-17 12:58 - 000039936 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2022-04-13 21:39 - 2022-04-13 21:39 - 000868160 _____ C:\Users\rickn\Downloads\Handbook_V1.0.pdf
2022-04-10 18:37 - 2022-04-10 18:37 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Anvil Game Studio
2022-04-10 16:15 - 2022-04-10 16:20 - 001443169 _____ C:\ProgramData\battle_sync_dump
2022-04-10 16:15 - 2022-04-10 16:20 - 000387590 _____ C:\ProgramData\total_check_dump
2022-04-10 16:15 - 2022-04-10 16:20 - 000123066 _____ C:\ProgramData\network_sync_dump
2022-04-10 16:11 - 2022-04-10 16:20 - 000261413 _____ C:\ProgramData\tick_sync_dump
2022-04-10 16:05 - 2022-04-10 16:05 - 000000000 ____D C:\Users\rickn\AppData\Local\Feral Interactive
2022-04-09 16:00 - 2022-04-09 16:00 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Faerin Games
2022-04-07 16:28 - 2022-04-07 16:28 - 000000000 ____D C:\Users\rickn\AppData\Local\GameAnalytics
2022-04-07 16:27 - 2022-04-07 20:25 - 000000000 ____D C:\Users\rickn\AppData\Roaming\SpaceEngineers
2022-04-07 10:53 - 2022-04-07 10:53 - 097524624 _____ (WeMod) C:\Users\rickn\Downloads\WeMod-8.0.11.exe
2022-03-25 16:11 - 2022-03-25 16:11 - 000000000 ____D C:\Users\rickn\AppData\Local\Athena
2022-03-14 12:17 - 2022-03-14 12:17 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Unicube
2022-03-12 12:04 - 2022-03-12 12:04 - 000000000 ____D C:\Users\rickn\AppData\Roaming\11bitstudios
2022-03-11 15:56 - 2022-03-11 15:56 - 000223744 _____ C:\windows\SysWOW64\TpmTool.exe
2022-03-11 15:55 - 2022-03-11 15:55 - 002260992 _____ C:\windows\system32\TextInputMethodFormatter.dll
2022-03-11 15:55 - 2022-03-11 15:55 - 002254336 _____ C:\windows\system32\dwmscene.dll
2022-03-11 15:55 - 2022-03-11 15:55 - 000272896 _____ C:\windows\system32\TpmTool.exe
2022-03-11 15:50 - 2022-03-11 15:51 - 006539324 _____ C:\Users\rickn\Downloads\preview_OptiFine_1.18.2_HD_U_H6_pre1.jar
2022-03-07 20:22 - 2022-04-10 12:21 - 000000000 ____D C:\Users\rickn\AppData\Local\vortex-updater
2022-03-07 16:18 - 2022-03-07 16:18 - 000153788 _____ C:\Users\rickn\Downloads\Kies Actief Toolkit Rick Niesten 07-03-2022.pdf
2022-03-06 21:49 - 2022-03-08 21:53 - 000000000 ____D C:\ProgramData\Unknown Worlds
2022-03-06 21:48 - 2022-03-08 21:52 - 000000000 ____D C:\Users\rickn\AppData\LocalLow\Unknown Worlds

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-05-25 11:39 - 2021-07-18 19:20 - 000000000 ____D C:\ProgramData\Origin
2022-05-25 11:39 - 2021-06-17 13:22 - 000000000 ____D C:\Program Files (x86)\Steam
2022-05-25 11:39 - 2021-06-17 13:14 - 000000000 ____D C:\Users\rickn\AppData\Local\D3DSCache
2022-05-25 11:38 - 2021-06-17 13:16 - 000000000 ____D C:\Users\rickn\AppData\Roaming\discord
2022-05-25 11:38 - 2021-06-10 04:29 - 000000000 ____D C:\ProgramData\NVIDIA
2022-05-25 11:37 - 2021-07-18 19:20 - 000000000 ____D C:\Users\rickn\AppData\Local\Origin
2022-05-25 11:37 - 2021-06-17 13:16 - 000000000 ____D C:\Users\rickn\AppData\Local\Discord
2022-05-25 11:37 - 2021-06-17 13:15 - 000000000 ___RD C:\Users\rickn\OneDrive
2022-05-25 11:36 - 2021-06-17 13:14 - 000000000 __SHD C:\Users\rickn\IntelGraphicsProfiles
2022-05-25 11:36 - 2021-06-10 02:42 - 000000006 ____H C:\windows\Tasks\SA.DAT
2022-05-25 11:36 - 2021-06-10 02:42 - 000000000 ____D C:\Intel
2022-05-25 11:36 - 2021-06-10 02:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-05-25 11:36 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-05-25 11:36 - 2019-12-07 11:03 - 000786432 _____ C:\windows\system32\config\BBI
2022-05-25 11:35 - 2021-06-10 02:50 - 000840618 _____ C:\windows\system32\PerfStringBackup.INI
2022-05-25 11:35 - 2021-06-10 02:44 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-05-25 11:35 - 2019-12-07 11:13 - 000000000 ____D C:\windows\INF
2022-05-25 11:33 - 2019-12-07 11:14 - 000000000 ____D C:\windows\AppReadiness
2022-05-25 11:29 - 2021-07-10 10:38 - 000000000 ____D C:\Users\rickn\AppData\Roaming\WeMod
2022-05-25 11:25 - 2021-06-10 02:41 - 000000000 ____D C:\windows\system32\SleepStudy
2022-05-24 20:37 - 2021-06-17 13:35 - 000000000 ____D C:\Users\rickn\AppData\Roaming\.minecraft
2022-05-24 16:05 - 2021-06-10 02:44 - 000003578 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-05-24 16:05 - 2021-06-10 02:44 - 000003454 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-05-24 16:01 - 2021-06-18 16:57 - 000000000 ____D C:\Users\rickn\AppData\Local\CrashDumps
2022-05-24 15:56 - 2021-06-10 02:42 - 000002635 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-05-24 15:55 - 2019-12-07 11:14 - 000000000 ____D C:\windows\system32\NDF
2022-05-24 15:54 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-05-24 15:51 - 2021-06-10 02:45 - 000000000 ____D C:\Program Files\Microsoft Office
2022-05-24 10:31 - 2021-07-10 10:38 - 000000000 ____D C:\Users\rickn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2022-05-24 10:31 - 2021-06-17 13:16 - 000000000 ____D C:\Users\rickn\AppData\Local\SquirrelTemp
2022-05-24 10:28 - 2021-06-10 02:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-05-24 10:25 - 2021-06-17 13:44 - 000000000 ____D C:\ProgramData\WinZip
2022-05-24 10:24 - 2021-06-17 13:14 - 000000000 ____D C:\Users\rickn\AppData\Local\Packages
2022-05-19 11:49 - 2021-06-20 11:41 - 000000000 ____D C:\Users\rickn\AppData\Roaming\RenPy
2022-05-19 10:08 - 2019-12-07 11:14 - 000000000 ___HD C:\windows\ELAMBKUP
2022-05-18 14:00 - 2021-06-17 13:16 - 000000000 ____D C:\Users\rickn\AppData\Local\PlaceholderTileLogoFolder
2022-05-13 23:24 - 2021-11-22 10:17 - 000132560 _____ (Microsoft Corporation) C:\windows\system32\gamelaunchhelper.dll
2022-05-13 23:24 - 2021-06-17 13:32 - 000131072 _____ (Microsoft Corporation) C:\windows\system32\gamingtcuihelpers.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 002274768 _____ (Microsoft Corporation) C:\windows\system32\xgameruntime.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 000394704 _____ (Microsoft Corporation) C:\windows\system32\gameplatformservices.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 000222672 _____ (Microsoft Corporation) C:\windows\system32\gamingservicesproxy.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 000198096 _____ (Microsoft Corporation) C:\windows\system32\gameconfighelper.dll
2022-05-13 23:24 - 2021-06-17 13:30 - 000062952 _____ (Microsoft Corporation) C:\windows\system32\gamemodcontrol.exe
2022-05-12 23:34 - 2021-06-10 02:41 - 000439016 _____ C:\windows\system32\FNTCACHE.DAT
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ___SD C:\windows\system32\UNP
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ____D C:\windows\SystemResources
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ____D C:\windows\system32\migwiz
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ____D C:\windows\bcastdvr
2022-05-12 23:34 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-05-12 23:33 - 2021-06-17 13:12 - 000000000 ____D C:\Users\rickn
2022-05-12 09:48 - 2019-12-07 11:03 - 000000000 ____D C:\windows\CbsTemp
2022-05-11 22:18 - 2021-12-11 13:19 - 000003588 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3213200753-566367429-3474330375-1001
2022-05-11 22:18 - 2021-06-17 13:15 - 000003378 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3213200753-566367429-3474330375-1001
2022-05-11 22:18 - 2021-06-17 13:15 - 000002386 _____ C:\Users\rickn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-05-11 11:03 - 2021-06-17 14:39 - 000000000 ____D C:\Users\rickn\AppData\Roaming\paradox-launcher-v2
2022-05-11 09:50 - 2021-06-19 22:10 - 000000000 ____D C:\windows\system32\MRT
2022-05-11 09:49 - 2021-06-19 22:10 - 145501456 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2022-05-10 08:57 - 2021-06-17 13:50 - 000000000 ____D C:\Users\rickn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-05-07 22:16 - 2021-11-22 10:15 - 000004784 _____ C:\windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-05-07 09:28 - 2021-06-22 14:44 - 000002371 _____ C:\Users\rickn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-05-02 15:56 - 2021-07-12 14:01 - 000000000 ____D C:\Users\rickn\AppData\Local\UnrealEngine
2022-04-30 21:46 - 2021-06-17 15:10 - 000000000 ____D C:\Users\rickn\AppData\Local\NVIDIA Corporation

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 25th, 2022, 5:43 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2022
Ran by rickn (25-05-2022 11:41:22)
Running from C:\Users\rickn\OneDrive\Bureaublad
Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) (2021-06-11 07:37:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3213200753-566367429-3474330375-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3213200753-566367429-3474330375-503 - Limited - Disabled)
Guest (S-1-5-21-3213200753-566367429-3474330375-501 - Limited - Disabled)
rickn (S-1-5-21-3213200753-566367429-3474330375-1001 - Administrator - Enabled) => C:\Users\rickn
WDAGUtilityAccount (S-1-5-21-3213200753-566367429-3474330375-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{48142e49-e29f-49dd-a151-5b90ff553ab4}) (Version: 2.18.7185.0 - UL)
3DMark (HKLM-x32\...\{DEE2FB12-F371-4A16-86B6-32BD1E5FD306}) (Version: 2.18.7185.0 - UL) Hidden
7-Zip 19.00 (x64) (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Badlion Client (HKLM-x32\...\1de14785-dd8c-5cd2-aae8-d4a376f81d78) (Version: 3.3.3 - Badlion)
ControlCenter 3.0 Package v3.42 (HKLM-x32\...\{52CF73F1-9FE1-4917-AE56-55BF319988EC}) (Version: 3.42 - Control Center)
Discord (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM-x32\...\{407FF531-5AD9-4518-8304-5B54747A19DA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
DZSALauncher version 0.0.5.2 (HKLM-x32\...\DZSALauncher_is1) (Version: 0.0.5.2 - Maca134)
Epic Games Launcher (HKLM-x32\...\{7733DDD0-3513-4A99-BFFE-A6D73BE49B50}) (Version: 1.2.35.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM-x32\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Fallout New California (HKLM-x32\...\FONC) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 101.0.4951.67 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{80ec5470-ac51-4956-b2dc-87dc2cdaa04b}) (Version: 10.1.18698.8258 - Intel(R) Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{8E7A81EF-0B97-4CD2-94E5-CD9E5A2767F4}) (Version: 10.1.18698.8258 - Intel Corporation) Hidden
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.384 - Intel Corporation)
Intel(R) LMS (HKLM-x32\...\{EEBB42F5-AD42-480E-B9B5-4ABD2CB6B609}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2110.15.0.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{CB6870FB-561A-4C01-AFBA-24E5F13DCBC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{D0CA8C15-9932-4952-B3B6-71CF65CD9A60}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM-x32\...\{C6A61C2D-5CD0-42AA-BC42-5F5B573289C0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM-x32\...\{9B007174-D269-4F39-870E-8E1621B3D673}) (Version: 30.100.2104.1 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM-x32\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2104.1 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000040-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.40.0.2 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MagicLauncher 0.1.4 (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\1e614cf8-89e3-599c-ae29-80ee7e65385b) (Version: 0.1.4 - Jadfii)
Malwarebytes version 4.5.9.198 (HKLM-x32\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\OneDriveSetup.exe) (Version: 22.089.0426.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\Teams) (Version: 1.5.00.11163 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM-x32\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.112.50486 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM-x32\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive)
PCMark 10 (HKLM-x32\...\{6C46334D-C1E9-40CB-9F2D-86A8A0B689BA}) (Version: 2.1.2508.0 - UL) Hidden
PCMark 10 (HKLM-x32\...\{7b4092b0-5def-4653-8e5d-9427a36fd823}) (Version: 2.1.2508.0 - UL)
QModManager (Below Zero) (HKLM-x32\...\{A535470D-3403-46A2-8D44-28AD4B90C9A3}_is1) (Version: 4.3.0 - QModManager)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.19042.21344 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.46.1231.2020 - Realtek)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 125.1.10585 - Ubisoft)
Vortex (HKLM-x32\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.5.10 - Black Tree Gaming Ltd.)
WeMod (HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\WeMod) (Version: 8.1.0 - WeMod)
WinZip 26.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}) (Version: 26.0.15033 - Corel Corporation)

Packages:
=========
8 Zip - unpack RAR, ZIP, 7z for free -> C:\Program Files\WindowsApps\BooStudioLLC.8ZipLite_1.4.34.0_x64__b6e429xa66pga [2021-09-01] (Finebits OÜ) [MS Ad]
Control Center 3.0 -> C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_3.59.1.0_x64__6h6z29zh29qx0 [2021-10-13] (CLEVO CO.)
Fan Speed Setting -> C:\Program Files\WindowsApps\CLEVOCO.504814C03D814_3.47.0.0_x64__6h6z29zh29qx0 [2021-07-14] (CLEVO CO.)
Flexikey -> C:\Program Files\WindowsApps\CLEVOCO.Flexikey_3.10.0.0_x86__6h6z29zh29qx0 [2021-06-17] (CLEVO CO.)
Fn hot keys and OSD -> C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_3.77.0.0_x64__6h6z29zh29qx0 [2022-02-26] (CLEVO CO.) [Startup Task]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-30] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-21] (INTEL CORP) [Startup Task]
Led Keyboard Setting -> C:\Program Files\WindowsApps\CLEVOCO.LedKeyboardSetting_3.32.0.0_x64__6h6z29zh29qx0 [2021-06-17] (CLEVO CO.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-06-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-06-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.5120.0_x64__8wekyb3d8bbwe [2022-05-20] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-23] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-27] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.27.254.0_x64__dt26b99r8h8gj [2021-10-08] (Realtek Semiconductor Corp)
Sound Blaster Cinema 6 -> C:\Program Files\WindowsApps\CreativeTechnologyLtd.SoundBlasterCinema6_3.0.17.0_x86__13fcda18mhdz2 [2021-06-17] (Creative Technology Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0 [2022-05-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3213200753-566367429-3474330375-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\rickn\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3213200753-566367429-3474330375-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\rickn\OneDrive\Bureaublad\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-19] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\rickn\OneDrive\Bureaublad\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\System32\DriverStore\FileRepository\nvcvegpu.inf_amd64_1d904fb473804a73\nvshext.dll [2021-04-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\rickn\OneDrive\Bureaublad\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-19] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2022-03-02] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\rickn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Rick - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) =============

2022-01-17 11:41 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Users\rickn\OneDrive\Bureaublad\7-Zip\7-zip.dll
2022-01-22 13:03 - 2021-11-26 15:10 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-01-22 13:03 - 2021-11-26 15:10 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2022-01-22 13:03 - 2021-11-26 15:10 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2022-04-18 13:56 - 2021-11-26 15:10 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2021-06-17 16:08 - 2021-06-17 16:08 - 002644480 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_3.77.0.0_x64__6h6z29zh29qx0\FnKey\audio10ec.dll
2021-06-17 16:08 - 2021-06-17 16:08 - 002492416 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_3.77.0.0_x64__6h6z29zh29qx0\FnKey\InsydeDCHU.dll
2021-06-17 16:08 - 2021-06-17 16:08 - 002844160 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_3.77.0.0_x64__6h6z29zh29qx0\FnKey\powerlife.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3213200753-566367429-3474330375-1001 -> DefaultScope {0D25C636-15A7-4F59-8EFE-B5495753A241} URL =
SearchScopes: HKU\S-1-5-21-3213200753-566367429-3474330375-1001 -> {0D25C636-15A7-4F59-8EFE-B5495753A241} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-06-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-28] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\sharepoint.com -> hxxps://eduofficenl-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2022-05-24 16:12 - 000000852 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-3213200753-566367429-3474330375-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rickn\Downloads\swampdav.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3213200753-566367429-3474330375-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{35A990B0-8E06-4108-9325-8F43DD825777}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{CB371E21-8B27-4725-9A91-5E19F9908014}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{9F03E9FF-803E-40C3-BD27-9D572976710A}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{157F4265-52D2-4A88-B81A-A244DC4FA9C6}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B19BBEA4-DBB4-4B07-BBBB-BD29463415B7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F68F9D21-8BD9-4271-BBCF-F641F6BE5FD3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7216F79F-486F-45ED-AEF4-D3E893B5CC83}] => (Allow) D:\SteamLibrary\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{64EB60E0-9B11-48DD-83EB-AF785AC53FD0}] => (Allow) D:\SteamLibrary\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{28ED7A7F-9CF9-4611-B115-EE76A3CCECB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{6A3474AE-670F-4900-B80C-090B53FFAB90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{51A92F15-1F6C-4620-9B49-4ABA5F3846DD}D:\steamlibrary\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) D:\steamlibrary\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{EA93F88A-BA0B-4345-9D77-F57C1EB3FED3}D:\steamlibrary\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) D:\steamlibrary\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{60D6FCF8-8423-4415-AA6F-6A3215CDA456}C:\program files\windowsapps\spotifyab.spotifymusic_1.185.895.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.185.895.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{157C7888-07BF-491F-959D-64B4C88A74A1}C:\program files\windowsapps\spotifyab.spotifymusic_1.185.895.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.185.895.0_x86__zpdnekdrzrea0\spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

25-05-2022 11:34:54 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/25/2022 11:34:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
The resource loader failed to find MUI file.
.

Error: (05/25/2022 11:34:54 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {abc6eebc-4f1c-4742-a6dd-b21bd5639123}

Error: (05/25/2022 11:30:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.19041.1503, time stamp: 0xc40fe88f
Faulting module name: MBAPO264.dll, version: 2.1.6.0, time stamp: 0x603cc822
Exception code: 0xc0000005
Fault offset: 0x000000000007137a
Faulting process id: 0x3ddc
Faulting application start time: 0x01d8701a1430c72f
Faulting application path: C:\windows\system32\AUDIODG.EXE
Faulting module path: C:\windows\System32\MBAPO264.dll
Report Id: 80a6f82e-4286-4489-814e-671c54a47b49
Faulting package full name:
Faulting package-relative application ID:

Error: (05/24/2022 08:35:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.19041.1503, time stamp: 0xc40fe88f
Faulting module name: MBAPO264.dll, version: 2.1.6.0, time stamp: 0x603cc822
Exception code: 0xc0000005
Fault offset: 0x000000000007137a
Faulting process id: 0x2e28
Faulting application start time: 0x01d86f901ca77b6f
Faulting application path: C:\windows\system32\AUDIODG.EXE
Faulting module path: C:\windows\System32\MBAPO264.dll
Report Id: 4f9a0689-8d10-4a33-bd5b-8296940ac592
Faulting package full name:
Faulting package-relative application ID:

Error: (05/24/2022 05:47:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MsQuic.

System Error:
The resource loader failed to find MUI file.
.

Error: (05/24/2022 04:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2021.21090.10008.0, time stamp: 0x616f6f86
Faulting module name: ntdll.dll, version: 10.0.19041.1682, time stamp: 0x7b5414ec
Exception code: 0xc0000374
Fault offset: 0x00000000000ff249
Faulting process id: 0x4e4
Faulting application start time: 0x01d86f761e5e13f0
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 9fc3ad8b-9c44-4f70-9a39-219f29c78f86
Faulting package full name: Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (05/24/2022 03:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.19041.1503, time stamp: 0xc40fe88f
Faulting module name: MBAPO264.dll, version: 2.1.6.0, time stamp: 0x603cc822
Exception code: 0xc0000005
Fault offset: 0x000000000007137a
Faulting process id: 0x43c0
Faulting application start time: 0x01d86f758e41b68f
Faulting application path: C:\windows\system32\AUDIODG.EXE
Faulting module path: C:\windows\System32\MBAPO264.dll
Report Id: 12604e65-c4a7-4082-a4a9-beb2362b25cd
Faulting package full name:
Faulting package-relative application ID:

Error: (05/24/2022 03:51:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (05/25/2022 11:38:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Edge Update Service (edgeupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/25/2022 11:35:46 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EOI4ID8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/25/2022 11:35:46 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EOI4ID8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/25/2022 11:35:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EOI4ID8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/25/2022 11:35:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EOI4ID8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/25/2022 11:35:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EOI4ID8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/25/2022 11:35:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EOI4ID8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/25/2022 11:35:43 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EOI4ID8)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-05-09 09:56:05
Description:
Microsoft Defender Antivirus has detected a suspicious behavior.
Name: Behavior:Win32/DroppedKnownMalware
Severity: Low
Category: Suspicious Behaviour
Path Found: file:_C:\Users\rickn\AppData\Local\Temp\oWUMC6ct\partners\RFileStp7N.tmp; process:_1080
Detection Origin: Local machine
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: C:\Users\rickn\AppData\Local\Temp\oWUMC6ct\partners\RFileStp7N.tmp
Security intelligence ID: 41453017067075
Security intelligence Version: AV: 1.363.1630.0, AS: 1.363.1630.0
Engine Version: 1.1.19200.5
Fidelity Label: Low
Target File Name:

Date: 2022-05-09 09:55:38
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=1
Name: PUAMarketing:Win32/Comscore
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\rickn\AppData\Local\Temp\oWUMC6ct\partners\poinstaller.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\rickn\AppData\Local\Temp\oWUMC6ct\partners\RFileStp7N.tmp
Security intelligence Version: AV: 1.363.1630.0, AS: 1.363.1630.0, NIS: 1.363.1630.0
Engine Version: AM: 1.1.19200.5, NIS: 1.1.19200.5
Event[0]:

Date: 2022-05-25 11:29:21
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.367.447.0
Previous security intelligence Version: 1.367.73.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.19200.6
Previous Engine Version: 1.1.19200.6
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support.

Date: 2022-05-25 11:29:21
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.367.447.0
Previous security intelligence Version: 1.367.73.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.19200.6
Previous Engine Version: 1.1.19200.6
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support.

Date: 2022-05-25 11:29:18
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.367.73.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.6
Error code: 0x8007045b
Error description: A system shutdown is in progress.

Date: 2022-05-15 00:43:17
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.363.1914.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19200.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-04-07 14:49:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.1467.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80070643
Error description: Fatal error during installation.

CodeIntegrity:
===============
Date: 2022-05-19 10:12:45
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2022-05-13 15:29:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-15 22:22:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-03-15 21:04:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_66833df3e698aea2\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-01-17 10:31:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: INSYDE Corp. 1.07.03TPCS 05/13/2021
Motherboard: CLEVO NHxxHJHK
Processor: 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz
Percentage of memory in use: 35%
Total physical RAM: 16163.3 MB
Available physical RAM: 10487.66 MB
Total Virtual: 32326.61 MB
Available Virtual: 24331.02 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.61 GB) (Free:16.64 GB) (Model: 256GB PCS PCIe M.2 SSD) NTFS
Drive d: (New Volume) (Fixed) (Total:476.92 GB) (Free:48.72 GB) (Model: 512GB PCS 2.5" SSD) NTFS
Drive e: (BOOT) (Removable) (Total:0.24 GB) (Free:0.22 GB) FAT32
Drive f: () (Removable) (Total:14.19 GB) (Free:14.19 GB) FAT32

\\?\Volume{7cbd5960-f45c-457e-aba6-46d42670b94f}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{b50f01d5-73d3-4a9e-a926-223daa228df5}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 7D53E3E2)

Partition: GPT.

==========================================================
Disk: 2 (Size: 14.5 GB) (Disk ID: 6C586E13)
Partition 1: (Not Active) - (Size=256 MB) - (Type=0C)
Partition 2: (Not Active) - (Size=14.2 GB) - (Type=0C)

==================== End of Addition.txt =======================
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby Count_Dutchula » May 25th, 2022, 5:45 am

The problem seems to still be present. I still cannot search anything without getting a lot of hits from my anti-virus program.
Count_Dutchula
Regular Member
 
Posts: 15
Joined: May 24th, 2022, 10:24 am

Re: I need help removing a program called Active search bar

Unread postby pgmigg » May 26th, 2022, 12:18 am

Hello Count_Dutchula,

Count_Dutchula wrote:The problem seems to still be present.
Could you please confirm that you still have activesearchbar?
Count_Dutchula wrote:I still cannot search anything without getting a lot of hits from my anti-virus program.
The very fact that protection works speaks primarily about the quality of protection and, perhaps, the problem is what you are looking for and where you go. Please answer my question, and then we will continue the research and treatment...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5247
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware