I think I'm infected by something
My CPU and Memory are practically 100% even when I'm not running specific applications
Plus, my PC has become very low, as if many other background actions where occurring
Would you help me with that ?
For instance, the FRST took more than an hour to complete
FRST Log
- Code: Select all
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2021 01 Ran by amanda (administrator) on DESKTOP-DUJU8T3 (HP HP ENVY x360 Convertible 15m-bp1xx) (01-06-2021 16:26:03) Running from C:\Users\amanda\Downloads Loaded Profiles: amanda Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19> (HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\amanda\Desktop\Tools\Sysinternals\procexp64.exe (Microsoft Corporation -> Sysinternals - www.sysinternals.com) C:\Users\amanda\Desktop\Tools\Sysinternals\Procmon64.exe <2> (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\iSkysoft\IAF\2.4.3.231\IsAppService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2018-12-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc. -> HP Inc.) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [115688 2017-09-18] (VMware, Inc. -> VMware, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {87bdc0f5-68c4-11eb-99ec-7c7635c56c73} - "F:\windows\AutoRun.exe" HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {894bb7e4-95e6-11eb-99f5-7c7635c56c73} - "E:\windows\AutoRun.exe" HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {fbafe2f8-25e4-11eb-99c9-7c7635c56c73} - "E:\windows\AutoRun.exe" HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\MountPoints2: {fbafe311-25e4-11eb-99c9-7c7635c56c73} - "E:\windows\AutoRun.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01C5F1F5-4142-421E-A7B3-E208D1B9E8FA} - System32\Tasks\Microsoft\Windows\Setup\PrivacyNotifier => C:\WINDOWS\system32\PrivacyNotifier.exe Task: {1841583D-4233-4EF0-A4E4-71B56F96D1A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {21039CAD-EE84-4CE1-BF16-1A74552F79A4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-25] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {30D3CF71-6EFB-465B-A1D8-78792E30415C} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-05-12] (HP Inc. -> ) Task: {38E5503A-9FE0-4FD7-8BB1-793AD0480DAD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Task: {4B3892B7-4F4A-4C7D-A19F-8E7220263F15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [208744 2017-04-07] (HP Inc. -> HP Inc.) Task: {4E613874-874D-4CDF-94F6-2332603449E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation) Task: {58A80E80-B46C-4A77-B44D-0C289996A05C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-14] (Mozilla Corporation -> Mozilla Foundation) Task: {6559DE2D-A2F9-4647-9F98-7F7559A272E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-24] (Google Inc -> Google Inc.) Task: {66DB7331-9B82-4539-BA67-1F8298624B10} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124336 2021-05-21] (Microsoft Corporation -> Microsoft Corporation) Task: {6A7BBE75-1CD8-4CD4-9EA2-0914E5474B1C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-04-07] (HP Inc. -> HP Inc.) Task: {6E02594C-0FC3-41BE-B773-D8A551A7D85B} - System32\Tasks\HPCeeScheduleForamanda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-25] (Hewlett-Packard Company -> HP Inc.) Task: {7CA5A461-B150-4B79-9B2D-6F1757757C03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1487392 2017-04-07] (HP Inc. -> HP Inc.) Task: {7E9FD0D2-F249-4891-933D-013F40514314} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed] Task: {95B3C0BF-8C9E-4A6C-B060-E77C5187F304} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Task: {9D9E8292-D54F-4A8B-925F-6B0457B9A0C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A2DEF01E-61D2-442C-893B-3EE1D3F29328} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [107368 2017-04-07] (HP Inc. -> HP Inc.) Task: {AD93A8F7-E8B2-4A57-AA10-3844D850C1CB} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1362464 2017-03-13] (HP Inc. -> HP Development Company, L.P.) Task: {B7798301-FE59-4DEF-963C-85B8E19FB1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1080168 2017-04-07] (HP Inc. -> HP Inc.) Task: {BFAC2FF0-5AC5-4547-AEBB-0E7639675911} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CF3A29C0-A229-4E33-88ED-7BCEC18BD349} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.) Task: {D413FBD5-CD21-457F-8BCF-153A15B81D2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1487392 2017-04-07] (HP Inc. -> HP Inc.) Task: {E534D594-8FC2-4F68-BCD1-BE5FFBAA39BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-24] (Google Inc -> Google Inc.) Task: {E7A3C924-2AD4-4D3F-836A-83468D592F80} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] Task: {F5CE9983-71E5-4995-973D-5D91BDD652AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FB9C8DB3-B6A3-459D-9693-09DFC1A0B228} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [625512 2017-04-07] (HP Inc. -> HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForamanda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{209d7f72-3d21-4412-a831-f733df3b6858}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{39d23834-0e04-449b-931e-11dc273c8221}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3f5ae139-8908-4d46-b65d-05106d971753}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{4358848b-ec2e-4cb3-8547-c23e053eaf3e}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{660894bf-d52e-4a33-b951-e7489abe5473}: [DhcpNameServer] 20.0.1.5 20.0.1.7 Tcpip\..\Interfaces\{94e8bc4c-673b-4a4d-82ac-d95b79a32acd}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{a677f67a-fccb-4c84-930d-eec7dcb9aa54}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{d6380c9e-6771-461b-8c2e-c58addc3fe16}: [DhcpNameServer] 192.168.42.129 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\amanda\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-01] FireFox: ======== FF DefaultProfile: qa44ej6m.default FF ProfilePath: C:\Users\amanda\AppData\Roaming\Mozilla\Firefox\Profiles\qa44ej6m.default [2019-08-07] FF ProfilePath: C:\Users\amanda\AppData\Roaming\Mozilla\Firefox\Profiles\fvbk2o0p.default-release-1575316955092 [2021-05-26] FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default [2021-06-01] CHR Extension: (Slides) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-24] CHR Extension: (Docs) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-24] CHR Extension: (Google Drive) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (YouTube) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-24] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-21] CHR Extension: (Sheets) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-24] CHR Extension: (Google Docs Offline) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-14] CHR Extension: (Wappalyzer) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2021-05-14] CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-23] CHR Extension: (Email Tracker for Gmail - Mailtrack) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2021-06-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30] CHR Extension: (Proxy Switcher and Manager) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\onnfghpihccifgojkpnnncpagjcdbjod [2021-02-12] CHR Extension: (Gmail) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Extension: (Chrome Media Router) - C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-25] CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-02-14] CHR Profile: C:\Users\amanda\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-13] CHR HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 alfrescoPostgreSQL; C:\alfresco-community\postgresql\bin\pg_ctl.exe [93696 2017-05-09] (PostgreSQL Global Development Group) [File not signed] S3 alfrescoTomcat; C:\alfresco-community\tomcat\bin\tomcat7.exe [109696 2017-05-10] (CodeSigning for The Apache Software Foundation -> Apache Software Foundation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-05-21] (Microsoft Corporation -> Microsoft Corporation) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1325352 2017-05-15] (HP Inc. -> HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc. -> HP Inc.) R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-29] (HP Inc. -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.) R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppService.exe [493320 2017-10-19] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) S4 MongoDB; C:\Program Files\MongoDB\Server\4.2\bin\mongod.exe [35843072 2020-01-24] (MongoDB, Inc) [File not signed] S4 OracleDBConsoleorcl; C:\app\amanda\product\11.2.0\dbhome_1\bin\nmesrvc.exe [49152 2010-03-02] (Oracle Corporation) [File not signed] S4 OracleJobSchedulerORCL; c:\app\amanda\product\11.2.0\dbhome_1\Bin\extjob.exe [49152 2010-04-02] () [File not signed] S4 OracleMTSRecoveryService; C:\app\amanda\product\11.2.0\dbhome_1\bin\omtsreco.exe [69632 2010-04-01] (Oracle Corporation) [File not signed] S4 OracleOraDb11g_home1ClrAgent; C:\app\amanda\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [38400 2010-02-28] (Oracle Corporation) [File not signed] S4 OracleOraDb11g_home1TNSListener; C:\app\amanda\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe [512000 2010-03-31] (Oracle Corporation) [File not signed] S4 OracleServiceORCL; c:\app\amanda\product\11.2.0\dbhome_1\bin\ORACLE.EXE [106487808 2010-04-02] (Oracle Corporation) [File not signed] S4 OracleVssWriterORCL; c:\app\amanda\product\11.2.0\dbhome_1\bin\OraVSSW.exe [159744 2010-04-02] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11791704 2019-03-18] (TeamViewer GmbH -> TeamViewer GmbH) R3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [744968 2020-05-14] (Oracle Corporation -> Oracle Corporation) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14344168 2017-09-18] (VMware, Inc. -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69016 2019-03-04] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated) R3 MpKsl3eb6b668; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC31D1D3-60CF-4AB3-8B37-E1D373A684CD}\MpKslDrv.sys [107744 2021-06-01] (Microsoft Windows -> Microsoft Corporation) R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.) S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.) R1 npf; C:\WINDOWS\system32\DRIVERS\npf.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.) S4 npf_wifi; C:\WINDOWS\system32\DRIVERS\npf.sys [83776 2019-05-11] (Insecure.Com LLC -> Insecure.Com LLC.) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2021-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [58160 2019-04-01] (Tomasz Moń -> USBPcap) R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [237824 2020-05-14] (Oracle Corporation -> Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [247224 2020-05-14] (Oracle Corporation -> Oracle Corporation) R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2017-09-18] (VMware, Inc. -> VMware, Inc.) R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc. -> VMware, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP) S3 zghsser; C:\WINDOWS\system32\DRIVERS\zghsser.sys [133960 2014-03-17] (ZTE CORPORATION -> ZTE Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-01 16:26 - 2021-06-01 16:34 - 000026533 _____ C:\Users\amanda\Downloads\FRST.txt 2021-06-01 16:25 - 2021-06-01 16:33 - 000000000 ____D C:\FRST 2021-06-01 16:24 - 2021-06-01 16:24 - 002299904 _____ (Farbar) C:\Users\amanda\Downloads\FRST64.exe 2021-06-01 16:12 - 2021-06-01 16:12 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS 2021-06-01 12:11 - 2021-06-01 12:11 - 000000000 ____D C:\Program Files\Common Files\Oracle 2021-06-01 10:38 - 2021-06-01 12:00 - 159718040 _____ (Oracle Corporation) C:\Users\amanda\Downloads\jdk-11.0.10_windows-x64_bin.exe 2021-06-01 05:36 - 2021-06-01 06:24 - 293052764 _____ C:\Users\amanda\Downloads\all-2.0.tar.gz 2021-06-01 04:25 - 2021-06-01 04:25 - 000000000 ____D C:\Users\amanda\AppData\Local\JxBrowser 2021-05-30 19:30 - 2021-05-30 19:30 - 000046916 _____ C:\Users\amanda\Downloads\Secure_Code_Checklist_Software_Secured.xlsx 2021-05-30 19:30 - 2021-05-30 19:30 - 000000109 ____H C:\Users\amanda\Downloads\.~lock.Secure_Code_Checklist_Software_Secured.xlsx# 2021-05-30 01:52 - 2021-05-30 02:05 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForamanda.job 2021-05-30 01:52 - 2021-05-30 01:52 - 000003256 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForamanda 2021-05-29 18:51 - 2019-03-04 17:27 - 000069016 _____ (www.winchiphead.com) C:\WINDOWS\system32\Drivers\CH341S64.SYS 2021-05-15 07:40 - 2021-05-15 07:40 - 001977211 _____ C:\Users\amanda\Downloads\ukemi2.mp4 2021-05-15 07:32 - 2021-05-15 07:32 - 002215032 _____ C:\Users\amanda\Downloads\ukemi1.mp4 2021-05-13 21:44 - 2021-05-13 21:44 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-05-13 21:43 - 2021-05-13 21:43 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-05-13 21:43 - 2021-05-13 21:43 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-05-13 21:43 - 2021-05-13 21:43 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-05-13 21:43 - 2021-05-13 21:43 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-05-13 21:43 - 2021-05-13 21:43 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll 2021-05-13 21:43 - 2021-05-13 21:43 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-05-13 21:42 - 2021-05-13 21:42 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-05-13 21:42 - 2021-05-13 21:42 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-05-13 21:42 - 2021-05-13 21:42 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-05-13 21:42 - 2021-05-13 21:42 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-05-13 21:41 - 2021-05-13 21:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-05-13 21:41 - 2021-05-13 21:41 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-05-13 17:47 - 2021-05-13 17:47 - 000000052 _____ C:\Users\amanda\Downloads\credentials-41e5bc-2021-May-13--17_47_23.csv 2021-05-12 19:37 - 2021-05-12 19:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-05-11 15:48 - 2021-05-30 13:26 - 000000000 ____D C:\Users\amanda\AppData\LocalLow\uTorrent 2021-05-05 17:47 - 2021-05-05 17:47 - 000036780 _____ C:\Users\amanda\Downloads\DataTables example - PDF - image.pdf 2021-05-02 18:09 - 2021-05-02 18:11 - 005596273 _____ C:\Users\amanda\Downloads\D-T-e-16192602190943203.zip ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-06-01 16:31 - 2020-05-17 11:36 - 000000000 ____D C:\Users\amanda\.VirtualBox 2021-06-01 16:30 - 2020-05-17 11:36 - 000000000 ____D C:\ProgramData\VirtualBox 2021-06-01 16:22 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-01 16:13 - 2020-10-17 01:38 - 000946252 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-01 16:13 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF 2021-06-01 16:08 - 2019-03-23 15:27 - 000000000 __SHD C:\Users\amanda\IntelGraphicsProfiles 2021-06-01 16:07 - 2020-10-17 01:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-01 16:07 - 2020-10-17 01:19 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-01 16:07 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-06-01 16:07 - 2019-03-29 09:31 - 000000000 ____D C:\ProgramData\VMware 2021-06-01 16:07 - 2019-03-24 23:14 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-06-01 16:06 - 2020-10-17 01:26 - 000000000 ____D C:\Users\amanda 2021-06-01 16:06 - 2019-12-07 09:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-06-01 15:30 - 2020-10-17 01:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-01 12:14 - 2019-07-12 21:12 - 000000000 ____D C:\Users\amanda\AppData\Roaming\BurpSuite 2021-06-01 12:11 - 2019-03-25 13:59 - 000192656 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2021-06-01 12:11 - 2019-03-25 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2021-06-01 12:11 - 2019-03-25 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2021-06-01 12:11 - 2019-03-25 13:56 - 000000000 ____D C:\Program Files\Java 2021-06-01 10:13 - 2019-03-26 18:53 - 000000000 ____D C:\Users\amanda\AppData\Roaming\uTorrent 2021-05-31 18:37 - 2020-05-17 11:36 - 000000000 ____D C:\Users\amanda\VirtualBox VMs 2021-05-31 15:15 - 2020-10-17 01:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2874402850-4125491413-1335039919-1001 2021-05-31 15:15 - 2020-10-17 01:26 - 000002374 _____ C:\Users\amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-05-31 15:15 - 2019-03-23 15:30 - 000000000 ___RD C:\Users\amanda\OneDrive 2021-05-30 16:06 - 2020-02-18 23:18 - 000000000 ____D C:\Users\amanda\AppData\Roaming\vlc 2021-05-30 13:27 - 2019-03-27 21:58 - 000000000 ____D C:\Users\amanda\AppData\Local\BitTorrentHelper 2021-05-30 12:40 - 2019-03-29 22:44 - 000000000 ____D C:\Users\amanda\Documents\Virtual Machines 2021-05-29 21:51 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-05-29 21:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-05-29 19:27 - 2019-11-24 16:19 - 000000000 ____D C:\Users\amanda\AppData\Roaming\npm-cache 2021-05-29 18:44 - 2019-04-02 17:51 - 000000000 ____D C:\Users\amanda\Desktop\Tools 2021-05-29 01:25 - 2019-03-31 11:20 - 000000000 ____D C:\Users\amanda\Desktop\Tech Readings 2021-05-28 22:36 - 2017-07-10 10:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-05-28 21:36 - 2020-06-07 23:51 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-05-28 21:36 - 2020-06-07 23:51 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-05-28 21:36 - 2020-06-07 23:51 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-05-26 21:59 - 2021-02-14 19:49 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-05-26 21:59 - 2019-08-07 08:44 - 000000000 ____D C:\Users\amanda\AppData\LocalLow\Mozilla 2021-05-26 21:59 - 2019-08-07 08:44 - 000000000 ____D C:\ProgramData\Mozilla 2021-05-21 16:13 - 2019-03-29 22:43 - 000000000 ____D C:\Users\amanda\AppData\Roaming\VMware 2021-05-21 16:13 - 2019-03-29 22:43 - 000000000 ____D C:\Users\amanda\AppData\Local\VMware 2021-05-14 12:18 - 2019-03-27 00:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-05-14 00:08 - 2020-11-11 04:40 - 000000000 ____D C:\Users\amanda\AppData\Local\Notepad 2021-05-14 00:07 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-05-14 00:02 - 2020-10-17 01:19 - 000631488 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-05-14 00:01 - 2019-12-02 20:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-05-14 00:00 - 2019-12-07 09:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-05-14 00:00 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-05-13 21:52 - 2019-12-07 09:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-05-13 21:52 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-05-13 21:04 - 2019-03-23 20:00 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-05-13 21:00 - 2019-03-23 19:59 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-05-12 20:04 - 2019-03-24 00:35 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-05-12 20:04 - 2019-03-24 00:35 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-05-12 20:04 - 2019-03-24 00:35 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-05-12 19:37 - 2019-12-02 20:02 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-05-11 20:51 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Roaming\Postman 2021-05-09 20:40 - 2019-11-24 16:17 - 000000000 ____D C:\Users\amanda\AppData\Roaming\npm 2021-05-09 20:39 - 2019-06-10 19:21 - 000002178 _____ C:\Users\amanda\Desktop\Postman.lnk 2021-05-09 20:39 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman 2021-05-08 10:40 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-05-06 18:08 - 2019-06-10 19:21 - 000000000 ____D C:\Users\amanda\AppData\Local\Postman ==================== Files in the root of some directories ======== 2019-04-01 18:43 - 2021-01-22 19:22 - 000002278 _____ () C:\Users\amanda\AppData\Roaming\jd-gui.cfg 2020-12-31 22:37 - 2020-12-31 22:37 - 000000128 _____ () C:\Users\amanda\AppData\Roaming\PUTTY.RND 2019-10-17 19:20 - 2021-04-05 16:31 - 000000600 _____ () C:\Users\amanda\AppData\Local\PUTTY.RND 2020-11-21 15:15 - 2020-11-21 15:15 - 000007603 _____ () C:\Users\amanda\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
Addition log
- Code: Select all
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01 Ran by amanda (01-06-2021 16:38:18) Running from C:\Users\amanda\Downloads Windows 10 Home Version 20H2 19042.985 (X64) (2020-10-17 01:55:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2874402850-4125491413-1335039919-500 - Administrator - Disabled) amy (S-1-5-21-2874402850-4125491413-1335039919-1003 - Administrator - Enabled) => C:\Users\amy amanda (S-1-5-21-2874402850-4125491413-1335039919-1001 - Administrator - Enabled) => C:\Users\amanda DefaultAccount (S-1-5-21-2874402850-4125491413-1335039919-503 - Limited - Disabled) Guest (S-1-5-21-2874402850-4125491413-1335039919-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2874402850-4125491413-1335039919-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\uTorrent) (Version: 3.5.5.46010 - BitTorrent Inc.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Alfresco Community (HKLM-x32\...\Alfresco Community 201707) (Version: 201707 - Alfresco Software, Inc.) Android Studio (HKLM\...\Android Studio) (Version: 3.3 - Google LLC) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) FileZilla Client 3.51.0 (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\FileZilla Client) (Version: 3.51.0 - Tim Kosse) Git version 2.24.0.2 (HKLM\...\Git_is1) (Version: 2.24.0.2 - The Git Development Community) GlassFish Server Open Source Edition 4.1.1 (HKLM\...\nbi-glassfish-mod-4.1.1.0.1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC) HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.) HP CoolSense (HKLM-x32\...\{AC154691-D9B6-4CD9-BB9B-ACDAF61367E5}) (Version: 2.22.1 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.) HP IR Camera driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.20005 - Realtek Semiconductor Corp.) HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.) HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{6A139049-EBB9-4076-8664-B468888E55A3}) (Version: 1.3.392.0 - HP Inc.) HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.4.14.41 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.6.14.19 - HP Inc.) HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.0.4 - HP Inc.) HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4691 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1713.2 - Intel Corporation) Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation) Intel® Integrated Sensor Solution (HKLM-x32\...\{98970ddc-844d-4ec3-b93e-52f5f693b305}) (Version: 3.10.100.3429 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation) ISS_Drivers_x64 (HKLM\...\{9315B8DE-B183-4126-A69E-150B8ABF3690}) (Version: 3.10.100.3429 - Intel Corporation) Hidden Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation) Java SE Development Kit 8 Update 202 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180202}) (Version: 8.0.2020.8 - Oracle Corporation) Java(TM) SE Development Kit 11.0.10 (64-bit) (HKLM\...\{13D682BE-97A8-527B-A941-9953144DD3CF}) (Version: 11.0.10.0 - Oracle Corporation) JetBrains PyCharm Community Edition 2019.3 (HKLM-x32\...\PyCharm Community Edition 2019.3) (Version: 193.5233.109 - JetBrains s.r.o.) LibreOffice 6.3.6.2 (HKLM\...\{6664E413-D143-48B3-823F-50084561A0B6}) (Version: 6.3.6.2 - The Document Foundation) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14026.20246 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.37 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.37 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation) MongoDB 4.2.3 2008R2Plus SSL (64 bit) (HKLM\...\{CD1DAD1D-017C-4407-8BA1-FA15312A94F6}) (Version: 4.2.3 - MongoDB Inc.) Mozilla Firefox 85.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 85.0.2 (x64 fr)) (Version: 85.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla) NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org) Node.js (HKLM\...\{41408FBE-699A-4989-83CA-AB035EECA740}) (Version: 12.13.1 - Node.js Foundation) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team) Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Oracle VM VirtualBox 6.1.8 (HKLM\...\{8EC316C6-82C4-431F-A4DE-4082717C96D5}) (Version: 6.1.8 - Oracle Corporation) osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden Postman-win64-7.36.5 (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\Postman) (Version: 7.36.5 - Postman) PuTTY release 0.70 (HKLM-x32\...\{0B06C05B-0069-4FE8-AC19-AAF6678FD0A8}) (Version: 0.70.0.0 - Simon Tatham) Python 2.7.18 (64-bit) (HKLM\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}) (Version: 2.7.18150 - Python Software Foundation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.) stunnel installed for CurrentUser (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\stunnel) (Version: 5.56 - Michal Trojnara) Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.2558 - TeamViewer) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden USBPcap 1.3.0.0 (HKLM\...\USBPcap) (Version: 1.3.0.0 - Tomasz Mon) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1) (Version: 1.1.70.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-2) (Version: 1.1.70.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-3) (Version: 1.1.70.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.1 (HKLM\...\VulkanRT1.1.70.1-4) (Version: 1.1.70.1 - LunarG, Inc.) Hidden Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) Wireshark 3.0.2 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.2 - The Wireshark developer community, hxxps://www.wireshark.org) XAMPP (HKLM-x32\...\xampp) (Version: 7.2.16-0 - Bitnami) Zoom (HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.) ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.5.37.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2030.2.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.194.600.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com) Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-16] (Dropbox Inc.) DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2021.2.6.0_x64__t5j2fzbtdg37r [2021-05-09] (DTS, Inc.) Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.41.4105.0_x86__ytsefhwckbdv6 [2021-05-27] (G5 Entertainment AB) HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.3.407.0_x86__v10z8vjag6ke6 [2018-07-25] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-24] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-28] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.) Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.1.0_x64__nfy108tqq3p12 [2021-02-21] (Thumbmunkeys Ltd) Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-03-24] (Plex) Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-04-10] (Random Salad Games LLC) Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-14] (Synaptics Incorporated) VitalSource Bookshelf -> C:\Program Files\WindowsApps\VitalSourceTechnologiesIn.VitalSourceBookshelf_9.4.29.0_x64__wasrd15zsyawm [2021-04-22] (VitalSource Technologies Inc) WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2104.13002.0_neutral__8wekyb3d8bbwe [2021-04-30] (Microsoft Corporation) WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-02] (WinZip Computing) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-09-18] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-09-18] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127756.inf_amd64_cd9f19051b5853c8\igfxDTCM.dll [2018-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\amanda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= 2021-05-14 11:27 - 2021-05-14 11:27 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\47a36903a1a777d73c6cf86a9f4237a0\BRIDGECommon.ni.dll 2021-05-14 11:28 - 2021-05-14 11:28 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\63fcf67359e5d44aefab4053d0597bff\BridgeExtension.ni.dll 2021-04-21 21:30 - 2021-04-21 21:30 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\9a41d13cb3c4b4bbfe17e619dbf622b7\CleanStartController.ni.dll 2021-04-21 21:31 - 2021-04-21 21:31 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\f7bd748a9acba01efc64a02cf57764ac\Interop.IWshRuntimeLibrary.ni.dll 2021-04-21 21:31 - 2021-04-21 21:31 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\75fa5cc812ec0f5b2a71b1a84ecede1e\Hardcodet.Wpf.TaskbarNotification.ni.dll 2021-04-21 21:29 - 2021-04-21 21:29 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\e0ddaca1c914a570bda42a32759499ff\CommonPortable.ni.dll 2019-10-16 05:25 - 2017-10-19 08:30 - 000087552 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppCollect.dll 2019-10-16 05:25 - 2017-10-19 08:30 - 000199680 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\IsAppCommon.dll 2021-04-21 21:31 - 2021-04-21 21:31 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\152aaa9139cbd7f3bda75a3181ead06d\NAudio.ni.dll 2020-04-18 23:27 - 2020-04-18 23:27 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll 2020-04-18 23:27 - 2020-04-18 23:27 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll 2019-10-16 05:25 - 2015-02-27 09:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.3.231\Newtonsoft.Json.dll 2021-04-21 21:28 - 2021-04-21 21:28 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\99089c473f5717536af38422552f15b2\Newtonsoft.Json.ni.dll 2021-04-21 21:31 - 2021-04-21 21:31 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\1a337ece96259812fb823e64a5cfd5ea\log4net.ni.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-04-27] (Oracle America, Inc. -> Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc. -> HP Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc. -> HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 21:03 - 2021-04-10 13:42 - 000001304 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 youtube.com 192.168.1.120 host.docker.internal 192.168.1.120 gateway.docker.internal 127.0.0.1 wso2is.local 127.0.0.1 keycloack.local 2020-06-15 22:18 - 2020-06-15 22:23 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\app\amanda\product\11.2.0\dbhome_1\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%MAVEN_HOME%\bin;%JAVA_HOME%\bin;%GLASSFISH_HOME%\bin;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\PuTTY\;C:\Program Files\nodejs\;C:\Program Files\Git\cmd;C:\Program Files\MongoDB\Server\4.2\bin;c:\Python27;c:\Python27\Scripts; HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg HKU\S-1-5-21-2874402850-4125491413-1335039919-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg DNS Servers: 192.168.43.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Ethernet 8: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet 8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet 8: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) Ethernet 8: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Ethernet 8: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) Ethernet 8: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet 7: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet 7: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet 7: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Ethernet 7: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) Ethernet 7: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet 7: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) Npcap Loopback Adapter: VMware Bridge Protocol -> vmware_bridge (enabled) Npcap Loopback Adapter: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Npcap Loopback Adapter: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Npcap Loopback Adapter: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Ethernet 9: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet 9: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet 9: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet 9: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) Ethernet 9: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Ethernet 9: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled) Wi-Fi: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Wi-Fi: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) VMware Network Adapter VMnet1: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) VMware Network Adapter VMnet1: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) VirtualBox Host-Only Network #3: VMware Bridge Protocol -> vmware_bridge (enabled) VirtualBox Host-Only Network #3: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) VirtualBox Host-Only Network #3: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) VirtualBox Host-Only Network #3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) VirtualBox Host-Only Network #3: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) VirtualBox Host-Only Network #3: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) VMware Network Adapter VMnet8: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled) VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) VMware Network Adapter VMnet8: Npcap Packet Driver (NPF) (Wi-Fi) -> INSECURE_NPF_WIFI (enabled) VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: ClientAnalyticsService => 3 MSCONFIG\Services: HomeNetSvc => 2 MSCONFIG\Services: McAWFwk => 3 MSCONFIG\Services: McBootDelayStartSvc => 2 MSCONFIG\Services: mccspsvc => 2 MSCONFIG\Services: McNaiAnn => 2 MSCONFIG\Services: McODS => 3 MSCONFIG\Services: mcpltsvc => 2 MSCONFIG\Services: McProxy => 2 MSCONFIG\Services: MongoDB => 2 MSCONFIG\Services: MSK80Service => 3 HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKLM\...\StartupApproved\Run32: => "HPMessageService" HKLM\...\StartupApproved\Run32: => "HPRadioMgr" HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2874402850-4125491413-1335039919-1001\...\StartupApproved\Run: => "Docker Desktop" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{C29774DA-8043-42B7-8432-703E416BD8A2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{1C485379-733C-4B85-AF77-1B1EFCEB0CB2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{54F5A891-D4EF-43D1-BBCF-9A27A0AD185A}C:\users\amanda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\amanda\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{89845F83-37E2-4F4A-90A0-55DA53DF864F}C:\users\amanda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\amanda\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{0F67C3DE-7C3C-4C92-B55F-C95EFAC53738}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{5FC184F3-FD77-4296-A1AE-D6E2034CDB86}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{E78A6A55-C5E2-460D-908F-803CF845DC3D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe FirewallRules: [UDP Query User{E5C65A78-7359-4BFF-A5AB-87857A2A2E5A}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe FirewallRules: [TCP Query User{D0D4B000-B2E9-40DA-B20B-D0DAB6951FC3}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.) FirewallRules: [UDP Query User{EF62C313-627E-41D1-83F6-763F5F2B3525}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.) FirewallRules: [TCP Query User{B6B6C4AF-5E94-4C2C-ACE2-4E401E47F56C}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed] FirewallRules: [UDP Query User{38AE87A6-1805-4D86-8DF0-928700C8A82F}C:\python27\python.exe] => (Allow) C:\python27\python.exe () [File not signed] FirewallRules: [{A70FF00F-9E87-41B6-8580-CA14B7580B9F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8B081A12-DA03-4CFD-A057-7656319243DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{4664509E-E2E3-45DA-9C95-9DBF9D7EFD5C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{541533EA-DD19-43A4-A8D1-741A0627BD80}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{A958B825-0F8E-4DDF-9FC3-397021B43E89}C:\users\amanda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\amanda\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{DDE22F23-4B59-4B66-B2FA-D4F4B724D83C}C:\users\amanda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\amanda\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{0F673CF8-9E75-4A98-ABBF-F903CC09F3DC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5F011103-A194-4C81-9738-1AA5C1210793}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{F7E9455F-9F70-465B-BB18-4911D4E19FF0}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> ) FirewallRules: [UDP Query User{44FBAD82-2999-4E70-8728-58F61631275E}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> ) FirewallRules: [TCP Query User{63757D53-6E46-482A-959C-4D2ED5AB3DC9}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe FirewallRules: [UDP Query User{6353F9CD-2081-4454-A2A3-5D9BDE0A0F2C}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe FirewallRules: [TCP Query User{C6F7EB63-45A3-4924-919D-9DCF2CD8D7DF}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe FirewallRules: [UDP Query User{66D8DC2D-1726-496B-8180-9D8A25BA727F}C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_202\jre\bin\javaw.exe FirewallRules: [TCP Query User{1459DF43-42B7-4D7A-81A6-251A406BBB77}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> ) FirewallRules: [UDP Query User{25EAFEA3-9853-48FA-BCA1-3F3685EE65E4}C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe] => (Allow) C:\spring tool suite 4\sts-4.8.0.release\springtoolsuite4.exe (Pivotal Software, Inc. -> ) FirewallRules: [TCP Query User{4E214C8B-3E42-4827-822E-AD9A6F7AA1C1}C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [UDP Query User{2102A61C-B621-4EC7-8135-D397B1946090}C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\amanda\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{FD154919-5074-42E1-A55D-4F33205F4B62}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.) FirewallRules: [UDP Query User{0FD42124-9FD0-48A1-BD48-4C7B8159DCBB}C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe] => (Allow) C:\users\amanda\desktop\tools\sftp-server\rebextinysftpserver.exe (REBEX CR s.r.o. -> Rebex CR, s.r.o.) FirewallRules: [TCP Query User{E10A17BD-72A8-4C9A-9145-69B08146AE0B}C:\program files\java\jre1.8.0_271\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\java.exe => No File FirewallRules: [UDP Query User{7425971E-FC0A-41C2-BB31-F1130B03CD0A}C:\program files\java\jre1.8.0_271\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\java.exe => No File FirewallRules: [TCP Query User{51C47126-6A78-4E86-AA83-5C101D58F0CF}C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe] => (Allow) C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe () [File not signed] FirewallRules: [UDP Query User{F522B6C2-C6B0-4081-8BCA-0713BEC6A602}C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe] => (Allow) C:\openmrs\referenceapplication-standalone-2.11.0\database\bin\mysqld.exe () [File not signed] FirewallRules: [TCP Query User{C64FD0BE-4DA4-4CFA-A521-A3AD01DC9806}C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe => No File FirewallRules: [UDP Query User{75883C8A-441B-43B3-9E46-C805A7C5A2DA}C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_671062\java.exe => No File FirewallRules: [TCP Query User{5D45E3D9-7B7D-4603-8ACB-D610C9860AC6}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [UDP Query User{87C2A62A-D46E-46E2-AFF6-634622DE3C8E}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [TCP Query User{E9A96817-43DC-4669-A84C-87A508CDE6E7}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [UDP Query User{155E0D73-CBF0-4EDC-A5B9-3F527D45D68C}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js) FirewallRules: [TCP Query User{9ECAB92F-9ABE-453F-B559-7232CA2F1BF6}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe (Google LLC -> JetBrains s.r.o.) FirewallRules: [UDP Query User{86EA330B-CC01-428F-B2EC-E268AC5A637F}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe (Google LLC -> JetBrains s.r.o.) FirewallRules: [{021D2529-A4C3-4E92-A8ED-B48AF451E999}] => (Allow) LPort=3000 FirewallRules: [{4BD72331-4120-4954-B0CE-18955EDFE9D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{88DC5BFD-9745-4942-ACA2-EC2B6E3E1A8E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BBED9672-8A9B-4FC7-87E3-0D740212564F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 23-05-2021 22:32:28 Scheduled Checkpoint 01-06-2021 03:04:57 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: Android ADB Interface Description: Android ADB Interface Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b2b0e} Manufacturer: LeMobile Service: WinUSB Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: VirtualBox Host-Only Ethernet Adapter Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VirtualBox Host-Only Ethernet Adapter #2 Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VirtualBox Host-Only Ethernet Adapter #2 Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (06/01/2021 04:14:49 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-DUJU8T3) Description: Windows cannot load the extensible counter DLL "oraperf.dll" (Win32 error code 126). Error: (06/01/2021 04:08:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IntelAudioService.exe, version: 1.0.152.0, time stamp: 0x5bd0d480 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00007fff3efa1aae Faulting process id: 0x1074 Faulting application start time: 0x01d75700400f39cf Faulting application path: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe Faulting module path: unknown Report Id: f7082614-c86b-4379-9c49-7e0a3cefaa95 Faulting package full name: Faulting package-relative application ID: Error: (06/01/2021 04:08:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IntelAudioService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Error: (06/01/2021 04:06:42 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY) Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" (value from GetModuleFileName() for the binary that issued the query). Error: (06/01/2021 03:30:37 PM) (Source: HP Comm Recovery) (EventID: 0) (User: ) Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object. at _HPCommRecovery.HPAHLogger.CheckSession() at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus) at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData). Error: (06/01/2021 03:30:37 PM) (Source: HP Comm Recovery) (EventID: 0) (User: ) Description: Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException: Object reference not set to an instance of an object. at _HPCommRecovery.HPAHLogger.CheckSession() at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus) at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData). Error: (06/01/2021 10:16:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IntelAudioService.exe, version: 1.0.152.0, time stamp: 0x5bd0d480 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00007ff919531aae Faulting process id: 0x958 Faulting application start time: 0x01d756cf1ccb3075 Faulting application path: C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe Faulting module path: unknown Report Id: 6bfcd2d6-e213-4e7c-88e4-92ebf08e5f94 Faulting package full name: Faulting package-relative application ID: Error: (06/01/2021 10:16:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IntelAudioService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException System errors: ============= Error: (06/01/2021 04:07:08 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (06/01/2021 04:06:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/01/2021 03:30:36 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (06/01/2021 10:15:18 AM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (06/01/2021 10:15:49 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:41:51 AM on 6/1/2021 was unexpected. Error: (06/01/2021 10:01:44 AM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (06/01/2021 02:47:31 AM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Error: (05/31/2021 03:09:10 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: The driver detected an internal driver error on \Device\VBoxNetLwf. Windows Defender: ================ Date: 2021-06-01 16:36:52 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/Remoteshell.X&threatid=2147742159&enterprise=0 Name: Backdoor:PHP/Remoteshell.X Severity: Severe Category: Backdoor Path: file:_C:\Users\amanda\Downloads\13073.txt Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\amanda\Downloads\FRST64.exe Security intelligence Version: AV: 1.339.1822.0, AS: 1.339.1822.0, NIS: 1.339.1822.0 Engine Version: AM: 1.1.18100.6, NIS: 1.1.18100.6 Date: 2021-05-31 18:59:08 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-30 14:05:10 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-30 13:19:22 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-26 23:16:51 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-05-23 17:29:01 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.339.1138.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.6 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2021-05-05 22:05:13 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.337.647.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.18100.5 Error code: 0x80070643 Error description: Fatal error during installation. Date: 2021-05-05 22:05:04 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.339.21.0 Previous security intelligence Version: 1.337.647.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.18100.6 Previous Engine Version: 1.1.18100.5 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-05-05 22:05:04 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.339.21.0 Previous security intelligence Version: 1.337.647.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.18100.6 Previous Engine Version: 1.1.18100.5 Error code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2021-05-05 22:05:04 Description: Microsoft Defender Antivirus has encountered an error trying to update the engine. New Engine Version: 1.1.18100.6 Previous Engine Version: 1.1.18100.5 Error Code: 0x80070666 Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. ==================== Memory info =========================== BIOS: Insyde F.39 03/28/2018 Motherboard: HP 83C8 Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz Percentage of memory in use: 74% Total physical RAM: 12161.66 MB Available physical RAM: 3106.94 MB Total Virtual: 14849.66 MB Available Virtual: 5098.04 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:917.17 GB) (Free:330.19 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{2e581b89-fcfa-42b7-8f67-193179a115a8}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.3 GB) NTFS \\?\Volume{1ead6b8d-5230-4151-9b47-f0dc87feca94}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: B5A2F73F) Partition: GPT. ==================== End of Addition.txt =======================