1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Really Really slow

Discussion in 'Malware Removal Help' started by Tony D, Aug 27, 2021.

  1. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    This thing is really really slow. Edge and Chrome take forever to open. Notepad is fine. Explorer itself can be a pain. It takes a while for things like the Start menu to open Right click on a folder to get the context menu takes way too long, like about 20 seconds.

    I remove AVG and Viper yesterday, but they are still showing in the FRST log.
    I see System Interrupt taking 100% CPU at times.
    MBAM took out TrojanBrowserAssistant.

    It's just not right and I'm not sure if it's hardware or software at this point. Help plees.

    I've included the first MBAM log and the subsequent one.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 8/26/21
    Scan Time: 8:37 PM
    Log File: fee99794-06ce-11ec-a9d7-28c63f4377d5.json

    -Software Information-
    Version: 4.1.0.56
    Components Version: 1.0.889
    Update Package Version: 1.0.44406
    License: Expired

    -System Information-
    OS: Windows 10 (Build 19041.1110)
    CPU: x64
    File System: NTFS
    User: LAPTOP-JTMJPCUS\winte

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 348709
    Threats Detected: 8
    Threats Quarantined: 8
    Time Elapsed: 57 min, 51 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 2
    Trojan.BrowserAssistant.Powershell, HKU\S-1-5-21-2354842604-3837230277-2605947981-1001\SOFTWARE\REALISTIC MEDIA INC.\Browser Assistant, Quarantined, 3954, 661357, 1.0.44406, , ame,
    Trojan.BrowserAssistant, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E87E4698-BB1C-43BC-9E92-FA86F91AB61D}, Quarantined, 930, 955266, 1.0.44406, , ame,

    Registry Value: 1
    Trojan.BrowserAssistant, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E87E4698-BB1C-43BC-9E92-FA86F91AB61D}|DISPLAYNAME, Quarantined, 930, 955266, 1.0.44406, , ame,

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 1
    Trojan.BrowserAssistant.Powershell, C:\USERS\WINTE\APPDATA\ROAMING\BROWSER ASSISTANT, Quarantined, 3954, 787388, 1.0.44406, , ame,

    File: 4
    Trojan.BrowserAssistant.Powershell, C:\USERS\WINTE\APPDATA\ROAMING\BROWSER ASSISTANT\PSHELLPID.DAT, Quarantined, 3954, 787388, 1.0.44406, , ame,
    Trojan.BrowserAssistant.Powershell, C:\USERS\WINTE\APPDATA\ROAMING\BROWSER ASSISTANT\UCRTBASE.DLL, Replaced, 3954, 914707, 0.0.0, , ame,
    Adware.InstallCore, C:\USERS\WINTE\DOWNLOADS\LASTDAYONEARTH_ZOMBIE.SURVIVAL.CRAFT.Z_FLOW5MKT_4017163391.EXE, Quarantined, 517, 845509, 1.0.44406, DE9D6FDEA428D786FF2AE56A, dds, 01395124
    Trojan.BrowserAssistant, C:\WINDOWS\INSTALLER\20B5590A.MSI, Quarantined, 930, 806558, 1.0.44406, , ame,

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)

    (end)

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 8/27/21
    Scan Time: 8:32 AM
    Log File: e94b0120-0732-11ec-8724-ace2d3720719.json

    -Software Information-
    Version: 4.1.0.56
    Components Version: 1.0.955
    Update Package Version: 1.0.44418
    License: Free

    -System Information-
    OS: Windows 10 (Build 19041.1110)
    CPU: x64
    File System: NTFS
    User: LAPTOP-JTMJPCUS\winte

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 348918
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 1 hr, 5 min, 31 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)

    (end)

    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.0.0
    # -------------------------------
    # Build: 06-29-2021
    # Database: 2021-08-09.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 08-27-2021
    # Duration: 00:00:12
    # OS: Windows 10 Home
    # Cleaned: 4
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [9091 octets] - [27/08/2021 13:53:15]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2021
    Ran by winte (administrator) on LAPTOP-JTMJPCUS (HP HP Laptop 15-bs0xx) (27-08-2021 14:00:22)
    Running from C:\Users\winte\OneDrive\Desktop
    Loaded Profiles: winte
    Platform: Windows 10 Home Version 21H1 19043.1110 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
    HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP Inc. -> HP)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-27] (Google LLC -> Google LLC)
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01440DAC-24D7-48A8-9E99-B810B39874D1} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
    Task: {02DD73EB-ACE1-423F-AD11-5EA184988A53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH65G3200Z => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1075744 2016-12-07] (HP Inc. -> HP Inc.)
    Task: {04AA1629-EF07-4EAE-A0E5-11833ED2F309} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-17] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {05B89915-A89C-4477-BD14-C455DDC1E2F0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-07] (HP Inc. -> HP Inc.)
    Task: {0B8CDF52-75DF-4EF8-A4E7-03B2A6ACEEA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-08-17] (Microsoft Corporation -> Microsoft Corporation)
    Task: {18D50EE9-5BAC-41D6-9B6D-C33359C87FE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1148448 2016-12-07] (HP Inc. -> HP Inc.)
    Task: {2890695B-588F-4C3A-BDEF-A2C85541E383} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-12-22] (Google Inc -> Google Inc.)
    Task: {29111482-496E-4394-AB48-EC00FC663748} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-08-17] (Microsoft Corporation -> Microsoft Corporation)
    Task: {2A95E3E4-ACCE-44B7-B6F6-457BB4DA6DFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [106528 2016-12-07] (HP Inc. -> HP Inc.)
    Task: {2CDE08E0-5FC8-4F6C-9E04-FE40CCD63335} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-28] (Dropbox, Inc -> DropboxOEM)
    Task: {346C1083-C770-4A99-BD43-4FADC7640F13} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
    Task: {34B78F50-CD4E-4982-AE74-9DEC5BF37265} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
    Task: {4FADD0EE-4A68-4921-9D23-ABB995D87E9B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-17] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {60A16462-BDE1-4EB2-80F5-620C8E9F00E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.)
    Task: {7F3D2A7A-6329-4940-812F-5F98AAECC6C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {B553FB79-565C-415D-86BE-2576D0DB2DB5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23253888 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
    Task: {C4430160-DAB2-4897-9BA2-5BDD1C6C8B7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.)
    Task: {C45888EF-4214-47C6-9F4E-1943F54D087D} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
    Task: {D2AA47FA-AF21-4726-98C8-A8745087F684} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {DE8FD22C-A094-441A-B4EC-BFAE6AAB7751} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {DECC7D8B-3349-4F4E-9FC4-63CD00CBF1FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1148448 2016-12-07] (HP Inc. -> HP Inc.)
    Task: {DF08C6B9-02BF-43D3-81E8-F64105EE32EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [196968 2016-12-07] (HP Inc. -> HP Inc.)
    Task: {EAD46309-7479-4763-B14C-24C0919CA979} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {EAFA42E8-91DB-4363-A562-85583972352B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1075744 2016-12-07] (HP Inc. -> HP Inc.)
    Task: {F34A523A-3F2F-4C3E-89EE-64B4F2284C83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-12-22] (Google Inc -> Google Inc.)
    Task: {FEE3461B-3618-43F2-9165-F562885F09E1} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459264 2017-02-01] (HP Inc. -> )

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{2f402278-bc33-4134-a9ea-c9e403f6f67f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{77eef56f-6deb-486c-8e40-c3cbc1054191}: [DhcpNameServer] 192.168.1.1

    Edge:
    =======
    DownloadDir: C:\Users\winte\Downloads
    Edge Notifications: HKU\S-1-5-21-2354842604-3837230277-2605947981-1001 -> hxxps://www.facebook.com
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\winte\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-27]
    Edge DownloadDir: Default -> C:\Users\winte\Downloads

    FireFox:
    ========
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-22] (WildTangent Inc -> )

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\winte\AppData\Local\Google\Chrome\User Data\Default [2021-08-26]
    CHR Notifications: Default -> hxxps://allevents.in; hxxps://effsadness.com; hxxps://www.cnet.com; hxxps://www.facebook.com; hxxps://www.ufumbuzinow.com
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\winte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2020-07-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\winte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]
    CHR Extension: (Chrome Media Router) - C:\Users\winte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-30]
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142128 2021-08-05] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-17] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-17] (Dropbox, Inc -> Dropbox, Inc.)
    S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-22] (WildTangent Inc -> WildTangent)
    S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
    S2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-01] (HP Inc. -> HP Inc.)
    R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc. -> HP Inc.)
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (Hewlett-Packard Company -> HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.)
    S2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-01] (Malwarebytes Inc -> Malwarebytes)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-26] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-26] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-08-27] (Malwarebytes Inc -> Malwarebytes)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-26] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-26] (Microsoft Windows -> Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
    U3 aspnet_state; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-08-27 13:58 - 2021-08-27 14:02 - 000000000 ____D C:\FRST
    2021-08-27 13:50 - 2021-08-27 13:56 - 000000000 ____D C:\AdwCleaner
    2021-08-27 13:44 - 2021-08-27 13:44 - 000000000 ___HD C:\$WinREAgent
    2021-08-27 13:05 - 2021-08-27 13:05 - 000000000 ___HD C:\ProgramData\temp
    2021-08-27 08:21 - 2021-08-27 08:21 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2021-08-26 22:22 - 2021-08-26 22:22 - 000001240 _____ C:\WINDOWS\SysWOW64\ServiceConfig.xml
    2021-08-25 14:37 - 2021-08-25 14:37 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
    2021-08-25 14:36 - 2021-08-25 14:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
    2021-08-25 14:36 - 2021-08-25 14:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
    2021-08-25 14:36 - 2021-08-25 14:36 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
    2021-08-25 14:27 - 2021-08-25 14:27 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-08-25 14:22 - 2021-08-25 14:22 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2021-08-17 17:15 - 2021-08-26 18:00 - 000000181 _____ C:\Users\winte\BullseyeCoverageError.txt
    2021-08-17 16:02 - 2021-08-17 16:02 - 000000000 ____D C:\Users\winte\HP

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-08-27 14:05 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-08-27 14:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-08-27 13:41 - 2019-12-22 03:33 - 000000000 ____D C:\Program Files (x86)\Google
    2021-08-27 13:41 - 2019-04-22 22:45 - 000000000 __SHD C:\Users\winte\IntelGraphicsProfiles
    2021-08-27 13:40 - 2020-11-13 00:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2021-08-27 13:05 - 2020-11-13 01:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-08-27 13:05 - 2020-11-13 00:25 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-08-27 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
    2021-08-27 13:03 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2021-08-27 10:37 - 2019-04-23 07:26 - 000000000 ____D C:\WINDOWS\system32\MRT
    2021-08-27 10:32 - 2019-04-23 07:26 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-08-27 10:29 - 2020-11-13 00:50 - 000908896 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2021-08-27 10:29 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
    2021-08-27 09:57 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-08-27 09:45 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-08-27 08:38 - 2019-12-22 03:35 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-08-27 08:38 - 2019-12-22 03:35 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2021-08-27 08:25 - 2019-04-22 22:45 - 000000000 ____D C:\Users\winte\AppData\Local\Packages
    2021-08-27 08:19 - 2020-05-01 13:25 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2021-08-27 08:04 - 2020-11-13 01:49 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1176AFF4-BC28-410B-907C-7C6C8DF6CD2F}
    2021-08-26 23:18 - 2019-04-23 01:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-08-26 22:24 - 2019-04-23 10:34 - 000000000 ____D C:\Program Files (x86)\VIPRE
    2021-08-26 22:15 - 2019-12-22 03:26 - 000000000 ____D C:\ProgramData\AVG
    2021-08-26 18:41 - 2017-10-21 07:15 - 000000000 ____D C:\ProgramData\mcafee
    2021-08-26 18:41 - 2017-10-21 07:15 - 000000000 ____D C:\Program Files\mcafee
    2021-08-26 18:40 - 2020-11-13 00:25 - 000276640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2021-08-26 18:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2021-08-26 18:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2021-08-26 18:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2021-08-26 18:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-08-26 18:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2021-08-26 18:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
    2021-08-26 18:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2021-08-26 18:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
    2021-08-26 18:21 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-08-26 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2021-08-26 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-08-26 18:21 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
    2021-08-26 18:07 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2021-08-26 18:06 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2021-08-26 18:05 - 2020-11-13 01:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
    2021-08-26 17:59 - 2021-01-13 11:58 - 000000000 ____D C:\Users\defaultuser100000.LAPTOP-JTMJPCUS
    2021-08-26 17:59 - 2020-09-11 13:13 - 000000000 ____D C:\Users\defaultuser100000
    2021-08-26 17:48 - 2019-12-05 13:27 - 000000000 ____D C:\Users\winte\AppData\Roaming\Sidify Music Converter Free
    2021-08-26 17:41 - 2020-01-05 15:46 - 000000000 ____D C:\Users\winte\AppData\Local\CrashDumps
    2021-08-25 12:55 - 2020-03-24 16:44 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-08-25 12:55 - 2020-03-24 16:44 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2021-08-20 14:12 - 2020-11-13 01:49 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2354842604-3837230277-2605947981-1001
    2021-08-20 14:12 - 2020-11-13 00:34 - 000002390 _____ C:\Users\winte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-08-20 14:01 - 2020-12-01 23:36 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b978843b156f
    2021-08-20 14:01 - 2020-11-13 01:49 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-08-20 13:38 - 2020-11-13 00:34 - 000000000 ____D C:\Users\winte
    2021-08-17 18:51 - 2020-08-31 20:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2021-08-17 18:24 - 2017-05-17 14:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2021-08-17 18:00 - 2017-05-17 14:58 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2021-08-17 18:00 - 2017-05-17 14:58 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2021-08-17 17:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2021-08-17 17:29 - 2020-11-13 01:49 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2021-08-17 17:29 - 2020-11-13 01:49 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2021-08-17 16:31 - 2019-04-22 22:50 - 000000000 ___RD C:\Users\winte\OneDrive
    2021-08-17 16:05 - 2019-04-25 17:47 - 000000000 ____D C:\Users\winte\AppData\Local\HP
    2021-08-17 15:54 - 2020-11-13 01:49 - 000004008 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
    2021-08-17 15:53 - 2020-11-13 01:49 - 000003776 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
    2021-08-01 19:36 - 2021-01-13 12:36 - 000000000 ____D C:\WINDOWS\Minidump
    2021-08-01 19:36 - 2017-10-21 08:00 - 002010215 ____N C:\WINDOWS\Minidump\080121-65218-01.dmp

    ==================== Files in the root of some directories ========

    2020-04-27 20:25 - 2020-04-27 20:25 - 000000017 _____ () C:\Users\winte\AppData\Local\resmon.resmoncfg
    2020-11-17 22:21 - 2020-11-17 22:21 - 000000000 _____ () C:\Users\winte\AppData\Local\{16DB5E3A-B5A8-40B3-8694-0A1FDB8BEABB}

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021
    Ran by winte (27-08-2021 14:23:50)
    Running from C:\Users\winte\OneDrive\Desktop
    Windows 10 Home Version 21H1 19043.1110 (X64) (2020-11-13 06:07:14)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-2354842604-3837230277-2605947981-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2354842604-3837230277-2605947981-503 - Limited - Disabled)
    Guest (S-1-5-21-2354842604-3837230277-2605947981-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-2354842604-3837230277-2605947981-504 - Limited - Disabled)
    winte (S-1-5-21-2354842604-3837230277-2605947981-1001 - Administrator - Enabled) => C:\Users\winte

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ThreatTrack Security VIPRE (Disabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}
    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ThreatTrack Security VIPRE (Disabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}
    AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    FW: ThreatTrack Security VIPRE (Disabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Audials 2020 (HKLM-x32\...\{6872B5B3-2A25-4F02-8EF2-41ADF70CD190}) (Version: 20.2.27.0 - Audials AG)
    Barn Yarn Collector's Edition (HKLM-x32\...\WTA-79d3950d-b48a-4804-a1f1-0f4eaad77051) (Version: 3.0.2.48 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
    Direct Game UNI Installer (HKLM-x32\...\{7CE79E81-562B-4252-93D7-C6FF8F18FE9C}) (Version: 1.0.23 - GamesLOL)
    Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC)
    HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
    HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
    HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
    HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
    HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.)
    HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
    HP Orbit (HKLM-x32\...\{04ec2b32-255d-418f-b6ca-dec62b872f5d}) (Version: 1.3.60.240 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.)
    HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
    HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
    HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
    Intel(R) Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11003.3588 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1004 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.12.1048 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{05f918ac-9392-4f5d-8399-68c4c70550b0}) (Version: 19.60.1 - Intel Corporation)
    Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-36932edc-fe9d-426a-961a-1da610baa300) (Version: 3.0.2.118 - WildTangent) Hidden
    Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
    Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14228.20250 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.78 - Microsoft Corporation)
    Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.78 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2354842604-3837230277-2605947981-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mystika 2 (HKLM-x32\...\WTA-e0a2bd80-e1ee-4540-8bf1-b57fe4b1baa5) (Version: 1.1.2.4 - WildTangent) Hidden
    Nero BurnExpress 2 (HKLM-x32\...\{EE41B18D-092E-4F1A-9156-FAC00F5E6809}) (Version: 12.0.00500 - Nero AG)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20250 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
    Runefall (HKLM-x32\...\WTA-e99c5aa4-4d0c-4925-975f-fc8337cb6cf1) (Version: 3.0.2.126 - WildTangent) Hidden
    Serato DJ Lite (HKLM\...\{431FAE0D-DA26-471A-812F-14920E7869A4}) (Version: 1.2.2.3 - Serato Limited) Hidden
    Serato DJ Lite (HKLM-x32\...\{c0b45103-9b5a-4d0a-88d3-ada6d03b7856}) (Version: 1.2.2.3 - Serato Limited)
    Serato DJ Pro (HKLM\...\{2F7CA2DB-2B93-473E-80FC-19C02B0D9420}) (Version: 2.2.2.3 - Serato Limited) Hidden
    Serato DJ Pro (HKLM-x32\...\{4b6dbd00-3f9c-4ca9-b9c4-90cccf7faf22}) (Version: 2.2.2.3 - Serato Limited)
    Sidify Music Converter Free 1.1.5 (HKLM-x32\...\Sidify Music Converter Free) (Version: 1.1.5 - Sidify)
    Sparkle 2 (HKLM-x32\...\WTA-2e85e9d4-faa1-40e3-adf5-f51590ca3829) (Version: 3.0.2.51 - WildTangent) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    Virtual DJ Broadcaster - Atomix Productions (HKLM-x32\...\Virtual DJ Broadcaster - Atomix Productions) (Version: - )
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden

    Packages:
    =========
    Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-21] (Amazon.com)
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.60.1.0_x86__kgqvnymyfvs32 [2021-06-30] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2050.2.0_x86__kgqvnymyfvs32 [2021-06-30] (king.com)
    Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_12.0.2.0_x86__m9bz608c1b9ra [2021-04-15] (Nordcurrent)
    Gardenscapes -> C:\Program Files\WindowsApps\PLRWorldwideSales.Gardenscapes-NewAcres_5.3.0.0_x64__1feq88045d2v2 [2021-06-02] (Playrix)
    HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2019-04-23] (HP Inc.)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_128.1.219.0_x64__v10z8vjag6ke6 [2021-07-02] (HP Inc.)
    iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-08-26] (Apple Inc.) [Startup Task]
    Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_2.1.7200.0_x86__8wekyb3d8bbwe [2020-08-14] (Microsoft Studios) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-26] (Microsoft Studios) [MS Ad]
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-26] (Microsoft Corporation)
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-18] (Netflix, Inc.)
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-23] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Corporation)
    Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-04-15] (Random Salad Games LLC)
    Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.13.156.0_x64__43tkc6nmykmb6 [2021-05-27] (Ookla)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0 [2021-06-30] (Spotify AB) [Startup Task]
    Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-12] (Synaptics Incorporated)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki135422.inf_amd64_819df826076efbf4\igfxDTCM.dll [2020-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\winte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
    Shortcut: C:\Users\winte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

    ==================== Loaded Modules (Whitelisted) =============

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2354842604-3837230277-2605947981-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {2216D095-4CA7-4A5B-9DB8-939D681A12F1} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {2216D095-4CA7-4A5B-9DB8-939D681A12F1} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-2354842604-3837230277-2605947981-1001 -> {2216D095-4CA7-4A5B-9DB8-939D681A12F1} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
    BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll => No File
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-07] (HP Inc. -> HP Inc.)
    BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll => No File
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-07] (HP Inc. -> HP Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-17] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-17] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-17] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-17] (Microsoft Corporation -> Microsoft Corporation)
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\
    HKU\S-1-5-21-2354842604-3837230277-2605947981-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\winte\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_20210501_181935668.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
    HKLM\...\StartupApproved\Run32: => "SBAMTray"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "HPMessageService"
    HKU\S-1-5-21-2354842604-3837230277-2605947981-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{FFC007F6-F888-4CD6-B5BE-938D8CCA2710}] => (Allow) LPort=31931
    FirewallRules: [{570FA982-677C-428E-A083-6897F0DB1977}] => (Allow) LPort=14714
    FirewallRules: [{4F6D577B-4ADA-47C0-BBB7-94F81AFEF979}] => (Allow) LPort=12972
    FirewallRules: [{ED43EC8D-C2FE-41E9-8BF6-E8553444DAD2}] => (Allow) C:\Program Files (x86)\Audials\Audials 2020\Audials.exe (Audials AG -> Audials AG)
    FirewallRules: [{74B71B92-25D4-40AA-A253-B8698CF4DF2F}] => (Allow) C:\Program Files (x86)\Sidify\Sidify Music Converter Free\Sidify Music Converter Free.exe (Shenzhen Qianhai Shuce Technologies Co., Ltd. -> )
    FirewallRules: [{BCCBDC9D-A2DB-4989-B8CF-2E91B0F813C4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{A42E5F18-0DF6-4631-AB3A-1282B3FC77E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
    FirewallRules: [{892C10FC-5000-46F6-9E47-AFC3E2334D5B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
    FirewallRules: [{126C7E60-0ADC-4241-985B-55EB195C6F55}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
    FirewallRules: [{66C7E78A-74F9-4326-A00F-60D82075E863}] => (Allow) LPort=13148
    FirewallRules: [{665ADD2B-32A5-43D5-8D41-77C9C68894F9}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
    FirewallRules: [{B245E7CC-7C16-4782-8EB7-E222C6257D6E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{6CBBA7E3-E468-423D-8590-5B47290343B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{E004CA61-829B-4AE3-AA58-D1EA84D1F22E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{9C09A002-72E1-4B0C-B1F3-7747C284FB7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{1B81237F-6C6A-41E9-A9D8-02E3E8007443}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{48DF021D-0B43-47AF-9F04-94E054040AF5}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{452B0DAF-4F9A-4C6E-BB99-79CAAE2DA104}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{7388D4CB-D76A-435C-8C2C-24386723DF70}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{943FB94B-3583-4500-83AB-F034089ED03B}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{D5E7A795-190A-4510-8405-C41D29C3F4B6}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{A81039E2-338E-46B5-9819-1B3B062C7C34}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8281BFA9-F506-46F0-AFBA-97040BC5DB69}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B68E524A-C3E6-4300-9AFF-7E013A490A8E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{94C88844-5353-4711-B125-F36D363E4577}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C902D1AE-2361-4A45-AF64-82915A9F7385}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{AB3B9929-DF3F-4D21-A6A2-593FAC41BB22}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{639021C0-9523-4E06-9D73-6F9E20277BF6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{95C81C9D-7122-4AD0-911D-BED9A4A3E2D5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{653843F3-AD48-465A-9E5A-8453230F3D76}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{9493B968-2DEA-4E07-B25E-F7A1BEC5E2D4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{EB077D47-903F-4D34-857A-D161A863C7D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F53B9A24-01AE-4709-ACBA-E03D03D47AE1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{67E90995-4A18-4028-BD00-DD2B386D8442}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{2E315124-CFB9-4E16-B0D1-BA36B33F459E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{31463C1B-1E15-4BB0-A19E-4E5EB19D1258}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{E03A3177-DB0F-4FBF-B8E6-96D5AF88BFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{26D8D67C-7D4D-490D-869C-C64E9468838B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{32E1D178-F226-4AD0-B1C5-9763F9907F42}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{47AE90DA-313D-4176-83A0-6F6B53A45703}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{5B7B606D-F0F4-458C-A1D0-F0F7DE8B0EF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{F8F03390-BA26-49F5-A797-1B68AFBE81A7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{86E241FC-39F4-4E08-922B-7A0CF71BE6C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{9CDC3A00-13F9-45E3-BFCD-74066310AF8F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{2E906EE7-7788-42AB-97BD-C4C056ADC03E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    18-06-2021 15:34:36 Windows Modules Installer
    18-06-2021 16:09:56 Windows Modules Installer
    10-07-2021 14:28:11 Windows Modules Installer
    10-07-2021 14:51:44 Windows Modules Installer
    17-08-2021 16:59:15 Windows Modules Installer
    17-08-2021 17:10:01 Windows Modules Installer
    17-08-2021 18:58:36 Windows Modules Installer
    17-08-2021 19:17:49 Windows Modules Installer
    27-08-2021 10:37:42 Windows Modules Installer
    27-08-2021 10:43:33 Windows Modules Installer
    27-08-2021 10:47:07 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (08/27/2021 02:11:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Music.UI.exe version 10.21061.1012.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1b00

    Start Time: 01d79b6eb628f043

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21061.10121.0_x64__8wekyb3d8bbwe\Music.UI.exe

    Report Id: 984a37f7-c325-4355-bfd6-8e0be350ebd3

    Faulting package full name: Microsoft.ZuneMusic_10.21061.10121.0_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: Microsoft.ZuneMusic

    Hang type: Activation

    Error: (08/27/2021 01:58:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wuauclt.exe, version: 10.0.19041.906, time stamp: 0x01b4b287
    Faulting module name: wuuhosdeployment.dll_unloaded, version: 10.0.19041.867, time stamp: 0x14e58421
    Exception code: 0xc0000005
    Fault offset: 0x000000000001a3f3
    Faulting process id: 0x129c
    Faulting application start time: 0x01d79b6af145c668
    Faulting application path: C:\WINDOWS\system32\wuauclt.exe
    Faulting module path: wuuhosdeployment.dll
    Report Id: 229d5756-1f74-41e1-92e3-60532458645a
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/27/2021 01:57:57 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (08/27/2021 12:30:35 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (08/26/2021 11:29:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 63671

    Error: (08/26/2021 11:29:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 63671

    Error: (08/26/2021 11:29:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/26/2021 11:29:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 47953


    System errors:
    =============
    Error: (08/27/2021 02:11:43 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-JTMJPCUS)
    Description: The server Microsoft.ZuneMusic_10.21061.10121.0_x64__8wekyb3d8bbwe!Microsoft.ZuneMusic did not register with DCOM within the required timeout.

    Error: (08/27/2021 01:56:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The HP JumpStart Bridge service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (08/27/2021 01:56:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Nero Update service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/27/2021 01:56:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/27/2021 01:56:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Content Protection HDCP Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/27/2021 01:56:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (08/27/2021 01:56:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (08/27/2021 01:56:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HP Comm Recovery service terminated unexpectedly. It has done this 1 time(s).


    Windows Defender:
    ================
    Date: 2021-08-27 13:40:22
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-08-26 20:10:03
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-08-26 19:38:09
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-11-13 04:16:37
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...Runner.G!lnk&threatid=2147763971&enterprise=0
    Name: Trojan:BAT/PSRunner.G!lnk
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\winte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk; startup:_C:\Users\winte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files\AVG\Antivirus\aswidsagent.exe
    Security intelligence Version: AV: 1.327.832.0, AS: 1.327.832.0, NIS: 1.327.832.0
    Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

    Date: 2020-11-13 04:13:56
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...Runner.G!lnk&threatid=2147763971&enterprise=0
    Name: Trojan:BAT/PSRunner.G!lnk
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\winte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files\AVG\Antivirus\aswidsagent.exe
    Security intelligence Version: AV: 1.327.832.0, AS: 1.327.832.0, NIS: 1.327.832.0
    Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

    Date: 2021-08-27 08:12:23
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.347.488.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18400.5
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2021-08-27 08:12:23
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.347.488.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18400.5
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2021-08-26 22:35:51
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.2114.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80070643
    Error description: Fatal error during installation.

    Date: 2021-08-26 22:11:19
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.331.2114.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    Date: 2021-08-26 20:14:35
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version: 1.347.479.0
    Previous security intelligence Version: 1.331.2114.0
    Update Source: User
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version: 1.1.18400.5
    Previous Engine Version: 1.1.17800.5
    Error code: 0x80070013
    Error description: The media is write protected.

    CodeIntegrity:
    ===============
    Date: 2021-08-26 22:05:50
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2021-08-26 22:04:00
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

    Date: 2021-08-26 21:59:29
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.


    ==================== Memory info ===========================

    BIOS: Insyde F.24 09/25/2017
    Motherboard: HP 832A
    Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
    Percentage of memory in use: 45%
    Total physical RAM: 8108.91 MB
    Available physical RAM: 4437.8 MB
    Total Virtual: 16300.91 MB
    Available Virtual: 13109.55 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:1847.67 GB) (Free:1490.98 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:14.01 GB) (Free:1.64 GB) NTFS ==>[system with boot components (obtained from drive)]

    \\?\Volume{99fdfb71-104e-4bc4-94a4-760572a988cd}\ () (Fixed) (Total:0.96 GB) (Free:0.38 GB) NTFS
    \\?\Volume{05cc2be3-39c7-440c-a252-89132e852ad0}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: BBD5068C)

    Partition: GPT.

    ==================== End of Addition.txt =======================
     
  2. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,685
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Yes so I see, plus McAfee!
    We can sort that.

    Let's start with all of the obvious and see how the system runs afterwards.

    Step 1
    QuickTime

    Please uninstall Quicktime 7.

    It is now a security risk:
    QuickTime for Windows is no longer supported by Apple.
    They will no longer be issuing security updates for the product on the Windows Platform and as such they recommend users uninstall it.

    And because Apple is no longer providing security updates for QuickTime on Windows, the present vulnerabilities are never going to be patched.

    Step 2
    I've added the Quicktime entries to the fix, just incase the uninstall leaves anything.

    Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\winte\OneDrive\Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    [​IMG]

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

    Thanks.
     

    Attached Files:

    IJAC likes this.
  3. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thanks Mr. Starbuck. It's going to take a while. I uninstalled QT7. That took 14 minutes. Also, it's been trying to install Cum Update KB 5005033 since yesterday. When I restarted after uninstalling QT7 (I like to restart after installing/uninstalling), it's at "Getting Windows ready". Maybe KB 5005033 will go in this time. Who know how long it's going to stay at "Getting Windows ready". Anyway, once it gets booted again, I'll run the FixList.
     
  4. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,685
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Don't you just hate W10 forcing updates on you when you have work to do lol.
     
    IJAC likes this.
  5. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Yes, and I'm not sure how much the slowness is due to Windows trying to install that update. It's been about 45 minutes and it has finally moved from "Getting ready" to "Working on updates"
     
  6. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,685
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Have to say that I've had terrible slow downs when some win updates have come through.
    Hopefully get the update finished and then run the fix and fingers crossed.... all will be good.
     
    IJAC likes this.
  7. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Finally there, It's better, but still not right. Unless you have another thought, I'm going to swap the hard drive.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2021
    Ran by winte (27-08-2021 17:23:35) Run:1
    Running from C:\Users\winte\OneDrive\Desktop
    Loaded Profiles: winte
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) [File not signed]
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-08-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
    U3 aspnet_state; no ImagePath
    C:\Program Files (x86)\VIPRE
    C:\ProgramData\AVG
    C:\ProgramData\mcafee
    C:\Program Files\mcafee
    C:\WINDOWS\system32\Tasks\McAfee
    AV: ThreatTrack Security VIPRE (Disabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}
    AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
    AS: ThreatTrack Security VIPRE (Disabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}
    AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
    FW: ThreatTrack Security VIPRE (Disabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171}
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll => No File
    BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll => No File
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    FirewallRules: [{1B81237F-6C6A-41E9-A9D8-02E3E8007443}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{48DF021D-0B43-47AF-9F04-94E054040AF5}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{452B0DAF-4F9A-4C6E-BB99-79CAAE2DA104}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{7388D4CB-D76A-435C-8C2C-24386723DF70}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{943FB94B-3583-4500-83AB-F034089ED03B}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    FirewallRules: [{D5E7A795-190A-4510-8405-C41D29C3F4B6}] => (Allow) C:\ProgramData\VIPRE\PatchManagement\VIPRE.PMAgent.exe => No File
    C:\Program Files (x86)\QuickTime
    C:\WINDOWS\System32\DRIVERS\avgntflt.sys
    C:\WINDOWS\system32\DRIVERS\avipbb.sys
    C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:


    *****************

    Processes closed successfully.
    "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task" => not found
    HKLM\SOFTWARE\Policies\Mozilla => removed successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
    avgntflt => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\avgntflt => removed successfully
    avgntflt => service removed successfully
    avipbb => Service stopped successfully.
    HKLM\System\CurrentControlSet\Services\avipbb => removed successfully
    avipbb => service removed successfully
    avkmgr => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\avkmgr => removed successfully
    avkmgr => service removed successfully
    HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully
    aspnet_state => service removed successfully
    C:\Program Files (x86)\VIPRE => moved successfully
    C:\ProgramData\AVG => moved successfully
    C:\ProgramData\mcafee => moved successfully
    C:\Program Files\mcafee => moved successfully
    C:\WINDOWS\system32\Tasks\McAfee => moved successfully
    "AV: ThreatTrack Security VIPRE (Disabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}" => removed successfully
    "AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}" => removed successfully
    "AS: ThreatTrack Security VIPRE (Disabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}" => removed successfully
    "AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}" => removed successfully
    "FW: ThreatTrack Security VIPRE (Disabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171}" => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => removed successfully
    HKLM\Software\Classes\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => removed successfully
    HKLM\Software\Classes\PROTOCOLS\Handler\vipresg => removed successfully
    HKLM\Software\Classes\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\QuickTime Task" => removed successfully
    "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task" => not found
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B81237F-6C6A-41E9-A9D8-02E3E8007443}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{48DF021D-0B43-47AF-9F04-94E054040AF5}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{452B0DAF-4F9A-4C6E-BB99-79CAAE2DA104}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7388D4CB-D76A-435C-8C2C-24386723DF70}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{943FB94B-3583-4500-83AB-F034089ED03B}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5E7A795-190A-4510-8405-C41D29C3F4B6}" => removed successfully
    "C:\Program Files (x86)\QuickTime" => not found
    C:\WINDOWS\System32\DRIVERS\avgntflt.sys => moved successfully
    C:\WINDOWS\system32\DRIVERS\avipbb.sys => moved successfully
    C:\WINDOWS\system32\DRIVERS\avkmgr.sys => moved successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 11821056 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18194515 B
    Java, Flash, Steam htmlcache => 735 B
    Windows/system/drivers => 180659409 B
    Edge => 4064665 B
    Chrome => 130247529 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 3670472 B
    systemprofile32 => 12897857 B
    LocalService => 13184689 B
    NetworkService => 353319811 B
    winte => 473964267 B
    defaultuser100001 => 473971435 B
    defaultuser100000.LAPTOP-JTMJPCUS => 473978603 B

    RecycleBin => 4606874798 B
    EmptyTemp: => 6.3 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 17:33:56 ====
     
  8. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,685
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Sorry for the late reply Tony,

    How are things at the moment? still the same slowness?
     
  9. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Hi. There's still something going on. It got pretty good once I did the optional updates. I can let you know which ones I installed once I get back home.
     
  10. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,685
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    This is an excellent second opinion scan............

    Please download RogueKiller Anti-malware onto your desktop. (The 'Free' version is all that we need)
    • Close all open programs and internet browsers.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Select Accept the User Agreement then continue to click Next then finally click Install
    • Click Finish
      .
    • When the program opens..... click Scan
    Then select the Standard Scan ( this is better than the Quick Scan for your purpose)
     
    IJAC likes this.
  11. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I'm back home now. The optional updates installed were:
    HP Inc Firmware
    Intel System 6/14/2019 8.6.10401.996 - there were two of these
    Realtek - Net 10.36.701.2019​

    It just seems to 'stick' a little more than it should at times. For instance Edge sometimes opens and populates immediately, other times it may take 10 seconds or so. If I bring up the Task Manager as soon as I can after boot, it looks stuck for a while, maybe 10 seconds or so. Otherwise it's pretty good.

    I did an sfc /scannow - No integrity violations were found.
     
  12. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Rogue Killer is running
     
  13. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Nothing found. I'm thinking of refreshing Windows. That may do it. If it doesn't, then hard drive.

    RogueKiller Anti-Malware V15.0.9.0 (x64) [Aug 5 2021] (Premium) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.19043) 64-bit
    Started in : Normal mode
    User : winte [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20210824_120208, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2021/08/28 12:43:44 (Duration : 00:46:14)
    Switches : -minimize

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
     
  14. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,685
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    At least we've ruled malware out of the equation.
    Don't forget that Rouge Killer is actually installed on the system ( like Malwarebytes,) so needs to be uninstalled as such.

    So that's something else ruled out.
     
    IJAC likes this.
  15. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,685
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    The couple of times that I've done that, I've found that the best way is to use the media creation tool and use a fresh copy.
    The one stored on the system never seemed to work for me.
     
    IJAC likes this.
  16. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Yes, I'm going to do that - use the Media Creation Tool. I've done it a few times and it has preserved apps, settings, and files.
     
    IJAC likes this.
  17. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    4,280
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thanks much for your help.

    It's been good all last night and all day today. Looks like it straightened itself out.
     
    IJAC likes this.
  18. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,685
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    You're welcome.
    :thmbup: that's good to hear.
     

Share This Page