Pesky winmon.sys – Virus, Trojan, Spyware, and Malware Removal Help | #microsoft | #hacking | #cybersecurity


Program started at: 06/10/2021 02:47:14 PM in x86 mode.

 * No malware services found to stop.

 * No malware processes found to kill.

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

  * HKLMSoftwareClassesexefileshellrunascommand\IsolatedCommand was changed. It was reset to “%1” %*!

 * No issues found.

 * No issues found.

 * No issues found.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-06-2021

Ran by Bryan (administrator) on BRYAN-HP (Hewlett-Packard p6655d) (10-06-2021 14:50:41)

Running from C:UsersBryanDesktop

Loaded Profiles: Bryan

Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Adaware Software (Lavasoft Software Canada Inc.) -> ) C:Program Filesadawareadaware antivirusadaware antivirus12.10.142.0AdAwareTray.exe

(Brave Software, Inc. -> Brave Software, Inc.) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe <14>

(Changzhou Jianzao 3D Technology Co., Ltd. -> Zbshareware Lab) C:Program FilesUSB Disk SecurityUSBGuard.exe

(CobianSoft, Luis Cobian) [File not signed] C:Program FilesCobian Backup 11cbVSCService11.exe

(EnigmaSoft Limited -> EnigmaSoft Limited) C:Program FilesEnigmaSoftSpyHunterShKernel.exe

(EnigmaSoft Limited -> EnigmaSoft Limited) C:Program FilesEnigmaSoftSpyHunterShMonitor.exe

(EnigmaSoft Limited -> EnigmaSoft Limited) C:Program FilesEnigmaSoftSpyHunterSpyHunter5.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft Security ClientMsMpEng.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft Security Clientmsseces.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [USB Security] => C:Program FilesUSB Disk SecurityUSBGuard.exe [722104 2019-06-11] (Changzhou Jianzao 3D Technology Co., Ltd. -> Zbshareware Lab)

HKLM…Run: [MSC] => c:Program FilesMicrosoft Security Clientmsseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

HKLM…Run: [AdAwareTray] => C:Program Filesadawareadaware antivirusadaware antivirus12.10.142.0AdAwareTray.exe [4608248 2021-04-22] (Adaware Software (Lavasoft Software Canada Inc.) -> )

HKUS-1-5-18…RunOnce: [SPReview] => C:WindowsSystem32SPReviewSPReview.exe [280576 2020-12-14] (Microsoft Windows -> Microsoft Corporation)

HKLM…Windows NT x86Print ProcessorsBJ Print Processor4: C:WindowsSystem32spoolprtprocsW32X86CNBPP4.DLL [71168 2009-07-14] (Microsoft Windows -> CANON INC.)

HKLM…Windows NT x86Print ProcessorsCanon MP190 series Print Processor: C:WindowsSystem32spoolprtprocsW32X86CNMPD9I.DLL [27136 2008-02-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

HKLM…Windows NT x86Print Processorshpzppwn7: C:WindowsSystem32spoolprtprocsW32X86hpzppwn7.dll [90624 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)

HKLM…Windows NT x86Print ProcessorsOneNotePrint2007: C:WindowsSystem32spoolprtprocsW32X86msonpppr.dll [33104 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)

HKLM…PrintMonitorsBJ Language Monitor4: C:Windowssystem32CNBLM4.DLL [217600 2009-07-14] (Microsoft Windows -> CANON INC.)

HKLM…PrintMonitorsCanon BJ Language Monitor MP190 series: C:Windowssystem32CNMLM9I.DLL [230912 2008-02-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

HKLM…PrintMonitorsEPSON L120 Series 32MonitorBE: C:Windowssystem32E_TLMBLUE.DLL [142848 2013-10-22] (SEIKO EPSON CORPORATION) [File not signed]

HKLM…PrintMonitorsEPSON L300 Series 32MonitorBE: C:Windowssystem32E_TLBI1E.DLL [95232 2011-04-19] (SEIKO EPSON CORPORATION) [File not signed]

HKLM…PrintMonitorsPDFC: C:Windowssystem32pdfc_port.dll [15368 2009-10-15] (PDF Complete -> PDF Complete, Inc.)

HKLM…PrintMonitorsPrimoMon: C:Windowssystem32Primomonnt.dll [180624 2011-03-01] (Nitro PDF Software -> )

HKLM…PrintMonitorsSend To Microsoft OneNote Monitor: C:Windowssystem32msonpmon.dll [32592 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:Program FilesBraveSoftwareBrave-BrowserApplication91.1.25.70Installerchrmstp.exe [2021-06-04] (Brave Software, Inc. -> Brave Software, Inc.)

Startup: C:UsersBryanAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuptodo.txt [2020-03-12] () [File not signed]

BootExecute: autocheck autochk * Partizan

HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0211DA3A-5C53-4A0D-98B6-B962CBEAC96C} – System32Tasks{4FAC7DDD-F35E-4F97-970C-EC1CAFB1890A} => C:Windowssystem32pcalua.exe -a J:GameHouseunins000.exe -d J:GameHouse

Task: {15BB035E-DDF6-4E27-91AE-DDAABD8FE0CB} – System32Tasks{C28EF7D1-BAED-45A6-B59B-3FF39F222AAB} => C:Windowssystem32pcalua.exe -a “C:UsersBryanAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PL22N399avira_free_antivirus_en[1].exe” -d C:UsersBryanDesktop

Task: {223F84C5-A9C3-4870-8B13-5B2D12D8B3C9} – System32TasksHewlett-PackardHP Support AssistantPC Tuneup => C:Program FilesHewlett-PackardHP Support FrameworkHPSF.exe

Task: {266D18CC-1D7F-4D3F-9D24-82DB4BD0211C} – System32TasksEPSON L120 Series Invitation {AD0BDEEA-52AD-46E1-9D3D-741FB99378C0} => C:Windowssystem32spoolDRIVERSW32X863E_TTSLUE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

Task: {2D944E5D-532A-4287-B32D-05F642421357} – System32TasksGoogleUpdateTaskMachineUA => C:Program FilesGoogleUpdateGoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)

Task: {395928E2-1004-443B-97D6-C1626A8F24F9} – System32TasksEPSON L120 Series Update {AD0BDEEA-52AD-46E1-9D3D-741FB99378C0} => C:Windowssystem32spoolDRIVERSW32X863E_TTSLUE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

Task: {40D32975-BBD3-4A6F-A1DC-1614F213A33C} – System32TasksHewlett-PackardHP Support AssistantPC Health Analysis => C:Program FilesHewlett-PackardHP Support FrameworkHPSF.exe

Task: {632FB899-29B9-418A-A559-D5C07296F0D4} – System32Tasks{FB647D26-6B94-4794-8C4E-668F7165CC1F} => C:Windowssystem32pcalua.exe -a E:Setup.exe -d E:

Task: {6FF4FD07-58AC-4358-AB84-52FC12D8114C} – System32TasksGoogleUpdateTaskUserS-1-5-21-2453688897-1271104139-1078139623-1000Core => C:UsersBryanAppDataLocalGoogleUpdateGoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)

Task: {7A9075A0-9F1C-4050-8ACF-1F008928CC80} – System32TasksBraveSoftwareUpdateTaskMachineUA => C:Program FilesBraveSoftwareUpdateBraveUpdate.exe [157320 2019-11-19] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {7CD62F6B-69E7-41F5-A600-67EF85D78084} – System32TasksHPCeeScheduleForBryan => C:Program FilesHewlett-PackardHP CeementHPCEE.exe

Task: {83018A04-E2AE-4411-9974-BAE00AAA8F33} – System32TasksEPSON L120 Series Invitation {56EA8786-BAE3-4F9C-B4A9-2236043151AE} => C:Windowssystem32spoolDRIVERSW32X863E_TTSLUE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

Task: {8E217663-1D2A-4588-9FB8-9B279EDCFCF9} – System32TasksEPSON L120 Series Update {56EA8786-BAE3-4F9C-B4A9-2236043151AE} => C:Windowssystem32spoolDRIVERSW32X863E_TTSLUE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

Task: {9552AC7C-6CF4-4AB3-8571-99D00D426AB0} – System32TasksUnHackMe Task Scheduler => C:Program FilesUnHackMehackmon.exe

Task: {97B2802F-1B90-41F2-BF08-2CFB29FD563D} – System32TasksEOSv3 Scheduler onLogOn => C:UsersBryanDesktopesetonlinescanner.exe

Task: {98615049-5139-4109-B6CC-FB26C29BCAA5} – System32TasksGoogleUpdateTaskUserS-1-5-21-2453688897-1271104139-1078139623-1000UA => C:UsersBryanAppDataLocalGoogleUpdateGoogleUpdate.exe [144200 2015-09-01] (Google Inc -> Google Inc.)

Task: {98B7A3FC-A1A4-4ED3-AA3E-F6C78A9991DB} – ScheduledUpdate -> No File <==== ATTENTION

Task: {A1565C24-8B93-41B1-986E-28EDABC6FA8D} – System32TasksRemediationAntimalwareMigrationTask => C:Program FilesCommon FilesAVNorton Internet SecurityUpgrade.exe [1346024 2015-08-06] (Symantec Corporation -> Symantec Corporation)

Task: {A22D4037-B45B-4449-B67D-237B74CBDD13} – System32TasksGoogleUpdateTaskMachineCore => C:Program FilesGoogleUpdateGoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)

Task: {A33E7AA2-4B8C-4B95-9A0B-5C75BBB9305F} – System32TasksEOSv3 Scheduler onTime => C:UsersBryanDesktopesetonlinescanner.exe

Task: {B9FAB715-89AA-4579-B2E9-8FBF748673B6} – System32TasksMicrosoftMicrosoft AntimalwareMicrosoft Antimalware Scheduled Scan => c:Program FilesMicrosoft Security Client\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

Task: {DB83E5F2-49E1-4E50-B964-6A3E75641792} – System32TasksServicePlan => C:Program FilesHewlett-PackardHP SetupRemEngine.exe [38456 2010-05-25] (Hewlett-Packard Company -> )

Task: {E75800D8-B3B9-4CB0-A547-F48D64A1C12B} – System32TasksBraveSoftwareUpdateTaskMachineCore => C:Program FilesBraveSoftwareUpdateBraveUpdate.exe [157320 2019-11-19] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {E8F4A724-B6B8-4F7A-9BE3-411AF3294370} – System32Tasks{8645BB2E-1D8A-48BC-B3DC-A8ABCDD78E83} => C:Windowssystem32pcalua.exe -a C:UsersBryanDesktopZoomInstallerXP.exe -d C:UsersBryanDesktop

Task: {F15BC74C-FF9C-4ADA-BE59-627936D6CF6B} – System32TasksRecoveryCDWin7 => C:Program FilesHewlett-PackardHP SetupRemEngine.exe [38456 2010-05-25] (Hewlett-Packard Company -> )

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WindowsTasksEPSON L120 Series Invitation {56EA8786-BAE3-4F9C-B4A9-2236043151AE}.job => C:Windowssystem32spoolDRIVERSW32X863E_TTSLUE.EXE

Task: C:WindowsTasksEPSON L120 Series Invitation {AD0BDEEA-52AD-46E1-9D3D-741FB99378C0}.job => C:Windowssystem32spoolDRIVERSW32X863E_TTSLUE.EXE

Task: C:WindowsTasksEPSON L120 Series Update {56EA8786-BAE3-4F9C-B4A9-2236043151AE}.job => C:Windowssystem32spoolDRIVERSW32X863E_TTSLUE.EXE:/EXE:{56EA8786-BAE3-4F9C-B4A9-2236043151AE} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:WindowsTasksEPSON L120 Series Update {AD0BDEEA-52AD-46E1-9D3D-741FB99378C0}.job => C:Windowssystem32spoolDRIVERSW32X863E_TTSLUE.EXE:/EXE:{AD0BDEEA-52AD-46E1-9D3D-741FB99378C0} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:WindowsTasksHPCeeScheduleForBryan.job => C:Program FilesHewlett-PackardHP CeementHPCEE.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [S-1-5-21-2453688897-1271104139-1078139623-1000] => proxy.bsu.edu.ph:3128

TcpipParameters: [DhcpNameServer] 192.168.140.254

Tcpip..Interfaces{8B236BF6-3FBE-4E23-A581-7DC0CC1B2A2A}: [DhcpNameServer] 192.168.140.254

 

FireFox:

========

FF DefaultProfile: sluton0d.default-1557797417239

FF ProfilePath: C:UsersBryanAppDataRoamingMozillaFirefoxProfilessluton0d.default-1557797417239 [2021-06-10]

FF Extension: (Avast Online Security) – C:UsersBryanAppDataRoamingMozillaFirefoxProfilessluton0d.default-1557797417239Extensionswrc@avast.com.xpi [2018-09-25]

FF Extension: (Search Manager) – C:UsersBryanAppDataRoamingMozillaFirefoxProfilessluton0d.default-1557797417239Extensions{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2020-01-31] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson]

FF HKUS-1-5-21-2453688897-1271104139-1078139623-1000…FirefoxExtensions: [mozilla_cc2@internetdownloadmanager.com] – C:Program FilesInternet Download Manageridmmzcc2.xpi

FF Extension: (IDM integration) – C:Program FilesInternet Download Manageridmmzcc2.xpi [2016-09-22] [Legacy]

FF HKUS-1-5-21-2453688897-1271104139-1078139623-1000…SeaMonkeyExtensions: [mozilla_cc@internetdownloadmanager.com] – C:UsersBryanAppDataRoamingIDMidmmzcc5

FF Extension: (IDM CC) – C:UsersBryanAppDataRoamingIDMidmmzcc5 [2021-06-10] [Legacy] [not signed]

FF HKUS-1-5-21-2453688897-1271104139-1078139623-1000…SeaMonkeyExtensions: [mozilla_cc2@internetdownloadmanager.com] – C:Program FilesInternet Download Manageridmmzcc2.xpi

FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:Program FilesJavajre7bindtpluginnpDeployJava1.dll [2013-12-18] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:Program FilesJavajre7binplugin2npjp2.dll [2013-12-18] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:Program FilesMicrosoft Silverlight4.0.50401.0npctrl.dll [2010-04-01] ( Microsoft Corporation) [File not signed]

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:Program FilesWindows LivePhoto GalleryNPWLPG.dll [2009-07-10] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @photodex.com/PhotodexPresenter -> C:Program FilesPhotodex PresenternpPxPlay.dll [2015-01-24] () [File not signed]

FF Plugin: @tools.brave.com/BraveSoftware Update;version=3 -> C:Program FilesBraveSoftwareUpdate1.3.99.0npBraveUpdate3.dll [2019-11-19] (Brave Software, Inc. -> BraveSoftware Inc.)

FF Plugin: @tools.brave.com/BraveSoftware Update;version=9 -> C:Program FilesBraveSoftwareUpdate1.3.99.0npBraveUpdate3.dll [2019-11-19] (Brave Software, Inc. -> BraveSoftware Inc.)

FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:Program FilesWildTangent GamesAppBrowserIntegrationRegistered11NP_wtapp.dll [2014-01-10] (WildTangent Inc -> )

FF Plugin: Adobe Reader -> C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll [2014-12-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

 

Chrome: 

=======

CHR DefaultProfile: Default

CHR Profile: C:UsersBryanAppDataLocalGoogleChromeUser DataDefault [2021-06-10]

CHR HomePage: Default -> hxxp://search.b1.org/?bsrc=hmcor&chid=c162341

CHR StartupUrls: Default -> “hxxps://www.google.com.ph/?gws_rd=ssl”

CHR Extension: (AdBlock — best ad blocker) – C:UsersBryanAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom [2021-05-10]

CHR Extension: (Avast Online Security) – C:UsersBryanAppDataLocalGoogleChromeUser DataDefaultExtensionsgomekmidlodglbbmalcneegieacbdmki [2021-03-23]

CHR Extension: (MeddleMonkey) – C:UsersBryanAppDataLocalGoogleChromeUser DataDefaultExtensionsmoihledlmchhofenpacbhphnbnpakgmo [2021-01-21]

CHR Extension: (Chrome Web Store Payments) – C:UsersBryanAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-02-08]

CHR Extension: (Chrome Media Router) – C:UsersBryanAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-09]

CHR HKLM…ChromeExtension: [bhoagceacaklimpcejjofabngcjkebfg]

CHR HKLM…ChromeExtension: [eofcbnmajmjmplflapaojjnihcjkigck] – C:Program FilesAVAST SoftwareAvastWebRepChromeaswWebRepChromeSp.crx <not found>

CHR HKLM…ChromeExtension: [gomekmidlodglbbmalcneegieacbdmki] – C:Program FilesAVAST SoftwareAvastWebRepChromeaswWebRepChrome.crx <not found>

CHR HKLM…ChromeExtension: [nccfgpamboionigdpfjmijhlgmgdbael]

CHR HKLM…ChromeExtension: [ngpampappnmepgilojfohadhhmbhlaek] – C:Program FilesInternet Download ManagerIDMGCExt.crx [2016-09-22]

CHR HKUS-1-5-21-2453688897-1271104139-1078139623-1000SOFTWAREGoogleChromeExtensions…ChromeExtension: [bhoagceacaklimpcejjofabngcjkebfg]

CHR HKUS-1-5-21-2453688897-1271104139-1078139623-1000SOFTWAREGoogleChromeExtensions…ChromeExtension: [nccfgpamboionigdpfjmijhlgmgdbael]

StartMenuInternet: Google Chrome – C:UsersBryanAppDataLocalGoogleChromeApplicationchrome.exe

 

Brave: 

=======

BRA DefaultProfile: Default

BRA Profile: C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser DataDefault [2021-06-10]

BRA DefaultSearchKeyword: Default -> :g

BRA Extension: (Google Translate) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsaapbdbdomjkkjkaonfhkkikfgjllcleb [2021-03-09]

BRA Extension: (Tampermonkey) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser DataDefaultExtensionsdhdgffkkebhmkfjojejmpbldmpobfkfo [2021-05-21]

BRA Extension: (Brave Local Data Files Updater) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser Dataafalakplffnnnlkncjhbmahjfjhmlkal [2021-06-08]

BRA Extension: (Brave Ad Block Updater (Default)) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser Datacffkpbalmllkdoenhmdmpbkajipdjfam [2021-06-10]

BRA Extension: (Brave Tor Client Updater (Windows)) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser Datacpoalefficncklhjfpglfiplenlpccdb [2021-05-19]

BRA Extension: (Brave Ads Resources) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser Dataemgmepnebbddgnkhfmhdhmjifkglkamo [2021-05-25]

BRA Extension: (Brave NTP sponsored images) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser Datagnpenibjeonfpmokjgpndnckjaehmcfm [2021-06-10]

BRA Extension: (Brave SpeedReader Updater) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser Datajicbkmdloagakknpihibphagfckhjdih [2021-06-08]

BRA Extension: (Brave Ads Resources) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser Dataocilmpijebaopmdifcomolmpigakocmo [2021-06-08]

BRA Extension: (Brave HTTPS Everywhere Updater) – C:UsersBryanAppDataLocalBraveSoftwareBrave-BrowserUser Dataoofiananboodjbbmdelgdommihjbkfag [2021-06-09]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

“57157127” => service could not be unlocked. <==== ATTENTION

HKLMSYSTEMControlSet001Services57157127 =>  <==== ATTENTION (Rootkit!/Locked Service)

 

S2 adawareantivirusservice; C:Program Filesadawareadaware antivirusadaware antivirus12.10.142.0AdAwareService.exe [542168 2021-04-22] (Adaware Software (Lavasoft Software Canada Inc.) -> )

S4 Adobe LM Service; C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe [72704 2011-05-18] (Adobe Systems) [File not signed]

S4 AMD External Events Utility; C:Windowssystem32atiesrxx.exe [176128 2010-05-17] (Microsoft Windows Hardware Compatibility Publisher -> AMD)

S4 brave; C:Program FilesBraveSoftwareUpdateBraveUpdate.exe [157320 2019-11-19] (Brave Software, Inc. -> BraveSoftware Inc.)

S4 bravem; C:Program FilesBraveSoftwareUpdateBraveUpdate.exe [157320 2019-11-19] (Brave Software, Inc. -> BraveSoftware Inc.)

R2 cbVSCService11; C:Program FilesCobian Backup 11cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]

S4 EPSON_PM_RPCV4_06; C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S60RP7.EXE [143424 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

R2 EsgShKernel; C:Program FilesEnigmaSoftSpyHunterShKernel.exe [10142160 2021-06-09] (EnigmaSoft Limited -> EnigmaSoft Limited)

S4 GamesAppIntegrationService; C:Program FilesWildTangent GamesAppGamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent Inc -> WildTangent)

S4 IJPLMSVC; C:Program FilesCanonIJPLMIJPLMSVC.EXE [103808 2008-01-23] (Canon Inc. -> )

S4 LightScribeService; c:Program FilesCommon FilesLightScribeLSSrvc.exe [73728 2010-05-20] (Hewlett-Packard Company) [File not signed]

R2 MsMpSvc; c:Program FilesMicrosoft Security ClientMsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

S3 NisSrv; c:Program FilesMicrosoft Security ClientNisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

S4 pdfcDispatcher; C:Program FilesPDF Completepdfsvc.exe [635416 2009-10-15] (PDF Complete -> PDF Complete Inc)

S4 PSI_SVC_2; c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)

R2 ShMonitor; C:Program FilesEnigmaSoftSpyHunterShMonitor.exe [416720 2021-06-09] (EnigmaSoft Limited -> EnigmaSoft Limited)

R2 WinDefend; C:Program FilesWindows Defendermpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

R2 WinDefender; C:Windowswindefender.exe [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder) <==== ATTENTION

S4 HP Health Check Service; “C:Program FilesHewlett-PackardHP Health Checkhphc_service.exe” [X]

S4 hpqwmiex; “C:Program FilesHewlett-PackardSharedhpqwmiex.exe” [X]

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 amdkmdag; C:WindowsSystem32DRIVERSatikmdag.sys [5584384 2010-05-17] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)

R3 amdkmdap; C:WindowsSystem32DRIVERSatikmpag.sys [209920 2010-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)

R3 EnigmaFileMonDriver; C:Windowssystem32DriversEnigmaFileMonDriver.sys [68040 2021-06-10] (EnigmaSoft Limited -> EnigmaSoft Limited)

S3 iriuna0; C:WindowsSystem32driversiriuna0.sys [32112 2020-10-29] (Iriun Oy -> Windows ® Win 7 DDK provider)

S3 iriunv0; C:WindowsSystem32unknowniriunv0.sys [23920 2020-10-21] (Iriun Oy -> Windows ® Win 7 DDK provider)

R0 MpFilter; C:WindowsSystem32DRIVERSMpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)

U3 Partizan; C:WindowsSystem32driversPartizan.sys [40304 2021-05-25] (Greatis Software LLC -> Greatis Software)

S3 qcusbser; C:WindowsSystem32DRIVERScmusbser.sys [97408 2008-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Mobile Connector)

S3 SIVDriver; C:Windowssystem32DriversSIVX32.sys [163344 2021-02-13] (RH Software Ltd -> Ray Hinchliffe)

R1 StarOpen; C:WindowsSystem32DriversStarOpen.sys [5632 2011-04-30] () [File not signed]

S3 Trufos; C:WindowsSystem32DRIVERSTrufos.sys [547168 2021-04-20] (Bitdefender SRL -> Bitdefender)

U5 UnlockerDriver5; C:Program FilesUnlockerUnlockerDriver5.sys [4096 2010-07-05] () [File not signed]

S3 WDC_SAM; C:WindowsSystem32DRIVERSwdcsam_prewin8.sys [28984 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

R3 Winmon; C:WindowsSystem32driversWinmon.sys [0 0000-00-00] () <==== ATTENTION (zero byte File/Folder)

R3 WinmonFS; C:WindowsSystem32driversWinmonFS.sys [0 0000-00-00] (Windows ® Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)

R1 WinmonProcessMonitor; C:WindowsSystem32driversWinmonProcessMonitor.sys [28368 2021-06-10] (WDKTestCert Admin,131666266076831434 -> ) [File not signed] <==== ATTENTION

S0 02739954; system32drivers45093798.sys [X]

S0 08812329; system32drivers96057835.sys [X]

S0 93344172; system32drivers88591583.sys [X]

S3 Afc; system32driversAfc.sys [X]

U1 aswbdisk; no ImagePath

U4 DiagTrack; no ImagePath

U4 dmwappushservice; no ImagePath

S3 HWiNFO_150; ??C:UsersBryanAppDataLocalTempHWiNFO32_150.SYS [X] <==== ATTENTION

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-06-10 14:52 – 2021-06-10 14:52 – 000028368 _____ C:Windowssystem32DriversWinmonProcessMonitor.sys

2021-06-10 14:52 – 2021-06-10 14:52 – 000003490 _____ C:Windowssystem32TasksScheduledUpdate

2021-06-10 14:52 – 2021-06-10 14:52 – 000003178 _____ C:Windowssystem32Taskscsrss

2021-06-10 14:51 – 2021-06-10 14:51 – 000000165 ____H C:UsersBryanDocuments~$wtax BENECO 2021.xlsx

2021-06-10 14:50 – 2021-06-10 14:52 – 000024512 _____ C:UsersBryanDesktopFRST.txt

2021-06-10 14:49 – 2021-06-10 14:51 – 000000000 ____D C:FRST

2021-06-10 14:49 – 2021-06-10 14:49 – 008534696 _____ (Malwarebytes) C:UsersBryanDesktopadwcleaner_8.2.exe

2021-06-10 14:49 – 2021-06-10 14:49 – 002013184 _____ (Farbar) C:UsersBryanDesktopFRST.exe

2021-06-10 14:47 – 2021-06-10 14:47 – 000002134 _____ C:UsersBryanDesktopRkill.txt

2021-06-10 14:46 – 2021-06-10 14:46 – 001802704 _____ (Bleeping Computer, LLC) C:UsersBryanDesktoprkill.exe

2021-06-10 14:42 – 2021-06-10 14:42 – 000006174 _____ C:ProgramDataSMRResults540.dat

2021-06-10 10:22 – 2021-06-10 10:22 – 000000000 ____D C:UsersBryanAppDataRoamingadaware

2021-06-10 10:16 – 2021-06-10 10:17 – 005455480 _____ (ESET) C:UsersBryanDownloadseset_internet_security_live_installer_eos.exe

2021-06-10 09:15 – 2021-06-10 09:15 – 000000000 ____D C:UsersBryanAppDataLocalAdAwareDesktop

2021-06-10 09:12 – 2021-06-10 09:12 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsadaware

2021-06-10 09:12 – 2021-06-10 09:12 – 000000000 ____D C:Program Filesadaware

2021-06-10 09:07 – 2021-06-10 09:07 – 000000000 ____D C:ProgramDataadaware

2021-06-10 08:59 – 2021-06-10 08:59 – 002698200 _____ C:UsersBryanDownloadsAdaware_Installer_UM.exe

2021-06-09 14:02 – 2021-06-09 14:02 – 000000000 ____D C:ProgramDataSophos

2021-06-09 14:02 – 2021-06-09 14:02 – 000000000 ____D C:ProgramDataMB2Migration

2021-06-09 13:35 – 2021-06-09 13:35 – 000000000 ____D C:UsersBryanAppDataRoaminghpqLog

2021-06-09 12:17 – 2021-06-09 12:17 – 000000000 ____D C:Quarantine

2021-06-09 12:11 – 2021-02-13 01:24 – 000163344 _____ (Ray Hinchliffe) C:Windowssystem32DriversSIVX32.sys

2021-06-09 11:23 – 2021-06-10 14:43 – 000068040 _____ (EnigmaSoft Limited) C:Windowssystem32DriversEnigmaFileMonDriver.sys

2021-06-09 11:23 – 2021-06-09 11:23 – 000000000 ____D C:ProgramDataEnigmaSoft Limited

2021-06-09 11:22 – 2021-06-09 11:23 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsEnigmaSoft

2021-06-09 11:22 – 2021-06-09 11:22 – 000001153 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsSpyHunter5.lnk

2021-06-09 11:22 – 2021-06-09 11:22 – 000000000 ____D C:sh5ldr

2021-06-09 11:22 – 2021-06-09 11:22 – 000000000 ____D C:Program FilesEnigmaSoft

2021-06-09 10:49 – 2021-06-09 10:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNoVirusThanks

2021-06-09 10:49 – 2021-06-09 10:49 – 000000000 ____D C:Program FilesNoVirusThanks

2021-06-09 09:38 – 2021-06-09 09:38 – 000002079 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Security Essentials.lnk

2021-06-09 09:38 – 2021-06-09 09:38 – 000000000 ____D C:Program FilesMicrosoft Security Client

2021-06-09 09:05 – 2021-06-09 09:05 – 000067310 _____ C:UsersBryanDownloadsbluescreenview.zip

2021-06-03 14:23 – 2021-06-03 14:27 – 000025285 _____ C:UsersBryanDesktopTOTAL-riochico.xlsx

2021-06-03 13:31 – 2021-06-03 13:31 – 000238503 _____ C:UsersBryanDesktopCTA_00_CV_04828_D_1996FEB22_REF.pdf

2021-06-01 12:55 – 2021-06-01 12:55 – 000001097 _____ C:UsersBryanAppDataRoamingMicrosoftWindowsStart MenuProgramsStart Tor Browser.lnk

2021-06-01 12:54 – 2021-06-01 12:55 – 000000000 ____D C:Program FilesTor Browser

2021-05-26 10:30 – 2021-05-26 10:30 – 000003312 _____ C:Windowssystem32TasksUnHackMe Task Scheduler

2021-05-25 14:55 – 2021-06-10 14:42 – 000000262 _____ C:Windowssystem32PARTIZAN.TXT

2021-05-25 14:11 – 2021-05-25 14:11 – 000040304 _____ (Greatis Software) C:Windowssystem32DriversPartizan.sys

2021-05-25 14:09 – 2021-06-09 17:56 – 000000000 ____D C:UsersPublicDocumentsRegRunInfo

2021-05-25 14:09 – 2021-06-09 17:56 – 000000000 ____D C:UsersBryanDocumentsRegRun2

2021-05-25 14:09 – 2021-06-09 17:56 – 000000000 ____D C:ProgramDataDocumentsRegRunInfo

2021-05-25 14:09 – 2021-05-25 14:09 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsUnHackMe

2021-05-25 14:09 – 2021-05-13 11:41 – 000015440 _____ (Greatis Software, LLC.) C:Windowssystem32DriversUnHackMeDrv.sys

2021-05-25 14:09 – 2015-12-28 11:32 – 000049968 _____ (Greatis Software) C:Windowssystem32partizan.exe

2021-05-25 14:08 – 2021-06-09 17:50 – 000000000 ____D C:Program FilesUnHackMe

2021-05-25 11:00 – 2021-05-25 11:00 – 000000000 ____D C:ProgramDataKaspersky Lab Setup Files

2021-05-20 10:56 – 2021-06-10 14:47 – 000000000 ____D C:UsersBryanDesktoponline antivirus

2021-05-20 10:11 – 2021-06-10 11:59 – 000000000 ____D C:TDSSKiller_Quarantine

2021-05-20 09:31 – 2021-06-09 09:57 – 000000000 ____D C:UsersBryanAppDataLocalNPE

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-06-10 14:50 – 2009-07-14 12:34 – 000016752 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2021-06-10 14:50 – 2009-07-14 12:34 – 000016752 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2021-06-10 14:42 – 2009-07-14 12:53 – 000000006 ____H C:WindowsTasksSA.DAT

2021-06-10 14:27 – 2018-08-14 11:27 – 000000917 _____ C:WindowsTasksEPSON L120 Series Update {AD0BDEEA-52AD-46E1-9D3D-741FB99378C0}.job

2021-06-10 14:27 – 2018-08-14 11:27 – 000000731 _____ C:WindowsTasksEPSON L120 Series Invitation {AD0BDEEA-52AD-46E1-9D3D-741FB99378C0}.job

2021-06-10 14:24 – 2018-08-14 11:24 – 000000917 _____ C:WindowsTasksEPSON L120 Series Update {56EA8786-BAE3-4F9C-B4A9-2236043151AE}.job

2021-06-10 14:24 – 2018-08-14 11:24 – 000000731 _____ C:WindowsTasksEPSON L120 Series Invitation {56EA8786-BAE3-4F9C-B4A9-2236043151AE}.job

2021-06-10 11:53 – 2021-01-13 10:07 – 000045801 _____ C:UsersBryanDocumentswtax summary 2021.xlsx

2021-06-10 11:31 – 2011-03-17 08:06 – 000003926 _____ C:Windowssystem32TasksUser_Feed_Synchronization-{D417F7EE-5328-497C-9360-22099377BB7E}

2021-06-10 11:03 – 2020-06-02 10:50 – 000000000 ____D C:UsersBryanDocuments4 GEN FUND

2021-06-10 10:18 – 2015-10-15 17:42 – 000000000 ____D C:UsersBryanDocumentsMy Art

2021-06-10 09:43 – 2019-11-18 11:29 – 000000000 ____D C:UsersBryanDownloadsVideo

2021-06-10 09:30 – 2019-11-18 11:29 – 000000000 ____D C:UsersBryanDownloadsCompressed

2021-06-10 08:44 – 2017-07-06 10:19 – 000000000 ____D C:WindowsMinidump

2021-06-10 08:44 – 2010-12-08 05:22 – 000146568 ____N C:WindowsMinidump61021-15756-01.dmp

2021-06-10 08:34 – 2010-12-08 02:37 – 000730320 _____ C:Windowssystem32PerfStringBackup.INI

2021-06-10 08:34 – 2009-07-14 10:37 – 000000000 ____D C:Windowsinf

2021-06-10 05:52 – 2011-03-18 11:13 – 000002413 _____ C:UsersBryanAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-06-09 18:28 – 2015-06-16 09:56 – 000000000 ____D C:ProgramDataMalwarebytes

2021-06-09 16:58 – 2021-01-21 08:47 – 000033119 _____ C:UsersBryanDocumentspayroll gf 2021.xlsx

2021-06-09 14:44 – 2019-11-20 17:14 – 000029787 _____ C:UsersBryanDesktopsched.xlsx

2021-06-09 14:02 – 2011-11-03 15:25 – 000000000 ____D C:Program FilesWildTangent Games

2021-06-09 14:02 – 2010-12-08 02:52 – 000000000 ____D C:ProgramDataWildTangent

2021-06-09 14:02 – 2010-12-08 02:52 – 000000000 ____D C:Program FilesHP Games

2021-06-09 14:02 – 2009-07-14 12:52 – 000000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsGames

2021-06-09 13:35 – 2010-12-08 02:35 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHP

2021-06-09 13:35 – 2010-12-08 02:34 – 000000000 ____D C:Program FilesHewlett-Packard

2021-06-09 13:12 – 2012-05-25 14:04 – 000000000 ____D C:Program FilesCommon FilesJava

2021-06-09 13:12 – 2011-03-10 10:31 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWindows Live

2021-06-09 13:12 – 2010-12-08 02:56 – 000000000 ____D C:Program FilesWindows Live

2021-06-09 13:12 – 2010-12-08 02:34 – 000000000 ____D C:Program Fileshp

2021-06-09 13:07 – 2010-12-08 02:36 – 000000000 ____D C:ProgramDataHewlett-Packard

2021-06-09 13:07 – 2010-12-08 02:34 – 000000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsPC Help & Tools

2021-06-09 13:07 – 2009-07-14 10:37 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared

2021-06-09 12:59 – 2019-12-19 15:45 – 000000000 ____D C:UsersBryanAppDataRoamingMPC-HC

2021-06-09 12:59 – 2019-11-18 11:29 – 000000000 ____D C:UsersBryanAppDataRoamingIDM

2021-06-09 12:59 – 2011-03-10 11:03 – 000000000 ____D C:UsersBryanAppDataLocalMicrosoft Help

2021-06-09 12:59 – 2011-03-10 10:47 – 000000000 ____D C:UsersBryanDocuments5 COMMUNICATIONS

2021-06-09 12:59 – 2009-07-25 17:44 – 000000000 ____D C:WindowsPanther

2021-06-09 12:58 – 2020-06-30 13:09 – 000000000 ____D C:UsersBryanDesktopWarcraft III

2021-06-09 12:58 – 2019-04-23 10:45 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsHaali Media Splitter

2021-06-09 12:58 – 2013-11-19 13:37 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsJava Development Kit

2021-06-09 12:58 – 2011-09-01 15:35 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsArcSoft MediaConverter

2021-06-09 12:58 – 2011-03-22 16:18 – 000000000 ____D C:UsersBryanAppDataLocalCrashDumps

2021-06-09 12:58 – 2011-03-10 10:30 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsUser Guides

2021-06-09 12:58 – 2010-12-08 02:55 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramseReaders

2021-06-09 12:58 – 2009-07-14 10:37 – 000000000 ____D C:WindowsModemLogs

2021-06-09 12:57 – 2010-09-17 17:40 – 000000000 __SHD C:hp

2021-06-09 09:58 – 2014-11-12 13:56 – 000000000 ____D C:Program FilesAVAST Software

2021-06-09 09:58 – 2014-11-12 13:55 – 000000000 ____D C:ProgramDataAVAST Software

2021-06-09 09:38 – 2020-06-04 11:33 – 000001945 _____ C:Windowsepplauncher.mif

2021-06-09 09:32 – 2018-09-25 10:39 – 000000000 ____D C:UsersBryanAppDataLocalAVAST Software

2021-06-09 09:25 – 2011-03-11 16:29 – 000000000 ____D C:UsersBryanAppDataRoamingHpUpdate

2021-06-08 18:20 – 2020-04-02 10:05 – 000018995 _____ C:UsersBryanDesktopTOTAL.xlsx

2021-06-08 18:18 – 2021-03-09 12:23 – 000082051 _____ C:UsersBryanDocumentspayroll wp igi 2021.xlsx

2021-06-08 10:07 – 2011-09-22 08:38 – 000000000 ____D C:UsersBryanAppDataRoamingvlc

2021-06-08 09:47 – 2014-11-03 09:13 – 000003174 _____ C:Windowssystem32TasksHPCeeScheduleForBryan

2021-06-08 09:47 – 2014-11-03 09:13 – 000000320 _____ C:WindowsTasksHPCeeScheduleForBryan.job

2021-06-04 11:18 – 2011-03-10 14:49 – 000000814 _____ C:Windowssias.ini

2021-06-04 09:28 – 2019-11-19 12:32 – 000002249 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsBrave.lnk

2021-06-03 16:54 – 2019-11-18 11:29 – 000000000 ____D C:UsersBryanAppDataRoamingDMCache

2021-06-03 14:43 – 2020-04-29 10:55 – 000000000 ____D C:UsersBryanDocumentsWorking Papers

2021-06-03 11:43 – 2020-07-22 08:59 – 000000000 ____D C:UsersBryanDesktopethos

2021-06-03 11:41 – 2019-11-19 12:23 – 000000000 ____D C:UsersBryanDocuments0 Government

2021-06-01 12:58 – 2017-04-28 16:03 – 000000000 ____D C:UsersBryanAppDataLocalLowMozilla

2021-05-25 14:51 – 2011-09-15 18:07 – 000000000 ____D C:Program FilesYouTube Downloader

2021-05-21 10:18 – 2021-01-15 13:38 – 000030536 _____ C:UsersBryanDocumentswtax BENECO 2021.xlsx

2021-05-20 09:31 – 2010-12-08 02:57 – 000000000 ____D C:ProgramDataNorton

 

==================== Files in the root of some directories ========

 

2021-06-10 14:42 – 2021-06-10 14:42 – 000006174 _____ () C:ProgramDataSMRResults540.dat

2017-05-02 16:52 – 2017-05-02 16:52 – 000001234 _____ () C:UsersBryanAppDataRoamingfilterclsid.dat

2011-09-16 15:49 – 2011-09-16 15:49 – 000037094 _____ () C:UsersBryanAppDataRoamingVerbose.dmp

2020-06-16 08:33 – 2021-03-30 09:22 – 000007597 _____ () C:UsersBryanAppDataLocalResmon.ResmonCfg

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

 

LastRegBack: 2021-06-10 12:17

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-06-2021

Ran by Bryan (10-06-2021 14:53:20)

Running from C:UsersBryanDesktop

Microsoft Windows 7 Home Basic  Service Pack 1 (X86) (2011-03-10 02:30:50)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2453688897-1271104139-1078139623-500 – Administrator – Disabled)

Bryan (S-1-5-21-2453688897-1271104139-1078139623-1000 – Administrator – Enabled) => C:UsersBryan

Guest (S-1-5-21-2453688897-1271104139-1078139623-501 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled – Out of date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}

AS: Microsoft Security Essentials (Enabled – Out of date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}

AS: Windows Defender (Enabled – Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

adaware antivirus (HKLM…{4B75A223-C2BB-4AC7-8013-70CF8E96B679}_AdAwareInstaller) (Version: 12.10.142.0 – adaware)

AdAwareInstaller (HKLM…{4B75A223-C2BB-4AC7-8013-70CF8E96B679}) (Version: 12.10.142.0 – adaware) Hidden

Adobe Flash Player 22 ActiveX (HKLM…Adobe Flash Player ActiveX) (Version: 22.0.0.210 – Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM…{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 – Adobe Systems Incorporated)

AGEIA PhysX v7.07.09 (HKLM…{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 – AGEIA Technologies, Inc.)

AntimalwareEngine (HKLM…{845A6828-18F2-4C1E-A858-D8BFDE48FF35}) (Version: 3.1.268.0 – adaware) Hidden

Apple Application Support (HKLM…{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 – Apple Inc.)

ArcSoft MediaConverter (HKLM…{DE0B355F-78AA-445E-916B-288AD64818FD}) (Version:  – ArcSoft)

ArcSoft PhotoImpression 5 (HKLM…{BF04760A-C016-423F-830B-782BC61E7305}) (Version:  – ArcSoft)

ArcSoft ShowBiz DVD 2 (HKLM…{E883DCB3-766D-4166-8B28-33C8FE451F2B}) (Version:  – ArcSoft)

ATI Catalyst Install Manager (HKLM…{2A28433C-0F47-8B4D-6B4A-4D52047514A1}) (Version: 3.0.778.0 – ATI Technologies, Inc.)

Audacity 2.1.2 (HKLM…Audacity®_is1) (Version: 2.1.2 – Audacity Team)

Brave (HKLM…BraveSoftware Brave-Browser) (Version: 91.1.25.70 – Brave Software Inc)

calibre (HKLM…{39022950-9B80-409D-A341-97847C2D95B7}) (Version: 4.21.0 – Kovid Goyal)

Cheat Engine 7.0 (HKLM…Cheat Engine 7.0_is1) (Version:  – Cheat Engine)

Cobian Backup 11 Gravity (HKLM…CobBackup11) (Version:  – )

Contents (HKLM…{1CDDC143-E149-4945-A5C9-8B366D8C2FC6}) (Version: 18.0.0.181 – Corel Corporation) Hidden

Corel VideoStudio Pro X8 (HKLM…_{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.0.0.181 – Corel Corporation)

CPUID CPU-Z 1.91 (HKLM…CPUID CPU-Z_is1) (Version: 1.91 – CPUID, Inc.)

CyberLink DVD Suite Deluxe (HKLM…InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 – CyberLink Corp.)

Digital Student Information and Accounting Systems 2.6.42.15 (HKLM…{B93AB290-6FA6-4E3B-9843-4CE249A9A2D4}) (Version: 2.6.42.15 – Digital Software Technology Consultancy)

DVD Menu Pack for HP MediaSmart Video (HKLM…InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 – Hewlett-Packard)

e-NGAS Security System (C:Program Filese-NGAS Security) #3 (HKLM…ST6UNST #5) (Version:  – )

e-NGAS Security System (C:Program Filese-NGAS Security) (HKLM…ST6UNST #4) (Version:  – )

e-NGAS Security System (HKLM…ST6UNST #2) (Version:  – )

e-NGAS V.1.01.000 (C:Program Filese-NGAS) (HKLM…ST6UNST #3) (Version:  – )

e-NGAS V.1.01.000 (HKLM…ST6UNST #1) (Version:  – )

EPSON L120 Series Printer Uninstall (HKLM…EPSON L120 Series) (Version:  – SEIKO EPSON Corporation)

EPSON L300 Series Printer Uninstall (HKLM…EPSON L300 Series) (Version:  – SEIKO EPSON Corporation)

File Shredder 2.5 (HKLM…File Shredder_is1) (Version:  – Pow Tools)

GetDataBack for FAT (HKLM…{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 3.03.013 – Runtime Software)

GetDataBack for NTFS (HKLM…{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 3.03.013 – Runtime Software)

Google Chrome (HKUS-1-5-21-2453688897-1271104139-1078139623-1000…Google Chrome) (Version: 91.0.4472.101 – Google LLC)

Google Earth Pro (HKLM…{59F21DFB-6977-434B-9CB9-67783D6E7B6B}) (Version: 7.3.3.7786 – Google)

Guitar Pro 5.2 (HKLM…Guitar Pro 5_is1) (Version:  – Arobas Music)

HP MediaSmart DVD (HKLM…InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 – Hewlett-Packard)

HP MediaSmart Music (HKLM…InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 – Hewlett-Packard)

HP MediaSmart Photo (HKLM…InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 – Hewlett-Packard)

HP MediaSmart SmartMenu (HKLM…{CB4719F0-5F4A-4532-9589-D7BC3970210B}) (Version: 3.1.1.12 – Hewlett-Packard)

HP MediaSmart Video (HKLM…InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 – Hewlett-Packard)

HP Setup (HKLM…{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 – Hewlett-Packard)

HWiNFO32 Version 6.26 (HKLM…HWiNFO32_is1) (Version: 6.26 – Martin Malik – REALiX)

HydraVision (HKLM…{ECA7B736-3BF3-4339-CA19-5787A64BD3FD}) (Version: 4.2.166.0 – ATI Technologies Inc.) Hidden

ICA (HKLM…{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.0.0.181 – Corel Corporation) Hidden

Inkjet Printer/Scanner Extended Survey Program (HKLM…CANONIJPLM100) (Version:  – )

Intel® Management Engine Components (HKLM…{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 – Intel Corporation)

Intel® Rapid Storage Technology (HKLM…{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 – Intel Corporation)

Internet Download Manager (HKLM…Internet Download Manager) (Version:  – Tonec Inc.)

IPM_VS_Pro (HKLM…{CEE838EA-72D1-4149-91F5-5591AFE0CBBC}) (Version: 18.0 – Corel Corporation) Hidden

Java 2 SDK, SE v1.4.2_13 (HKLM…{35A3A4F4-B792-11D6-A78A-00B0D0142130}) (Version: 1.4.2_13 – Sun Microsystems, Inc.)

Java 7 Update 51 (HKLM…{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 – Oracle)

Java™ 7 Update 4 (HKLM…{26A24AE4-039D-4CA4-87B4-2F83217004F0}) (Version: 7.0.40 – Oracle)

Java™ SE Development Kit 6 (HKLM…{32A3A4F4-B792-11D6-A78A-00B0D0160000}) (Version: 1.6.0.0 – Sun Microsystems, Inc.)

Java™ SE Runtime Environment 6 (HKLM…{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 – Sun Microsystems, Inc.)

JavaFX 2.1.1 (HKLM…{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 – Oracle Corporation)

Junk Mail filter update (HKLM…{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 – Microsoft Corporation) Hidden

Kobo (HKLM…Kobo) (Version: 1.0 – Kobo Inc.)

LabelPrint (HKLM…InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 – CyberLink Corp.)

Lernout & Hauspie TruVoice American English TTS Engine (HKLM…tv_enua) (Version:  – )

LightScribe System Software (HKLM…{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 – LightScribe)

Microsoft .NET Framework 4 Client Profile (HKLM…Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 – Microsoft Corporation)

Microsoft Office 2010 (HKLM…{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 – Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM…ENTERPRISE) (Version: 12.0.4518.1014 – Microsoft Corporation)

Microsoft Security Essentials (HKLM…Microsoft Security Client) (Version: 4.10.209.0 – Microsoft Corporation)

Microsoft Silverlight (HKLM…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 – Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM…{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148 (HKLM…{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) – 14.0.23026 (HKLM…{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 – Microsoft Corporation)

Movie Theme Pack for HP MediaSmart Video (HKLM…InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 – Hewlett-Packard)

Mozilla Firefox 68.2.0 ESR (x86 en-US) (HKLM…Mozilla Firefox 68.2.0 ESR (x86 en-US)) (Version: 68.2.0 – Mozilla)

Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 68.2.0.7228 – Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM…{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 – Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM…{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 – Microsoft Corporation)

MySQL Connector/ODBC 3.51 (HKLM…{40928C54-F8EE-420D-BD80-07F2F78CFB0D}) (Version: 3.51.27 – MySQL AB)

NetBeans IDE 5.0 (HKLM…274c5407c4fa26908310cb5c1c5000001954585180) (Version:  – )

NoVirusThanks Registry DeleteEx v1.1 (HKLM…NoVirusThanks Registry DeleteEx_is1) (Version: 1.1.0.0 – NoVirusThanks Company Srl)

PDF Complete Special Edition (HKLM…PDF Complete) (Version: 3.5.111 – PDF Complete, Inc)

Photodex Presenter (HKLM…Photodex Presenter) (Version:  – Photodex Corporation)

PhotoNow! (HKLM…InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 – CyberLink Corp.)

Pomodoro (HKLM…{106ED49A-BC2C-4E5A-98FC-CF41D93A1171}) (Version: 1.0.25 – MillSquareSoftware)

Power2Go (HKLM…InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 – CyberLink Corp.)

PowerDirector (HKLM…{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 – CyberLink Corp.) Hidden

PowerDirector (HKLM…InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 – CyberLink Corp.)

PrimoPDF — brought to you by Nitro PDF Software (HKLM…PrimoPDF) (Version: 5 – Nitro PDF Software)

Puran Delete Empty Folders 1.1 (HKLM…Puran Delete Empty Folders_is1) (Version:  – Puran Software)

Realtek High Definition Audio Driver (HKLM…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6132 – Realtek Semiconductor Corp.)

Recovery Manager (HKLM…{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2926 – CyberLink Corp.) Hidden

Revo Uninstaller Pro 3.1.1 (HKLM…{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 – VS Revo Group, Ltd.)

Setup (HKLM…{CC55892B-B7A6-4F5F-BFB4-F69D77E2D7D5}) (Version: 18.0.0.181 – Corel Corporation) Hidden

Share (HKLM…{3BB9B652-3725-419E-869F-7A5F7FE82C28}) (Version: 18.0.0.181 – Corel Corporation) Hidden

SpyHunter 5 (HKLM…SpyHunter5) (Version: 5.10.10.233 – EnigmaSoft Limited)

TTSReader 1.30 (HKLM…TTSReader) (Version: 1.30 – SpheNet)

UnHackMe 12.51 (HKLM…UnHackMe_is1) (Version:  – Greatis Software, LLC.)

Unlocker 1.9.2 (HKLM…Unlocker) (Version: 1.9.2 – Cedrick Collomb)

Update Installer for WildTangent Games App (HKLM…{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  – WildTangent) Hidden

USB Disk Security (HKLM…USB Disk Security_is1) (Version:  – Zbshareware Lab)

VLC media player (HKLM…VLC media player) (Version: 3.0.12 – VideoLAN)

VSClassic (HKLM…{C8686FE2-D759-4304-9791-66ED3C1A7789}) (Version: 18.0.0.181 – Corel Corporation) Hidden

VSPro (HKLM…{80466AAD-8460-4DEA-B587-E57E8E3A1655}) (Version: 18.0.0.181 – Corel Corporation) Hidden

WildTangent Games (HKLM…WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 – WildTangent)

WildTangent Games App (HKLM…{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.36 – WildTangent) Hidden

WinRAR 5.21 beta 2 (32-bit) (HKLM…WinRAR archiver) (Version: 5.21.2 – win.rar GmbH)

Zoom (HKUS-1-5-21-2453688897-1271104139-1078139623-1000…ZoomUMX) (Version: 5.2.3 (45120.0906) – Zoom Video Communications, Inc.)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

HKUS-1-5-21-2453688897-1271104139-1078139623-1000…ChromeHTML: -> C:UsersBryanAppDataLocalGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC) <==== ATTENTION

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{00020420-0000-0000-C000-000000000046}InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{00020421-0000-0000-C000-000000000046}InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{00020422-0000-0000-C000-000000000046}InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{00020423-0000-0000-C000-000000000046}InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{00020424-0000-0000-C000-000000000046}InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{00020425-0000-0000-C000-000000000046}InprocServer32 -> C:Windowssystem32oleaut32.dll (Microsoft Windows -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{022105BD-948A-40C9-AB42-A3300DDF097F}localserver32 -> C:UsersBryanAppDataLocalGoogleUpdateGoogleUpdate.exe (Google Inc -> Google Inc.)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{035FBE31-3755-450A-A775-5E6BBD43D344}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.135psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{095A2EEC-F7FE-42E8-96FB-C20E53081908}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.99psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{0F22A205-CFB0-4679-8499-A6F44A80A208}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.25.5psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{1423F872-3F7F-4E57-B621-8B1A9D49B448}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.27.5psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{144DF3B2-2402-47AE-9583-5A045929A8D4}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.33.5psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{218D2740-5A50-42A8-AB9F-62FF1B168782}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.69psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{22181302-A8A6-4F84-A541-E5CBFC70CC43}localserver32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.82GoogleUpdateOnDemand.exe (Google LLC -> Google LLC)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{29A96789-9595-4947-BEDB-0FCC776F7DB8}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.2.183.39goopdate.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{2F0E2680-9FF5-43C0-B76E-114A56E93598}localserver32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.82GoogleUpdateOnDemand.exe (Google LLC -> Google LLC)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{320F0FDB-BE0A-4648-9D18-4A2C3448C007}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.79psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{355EC88A-02E2-4547-9DEE-F87426484BD1}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.23.9psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.35.442psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{51F9E8EF-59D7-475B-A106-C7EA6F30C119}localserver32 -> “C:UsersBryanAppDataLocalGoogleUpdate1.3.33.23GoogleUpdateOnDemand.exe” => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.35.422psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.30.3psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.31.5psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.28.1psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{62634D95-960B-4834-8E71-A70408AD8FD9}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.34.7psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{62A0D750-DED9-448C-B693-406B34BB0892}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.145psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{634059C0-D264-4B2C-AE80-F73E48D33E5B}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.123psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{6d05bf60-3eaf-4a97-87c5-10cce505435b}localserver32 -> C:UsersBryanAppDataLocalTemp{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}IDriver.NonElevated.exe => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{6D264B70-DA18-401D-910C-B202D89670C6}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.32psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.153psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{6DDCE70D-A4AE-4E97-908C-BE7B2DB750AD}localserver32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.82GoogleUpdateOnDemand.exe (Google LLC -> Google LLC)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{78550997-5DEF-4A8A-BAF9-D5774E87AC98}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.28.13psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{793EE463-1304-471C-ADF1-68C2FFB01247}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.29.5psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{84EB3779-151B-4C71-AEF0-A0FEE9481401}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.35.342psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.82psuser.dll (Google LLC -> Google LLC)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.34.11psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{8C46158B-D978-483C-A312-16EE5013BE04}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.33.3psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{90B3DFBF-AF6A-4EA0-8899-F332194690F8}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.24.15psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.33.7psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{A2C6CB58-C076-425C-ACB7-6D19D64428CD}localserver32 -> C:UsersBryanAppDataLocalGoogleChromeApplication91.0.4472.101notification_helper.exe (Google LLC -> Google LLC)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{A45426FB-E444-42B2-AA56-419F8FBEEC61}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.22.3psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{A54D478D-4F70-4F72-9A74-17C9986E35AB}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.165psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.33.23psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.26.9psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{C5A2122B-A05B-4FD8-AE49-91990AE10998}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.115psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{CA8FA699-91CD-412F-9D13-9B1222F4370E}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.82psuser.dll (Google LLC -> Google LLC)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{CA919489-0396-4164-A6E7-94CDED45A707}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.52psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.32.8psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.29.1psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.25.11psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.28.15psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{DB25D157-76D4-41C1-97B5-359E4A4CECEB}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.65psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.72psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{E67BE843-BBBE-4484-95FB-05271AE86750}localserver32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.82GoogleUpdateOnDemand.exe (Google LLC -> Google LLC)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.36.82psuser.dll (Google LLC -> Google LLC)

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{E9E7529D-7F09-410B-AF2A-CC154473B19C}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.35.452psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.33.17psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.22.5psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{EF076C91-DC9E-43E3-84ED-3D219E065A4F}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.35.302psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{FB994D36-B312-46CE-A40B-CF63980641F9}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.21.111psuser.dll => No File

CustomCLSID: HKUS-1-5-21-2453688897-1271104139-1078139623-1000_ClassesCLSID{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}InprocServer32 -> C:UsersBryanAppDataLocalGoogleUpdate1.3.24.7psuser.dll => No File

ShellExecuteHooks: Groove GFS Stub Execution Hook – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:Program FilesInternet Download ManagerIDMShellExt.dll [2015-08-14] (Tonec Inc. -> Tonec Inc.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:Program FilesMicrosoft Security Clientshellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:Program Filesadawareadaware antivirusadaware antivirus12.10.142.0AdAwareShellExtension.dll [2021-04-22] (Adaware Software (Lavasoft Software Canada Inc.) -> )

ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:Program FilesMicrosoft Security Clientshellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:Program Filesadawareadaware antivirusadaware antivirus12.10.142.0AdAwareShellExtension.dll [2021-04-22] (Adaware Software (Lavasoft Software Canada Inc.) -> )

ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:Program FilesFile Shredderfsshell.dll [2012-11-09] () [File not signed]

ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:Program FilesUnlockerUnlockerCOM.dll [2010-07-05] () [File not signed]

ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:Program FilesMicrosoft Security Clientshellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:Program FilesATI TechnologiesATI.ACECore-Staticatiacmxx.dll [2010-05-18] (Advanced Micro Devices, Inc.) [File not signed]

ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:Program FilesVS Revo GroupRevo Uninstaller ProRUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)

ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:Program FilesUnlockerUnlockerCOM.dll [2010-07-05] () [File not signed]

ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:Program FilesWinRARrarext.dll [2015-01-31] (win.rar GmbH -> Alexander Roshal)

 

==================== Codecs (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Drivers32: [msacm.dvacm_vspx8] => c:Program FilesCorelCorel VideoStudio Pro X8DVACM.acm [21504 2015-01-28] (Corel TW Corp.) [File not signed]

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

Shortcut: C:UsersBryanFavoritesNCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

ShortcutWithArgument: C:UsersBryanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcutse2f3576b7abb043dBrave.lnk -> C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe (Brave Software, Inc.) -> –profile-directory=Default

ShortcutWithArgument: C:UsersBryanAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts6531b6134ea0cf16Google Chrome.lnk -> C:UsersBryanAppDataLocalGoogleChromeApplicationchrome.exe (Google LLC) -> –profile-directory=Default

 

==================== Loaded Modules (Whitelisted) =============

 

2011-09-01 15:37 – 2005-06-28 13:59 – 000053248 _____ () [File not signed] C:Program FilesArcSoftPhotoImpression 5sharepihook.dll

2019-11-15 13:23 – 2012-11-09 05:02 – 001752576 _____ () [File not signed] C:Program FilesFile Shredderfsshell.dll

2010-07-05 05:32 – 2010-07-05 05:32 – 000010752 _____ () [File not signed] C:Program FilesUnlockerUnlockerCOM.dll

2010-05-18 09:34 – 2010-05-18 09:34 – 000708608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:Program FilesATI TechnologiesATI.ACECore-Staticatiacmxx.dll

2010-05-18 09:33 – 2010-05-18 09:33 – 000003584 _____ (Advanced Micro Devices, Inc.) [File not signed] C:Program FilesATI TechnologiesATI.ACECore-Staticatiamenu.dll

2020-06-09 10:58 – 2010-12-08 15:21 – 000753664 _____ (BCGSoft Co Ltd) [File not signed] C:Program FilesUSB Disk SecurityBCGPStyle2010Blue150.dll

2020-06-09 10:58 – 2015-01-31 10:08 – 006062080 _____ (BCGSoft Ltd) [File not signed] C:Program FilesUSB Disk SecurityBCGCBPRO1500u80.dll

2021-03-18 13:25 – 2013-03-07 23:07 – 000009728 _____ (Luis Cobian) [File not signed] [File is in use] C:Program FilesCobian Backup 11CobStringList.dll

2020-06-11 09:41 – 2020-06-11 09:41 – 000097280 _____ (Microsoft Corporation) [File not signed] C:WindowsWinSxSx86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421deATL80.DLL

2020-06-11 09:41 – 2020-06-11 09:41 – 001093120 _____ (Microsoft Corporation) [File not signed] C:WindowsWinSxSx86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8fMFC80U.DLL

2020-06-11 09:41 – 2020-06-11 09:41 – 000057344 _____ (Microsoft Corporation) [File not signed] C:WindowsWinSxSx86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3MFC80ENU.DLL

2011-04-19 10:03 – 2011-04-19 02:03 – 000095232 _____ (SEIKO EPSON CORPORATION) [File not signed] C:WindowsSystem32E_TLBI1E.DLL

2018-08-14 10:22 – 2013-10-22 03:04 – 000142848 _____ (SEIKO EPSON CORPORATION) [File not signed] C:WindowsSystem32E_TLMBLUE.DLL

2018-08-14 10:22 – 2013-07-19 00:00 – 000216576 _____ (SEIKO EPSON CORPORATION) [File not signed] C:Windowssystem32spoolDRIVERSW32X863E_TMAILUE.DLL

2018-08-14 10:22 – 2013-09-27 01:00 – 001536512 _____ (SEIKO EPSON CORPORATION) [File not signed] C:Windowssystem32spoolDRIVERSW32X863E_TUICLUE.DLL

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal2739954.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal6819872.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal8812329.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal8861696.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal49389809.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal63209498.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal93344172.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimaladawareantivirusservice => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork2739954.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork6819872.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork8812329.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork8861696.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork49389809.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork63209498.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork93344172.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkadawareantivirusservice => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkSMR540 => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Version 8) (Whitelisted) ==========

 

HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_cigdxjtnqwo_20_05_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0CyCtByC0D0A0FyCyBtB0F0CtB0B0CtN0D0Tzu0StBzyyDtBtN1L2XzuyEtFyCtCtFtDtFyDtBtN1L1Czu1ByE1VtBtN1L1G1B1V1N2Y1L1Qzu2StC0EtC0AzytCzytBtGtAtA0B0CtGtAtBzytDtGyCtDtD0BtG0A0DyEzztCyB0D0CtDyCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzyEyB1RyDtBtGyE1O1S1RtGyEyD1R1PtG1Szz1Q1OtGtC1S1R1O1T1T1OyDtC1T1RtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzztDyEyCtDtByCtA%26cr%3D465027580%26a%3Dwsg_cigdxjtnqwo_20_05_ssg00%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic

HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp://www.google.com

HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/33

HKUS-1-5-21-2453688897-1271104139-1078139623-1000SoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKUS-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKUS-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKUS-1-5-21-2453688897-1271104139-1078139623-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:Program FilesInternet Download ManagerIDMIECC.dll [2016-09-06] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program FilesJavajre7binssv.dll [2013-12-18] (Oracle America, Inc. -> Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program FilesJavajre7binjp2ssv.dll [2013-12-18] (Oracle America, Inc. -> Oracle Corporation)

Toolbar: HKUS-1-5-21-2453688897-1271104139-1078139623-1000 -> No Name – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} –  No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

Handler: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2018-09-25 09:58 – 2019-02-21 13:14 – 000000000 _____ C:Windowssystem32driversetchosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKUS-1-5-21-2453688897-1271104139-1078139623-1000Control PanelDesktop\Wallpaper -> C:UsersBryanAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper.jpg

DNS Servers: 192.168.140.254

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

MSCONFIGServices: Adobe LM Service => 3

MSCONFIGServices: AdobeARMservice => 2

MSCONFIGServices: AMD External Events Utility => 2

MSCONFIGServices: brave => 2

MSCONFIGServices: bravem => 3

MSCONFIGServices: dbupdate => 2

MSCONFIGServices: dbupdatem => 3

MSCONFIGServices: DbxSvc => 2

MSCONFIGServices: EPSON_PM_RPCV4_06 => 2

MSCONFIGServices: GamesAppIntegrationService => 3

MSCONFIGServices: GamesAppService => 3

MSCONFIGServices: gupdate => 2

MSCONFIGServices: gupdatem => 3

MSCONFIGServices: HP Health Check Service => 2

MSCONFIGServices: hpqwmiex => 3

MSCONFIGServices: IAStorDataMgrSvc => 2

MSCONFIGServices: IJPLMSVC => 3

MSCONFIGServices: LightScribeService => 2

MSCONFIGServices: LMS => 2

MSCONFIGServices: McComponentHostService => 3

MSCONFIGServices: MozillaMaintenance => 3

MSCONFIGServices: NOBU => 2

MSCONFIGServices: pdfcDispatcher => 2

MSCONFIGServices: PSI_SVC_2 => 2

MSCONFIGServices: UNS => 2

MSCONFIGstartupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoogleUpdate.lnk => 

MSCONFIGstartupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:WindowspssMcAfee Security Scan Plus.lnk.CommonStartup

MSCONFIGstartupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Windows Update.lnk => 

MSCONFIGstartupfolder: C:^Users^Bryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:WindowspssAdobe Gamma.lnk.Startup

MSCONFIGstartupfolder: C:^Users^Bryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:WindowspssOneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIGstartupreg: Adobe ARM => “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”

MSCONFIGstartupreg: Adobe Systems, Incorporated => C:Program FilesJavaAdobe Acrobat Update Service.exe

MSCONFIGstartupreg: AdopeFlash => 

MSCONFIGstartupreg: AdopeUpdate => 

MSCONFIGstartupreg: APSDaemon => “c:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe”

MSCONFIGstartupreg: Bing Bar => “C:Program FilesMSN ToolbarPlatform5.0.1438.0mswinext.exe”

MSCONFIGstartupreg: Dropbox => “C:Program FilesDropboxClientDropbox.exe” /systemstartup

MSCONFIGstartupreg: EPLTarget => 

MSCONFIGstartupreg: Google Update => “C:UsersBryanAppDataLocalGoogleUpdate1.3.36.72GoogleUpdateCore.exe”

MSCONFIGstartupreg: GrooveMonitor => “C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe”

MSCONFIGstartupreg: HP Software Update => c:Program FilesHPHP Software UpdateHPWuSchd2.exe

MSCONFIGstartupreg: HPAdvisorDock => C:Program FilesHewlett-PackardHP AdvisorDockHPAdvisorDock.exe

MSCONFIGstartupreg: hpsysdrv => c:program fileshewlett-packardHP odometerhpsysdrv.exe

MSCONFIGstartupreg: IAStorIcon => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe

MSCONFIGstartupreg: JavaUpdate => 

MSCONFIGstartupreg: Microsoft Default Manager => “C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe” -resume

MSCONFIGstartupreg: NewJavaInstall => 

MSCONFIGstartupreg: Norton Online Backup => C:Program FilesSymantecNorton Online BackupNOBuClient.exe

MSCONFIGstartupreg: OpwareSE4 => “C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe”

MSCONFIGstartupreg: PDF Complete => C:Program FilesPDF Completepdfsty.exe

MSCONFIGstartupreg: QuickTime Task => “c:Program FilesQuickTimeQTTask.exe” -atboottime

MSCONFIGstartupreg: SmartMenu => C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe /background

MSCONFIGstartupreg: SMΔRT-Protection => C:Program FilesSmadavSMΔRTP.exe rts

MSCONFIGstartupreg: SSBkgdUpdate => “C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe” -Embedding -boot

MSCONFIGstartupreg: StartCCC => “C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun

MSCONFIGstartupreg: SunJavaUpdateSched => “C:Program FilesCommon FilesJavaJava Updatejusched.exe”

MSCONFIGstartupreg: UnlockerAssistant => “C:Program FilesUnlockerUnlockerAssistant.exe”

MSCONFIGstartupreg: Windows Update => C:GoogleWindowsupdate.lnk

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{FDB2CC6D-E319-4F91-A7B3-8FF0E6BC7CE9}] => (Allow) c:Program FilesCyberLinkPowerDirectorPDR8.EXE (CyberLink -> CyberLink Corp.)

FirewallRules: [{C8F85DA4-1830-4506-8671-69508B8669B5}] => (Allow) C:Program FilesHewlett-PackardMediaDVDHPTouchSmartMusic.exe => No File

FirewallRules: [{7C45FD3B-622E-47DC-ADA8-78830958E6BE}] => (Allow) C:Program FilesHewlett-PackardMediaDVDHPTouchSmartPhoto.exe => No File

FirewallRules: [{92CC78F3-1064-4594-B543-0FBF0649AEFD}] => (Allow) C:Program FilesHewlett-PackardMediaDVDHPTouchSmartVideo.exe => No File

FirewallRules: [{4613ADD3-1102-4BFE-9C7F-0ADE5B218BF7}] => (Allow) C:Program FilesHewlett-PackardMediaDVDTSMAgent.exe => No File

FirewallRules: [{042F6A64-E155-40C4-8438-FFD316FED647}] => (Allow) C:Program FilesHewlett-PackardMediaDVDKernelCLMLCLMLSvc.exe => No File

FirewallRules: [{A9694CAF-B7F7-4C91-A94F-01810F28DDD6}] => (Allow) C:Program FilesHewlett-PackardMediaDVDHPDVDSmart.exe => No File

FirewallRules: [{55C23CCB-E4B3-4740-8A9B-F8260E9FF242}] => (Allow) C:Program FilesHewlett-PackardMediaSmartPhotoHPMediaSmartPhoto.exe => No File

FirewallRules: [{477B2736-3C67-4D08-BBD9-912980110278}] => (Allow) C:Program FilesHewlett-PackardMediaSmartVideoHPMediaSmartVideo.exe => No File

FirewallRules: [{714050D8-63B9-43F0-AB7F-D1AE8DE1F28B}] => (Allow) C:Program FilesHewlett-PackardTouchSmartMusicHPTouchSmartMusic.exe => No File

FirewallRules: [{AF9DEFDA-3A92-44B8-9D04-CFD3F51E2EB6}] => (Allow) C:UsersBryanAppDataLocalGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{7EDAFDE5-14B2-4E2A-84A9-E7618242B6A2}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{02EE4330-0677-4EB8-83DE-DC648E8CAA90}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{18BA8F12-D3D1-42AB-8431-6ABEE62F9000}] => (Allow) c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [TCP Query User{A13258A8-2654-40B4-A9A9-4EC924352741}C:usersbryandocumentsshowbiz 2battle los angeles – produnia.combinbattlela.exe] => (Block) C:usersbryandocumentsshowbiz 2battle los angeles – produnia.combinbattlela.exe => No File

FirewallRules: [UDP Query User{4243BF12-AA05-4EEB-B218-42C5999396D0}C:usersbryandocumentsshowbiz 2battle los angeles – produnia.combinbattlela.exe] => (Block) C:usersbryandocumentsshowbiz 2battle los angeles – produnia.combinbattlela.exe => No File

FirewallRules: [{85446E95-F669-4F73-B0DB-D5B8DF1507C9}] => (Allow) C:UsersBryanAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{8EA71A50-D425-4227-B1EB-4FB7D155F2D0}] => (Allow) C:UsersBryanAppDataRoamingZoombinairhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [TCP Query User{C8476401-21D5-448D-A59B-DADA86F89009}C:Program FilesVideoLANVLCvlc.exe] => (Block) C:Program FilesVideoLANVLCvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [UDP Query User{B86E1013-1BA6-40DB-811F-73388F12D21E}C:Program FilesVideoLANVLCvlc.exe] => (Block) C:Program FilesVideoLANVLCvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [{1FB4C285-B170-4980-B66F-41A4E62D35E4}] => (Allow) C:Program FilesBignoxBigNoxVMRTNoxVMHandle.exe => No File

FirewallRules: [{723AC53E-65B4-45CB-A82F-5605870BA0FE}] => (Allow) C:Program FilesBraveSoftwareBrave-BrowserApplicationbrave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [{F3BD795B-8F6E-41B8-B9FB-A338F242F471}] => (Allow) C:Windowsrsscsrss.exe () [File not signed]

FirewallRules: [{39B47B7E-D2D0-45BD-ACF2-D8EEFABB56A8}] => (Allow) C:Windowsrsscsrss.exe () [File not signed]

FirewallRules: [{2CC11222-F866-476E-8C14-6A008BA48AA6}] => (Allow) C:Windowsrsscsrss.exe () [File not signed]

FirewallRules: [{171A3463-0346-4116-BA6E-82FCBA28248D}] => (Allow) C:Windowsrsscsrss.exe () [File not signed]

FirewallRules: [{C254886F-BBAB-4171-A6C3-AE04702D7AD6}] => (Allow) C:Windowsrsscsrss.exe () [File not signed]

 

==================== Restore Points =========================

 

10-06-2021 10:30:52 NPE v6.0.1.2095

 

==================== Faulty Device Manager Devices ============

 

Name: J:

Description: MS/MS-Pro       

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.

On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

 

Name: G:

Description: SD/MMC          

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.

On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

 

Name: I:

Description: SM/xD-Picture   

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.

On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

 

Name: H:

Description: Compact Flash   

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.

On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

 

Name: hp DVD-RAM GH60L

Description: CD-ROM Drive

Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard CD-ROM drives)

Service: cdrom

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click “Scan for hardware changes” to reinstall or upgrade the driver.

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (06/10/2021 02:52:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

.

 

Error: (06/10/2021 02:52:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

.

 

Error: (06/10/2021 02:52:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

.

 

Error: (06/10/2021 02:52:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

.

 

Error: (06/10/2021 02:52:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

.

 

Error: (06/10/2021 02:52:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

.

 

Error: (06/10/2021 02:52:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

.

 

Error: (06/10/2021 02:52:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )

.

 

 

System errors:

=============

Error: (06/10/2021 02:54:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: Microsoft Malware Protection Center

 

Update Stage: Install

 

 

Signature Type: AntiVirus

 

Update Type: Full

 

User: NT AUTHORITYNETWORK SERVICE

 

Current Engine Version: 

 

Previous Engine Version: 0.0.0.0

 

Error code: 0x800b0109

 

Error description: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

 

Error: (06/10/2021 02:54:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: Microsoft Malware Protection Center

 

Update Stage: Install

 

 

Signature Type: AntiSpyware

 

Update Type: Full

 

User: NT AUTHORITYNETWORK SERVICE

 

Current Engine Version: 

 

Previous Engine Version: 0.0.0.0

 

Error code: 0x800b0109

 

Error description: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

 

Error: (06/10/2021 02:54:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: Microsoft Malware Protection Center

 

Update Stage: Install

 

 

Signature Type: AntiVirus

 

Update Type: Full

 

User: NT AUTHORITYNETWORK SERVICE

 

Current Engine Version: 

 

Previous Engine Version: 0.0.0.0

 

Error code: 0x800b0109

 

Error description: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

 

Error: (06/10/2021 02:53:16 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: Microsoft Malware Protection Center

 

Update Stage: Install

 

 

Signature Type: AntiSpyware

 

Update Type: Full

 

User: NT AUTHORITYNETWORK SERVICE

 

Current Engine Version: 

 

Previous Engine Version: 0.0.0.0

 

Error code: 0x800b0109

 

Error description: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

 

Error: (06/10/2021 02:53:16 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: Microsoft Malware Protection Center

 

Update Stage: Install

 

 

Signature Type: AntiVirus

 

Update Type: Full

 

User: NT AUTHORITYNETWORK SERVICE

 

Current Engine Version: 

 

Previous Engine Version: 0.0.0.0

 

Error code: 0x800b0109

 

Error description: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

 

Error: (06/10/2021 02:53:01 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: Microsoft Update Server

 

Update Stage: Search

 

Source Path: Default URL

 

Signature Type: AntiVirus

 

Update Type: Full

 

User: NT AUTHORITYSYSTEM

 

Current Engine Version: 

 

Previous Engine Version: 0.0.0.0

 

Error code: 0x80070424

 

Error description: The specified service does not exist as an installed service.

 

Error: (06/10/2021 02:49:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Microsoft Antimalware has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: Microsoft Update Server

 

Update Stage: Search

 

Source Path: Default URL

 

Signature Type: AntiVirus

 

Update Type: Full

 

User: NT AUTHORITYSYSTEM

 

Current Engine Version: 

 

Previous Engine Version: 0.0.0.0

 

Error code: 0x80070424

 

Error description: The specified service does not exist as an installed service.

 

Error: (06/10/2021 02:45:47 PM) (Source: BROWSER) (EventID: 8032) (User: )

Description: The browser service has failed to retrieve the backup list too many times on transport DeviceNetBT_Tcpip_{8B236BF6-3FBE-4E23-A581-7DC0CC1B2A2A}.

The backup browser is stopping.

 

 

Windows Defender:

================

Date: 2021-06-10 09:26:03.457

Description: 

Windows Defender has encountered an error trying to update signatures.

New Signature Version:1.341.322.0

Previous Signature Version:

Update Source:User

Signature Type:AntiSpyware

Update Type:Full

Current Engine Version:1.1.18200.4

Previous Engine Version:

Error code:0x800b0109

Error description:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 

 

Date: 2021-06-10 09:26:03.457

Description: 

Windows Defender has encountered an error trying to update the engine.

New Engine Version:1.1.18200.4

Previous Engine Version:

Update Source:User

Error Code:0x800b0109

Error description:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 

 

Date: 2021-06-10 09:25:53.218

Description: 

Windows Defender has encountered an error trying to update signatures.

New Signature Version:1.341.322.0

Previous Signature Version:

Update Source:User

Signature Type:AntiSpyware

Update Type:Full

Current Engine Version:1.1.18200.4

Previous Engine Version:

Error code:0x800b0109

Error description:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 

 

Date: 2021-06-10 09:25:53.217

Description: 

Windows Defender has encountered an error trying to update the engine.

New Engine Version:1.1.18200.4

Previous Engine Version:

Update Source:User

Error Code:0x800b0109

Error description:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 

 

Date: 2021-06-09 09:36:47.844

Description: 

Windows Defender has encountered an error trying to update signatures.

New Signature Version:1.341.322.0

Previous Signature Version:

Update Source:User

Signature Type:AntiSpyware

Update Type:Full

Current Engine Version:1.1.18200.4

Previous Engine Version:

Error code:0x800b0109

Error description:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. 6.14 11/05/2010

Motherboard: MSI 2A9C

Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz

Percentage of memory in use: 82%

Total physical RAM: 3319.08 MB

Available physical RAM: 572.48 MB

Total Virtual: 6636.44 MB

Available Virtual: 3473.1 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:585.38 GB) (Free:493.87 GB) NTFS

Drive d: (HP_RECOVERY) (Fixed) (Total:10.69 GB) (Free:1.3 GB) NTFS ==>[system with boot components (obtained from drive)]

 

\?Volume{d5f295f5-4b43-11e0-8b41-806e6f6e6963} (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

\?Volume{15a737b0-0248-11e0-8bfc-806e6f6e6963} () (Removable) (Total:0 GB) (Free:0 GB) 

\?Volume{15a737b1-0248-11e0-8bfc-806e6f6e6963} () (Removable) (Total:0 GB) (Free:0 GB) 

\?Volume{15a737b2-0248-11e0-8bfc-806e6f6e6963} () (Removable) (Total:0 GB) (Free:0 GB) 

\?Volume{15a737b3-0248-11e0-8bfc-806e6f6e6963} () (Removable) (Total:0 GB) (Free:0 GB) 

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: 48917D11)

Partition 1: (Active) – (Size=100 MB) – (Type=07 NTFS)

Partition 2: (Not Active) – (Size=585.4 GB) – (Type=07 NTFS)

Partition 3: (Not Active) – (Size=10.7 GB) – (Type=07 NTFS)

 

==================== End of Addition.txt =======================

 

 

AdwCleaner log:

PUP.Optional.Conduit            C:Program FilesNCH SoftwareComponentsNCHToolbarsconduit

PUP.Optional.Legacy             C:WindowsSystem32configsystemprofileAppDataLocalLowApplication Updater

PUP.Optional.Segurazo           C:ProgramDataMicrosoftWindowsStart MenuProgramsSAntivirus

PUP.Optional.Segurazo           C:UsersBryanAppDataRoamingsantivirusclient

Trojan.Agent                    C:WindowsSystem32driversWinmonProcessMonitor.sys

No malicious DLLs found.

No malicious WMI found.

No malicious shortcuts found.

Adware.CloudWeb                 C:WindowsSystem32TasksSCHEDULEDUPDATE

Adware.CloudWeb                 HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{A1717BDE-7997-4006-8E60-4281C0CBE687}

Adware.CloudWeb                 HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeScheduledUpdate

PUP.Optional.Conduit            HKCUSoftwareNCH SoftwareComponentsconduit

PUP.Optional.Conduit            HKLMSoftwareNCH SoftwareComponentsconduit

PUP.Optional.Legacy             HKLMSoftwareClassesTypeLib{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}

PUP.Optional.Legacy             HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregAdobe Systems, Incorporated

PUP.Optional.Legacy             HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregSM?RT-Protection

PUP.Optional.Segurazo           HKLMSystemCurrentControlSetServicesEventLogApplicationSAntivirusSvc

No malicious Chromium entries found.

PUP.Optional.SearchManager      Search Manager – {24436206-088d-4a1a-8d0e-cf93ca7a2d23}

No malicious Firefox URLs found.

No malicious hosts file entries found.

Preinstalled.CyberLinkLabelPrint   Folder   C:Program FilesCYBERLINKLABELPRINT 

Preinstalled.CyberLinkLabelPrint   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallInstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} 

Preinstalled.CyberLinkLabelPrint   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{C59C179C-668D-49A9-B6EA-0121CCFC1243} 

Preinstalled.HPCleanFLC   File   C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Office 2010.lnk 

Preinstalled.HPHealthCheck   Folder   C:Program FilesHEWLETT-PACKARDHP HEALTH CHECK 

Preinstalled.HPMediaSmart   Folder   C:Program FilesHEWLETT-PACKARDHP MEDIASMART 

Preinstalled.HPMediaSmart   Folder   C:Program FilesHEWLETT-PACKARDMEDIASMARTPHOTO 

Preinstalled.HPMediaSmart   Folder   C:Program FilesHEWLETT-PACKARDMEDIASMARTVIDEO 

Preinstalled.HPMediaSmart   Folder   C:Program FilesHEWLETT-PACKARDMEDIADVD 

Preinstalled.HPMediaSmart   Folder   C:ProgramDataHEWLETT-PACKARDMEDIADVD 

Preinstalled.HPMediaSmart   Folder   C:UsersBryanAppDataLocalHEWLETT-PACKARDMEDIASMARTPHOTO 

Preinstalled.HPMediaSmart   Folder   C:UsersBryanAppDataLocalHEWLETT-PACKARDMEDIASMARTVIDEO 

Preinstalled.HPMediaSmart   Registry   HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregSmartMenu 

Preinstalled.HPMediaSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallInstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF} 

Preinstalled.HPMediaSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallInstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095} 

Preinstalled.HPMediaSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallInstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A} 

Preinstalled.HPMediaSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF} 

Preinstalled.HPMediaSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{D12E3E7F-1B13-4933-A915-16C7DD37A095} 

Preinstalled.HPMediaSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{DCCAD079-F92C-44DA-B258-624FC6517A5A} 

Preinstalled.HPOdometer   Registry   HKLMSoftwareMicrosoftShared ToolsMSConfigstartupreghpsysdrv 

Preinstalled.HPSupportAssistant   Folder   C:Program FilesHEWLETT-PACKARDHP SUPPORT FRAMEWORK 

Preinstalled.HPSupportAssistant   Folder   C:ProgramDataHEWLETT-PACKARDHP SUPPORT FRAMEWORK 

Preinstalled.HPSupportAssistant   Folder   C:UsersBryanAppDataLocalHEWLETT-PACKARDHP SUPPORT FRAMEWORK 

Preinstalled.HPSupportAssistant   Folder   C:UsersBryanAppDataLocalVirtualStoreProgramDataHEWLETT-PACKARDHP SUPPORT FRAMEWORK 

Preinstalled.HPSupportAssistant   Folder   C:UsersBryanAppDataRoamingHEWLETT-PACKARDHP SUPPORT FRAMEWORK 

Preinstalled.HPSupportAssistant   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{1CC069FA-1A86-402E-9787-3F04E652C67A} 

Preinstalled.HPSupportAssistant   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{319E272A-B5DB-4939-99D0-1F1F0C55699E} 

Preinstalled.HPTouchSmart   Folder   C:Program FilesHEWLETT-PACKARDTOUCHSMARTDVD MENU PACK 

Preinstalled.HPTouchSmart   Folder   C:Program FilesHEWLETT-PACKARDTOUCHSMARTMEDIA MOVIE THEME PACK 

Preinstalled.HPTouchSmart   Folder   C:Program FilesHEWLETT-PACKARDTOUCHSMARTMUSIC 

Preinstalled.HPTouchSmart   Folder   C:ProgramDataHEWLETT-PACKARDTOUCHSMARTMEDIA 

Preinstalled.HPTouchSmart   Folder   C:UsersBryanAppDataLocalHEWLETT-PACKARDTOUCHSMARTMUSIC 

Preinstalled.HPTouchSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallInstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E} 

Preinstalled.HPTouchSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallInstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C} 

Preinstalled.HPTouchSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallInstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF} 

Preinstalled.HPTouchSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{3023EBDA-BF1B-4831-B347-E5018555F26E} 

Preinstalled.HPTouchSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{91A34181-9FAD-43AB-A35F-E7A8945B7E1C} 

Preinstalled.HPTouchSmart   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF} 

Preinstalled.LenovoPower2Go   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallInstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} 

Preinstalled.LenovoPower2Go   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{40BF1E83-20EB-11D8-97C5-0009C5020658} 

Preinstalled.WildTangentGamesBundle   Folder   C:Program FilesWILDTANGENT GAMES 

Preinstalled.WildTangentGamesBundle   Folder   C:Program FilesWILDTANGENT GAMESAPP 

Preinstalled.WildTangentGamesBundle   Registry   HKCUSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 

Preinstalled.WildTangentGamesBundle   Registry   HKLMSoftwareClassesCLSID{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 

Preinstalled.WildTangentGamesBundle   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreapproved{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 

Preinstalled.WildTangentGamesBundle   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallWildTangent wildgames Master Uninstall 

Preinstalled.WildTangentGamesBundle   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App 

Preinstalled.WildTangentGamesBundle   Registry   HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames 

Preinstalled.WildTangentGamesBundle   Registry   HKU.DEFAULTSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 

Preinstalled.WildTangentGamesBundle   Registry   HKUS-1-5-18SoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 

Preinstalled.WildTangentGamesBundle   Registry   HKUS-1-5-19SoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 

Preinstalled.WildTangentGamesBundle   Registry   HKUS-1-5-20SoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 





Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

− one = 9