Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New GPUBreach attack enables system takeover via GPU rowhammer

Featured Deal: Protect up to 9 devices from ads and tracking for just $16 in this AdGuard deal

Latest Buyer's Guide: Best VPNs in 2025

svchost process being used, accessed remotely by different ip addresses

Started by Siborg , Apr 21 2023 07:54 PM

This topic is locked

31 replies to this topic

#1 Siborg

Members
20 posts
OFFLINE

Posted 21 April 2023 - 07:54 PM

My PC was infected by laptop with similar issues.

Before this laptop had fodhelper installed so I reinstalled Windows 10 & changed UAC settings & changed to not an Admin account
on non password protected login for all my Windows computers.

I used simplewall & found svchost.exe among other things being accessed remotely at different times by different ip addresses.

This showed up on PC on 14 April 2023, 11:31am
Protected Memory Access Blocked: svchost.exe
Protected folder \Device\Harddisk\Volume1
Blocked by Controlled Folder Access

I checked PC & svchost.exe was running in the background remotely communicating.

I reinstalled Windows 10 on laptop and used the laptop to blocked the 3 ip addresses that kept showing up on svchost through the router.

Other connections were:
DoSvc
Profsvc
gamingservices.exe
Explorer

I haven't used the internet on the computers lately. I think I need to upgrade the computers' Bios so I can get Credential Guard running.

On the PC explorer.exe is still trying to access folders but is being stopped by Controlled Folder Access.

PC:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2023
Ran by Admin (administrator) on LOUNGE (Gigabyte Technology Co., Ltd. H270-HD3) (22-04-2023 09:09:28)
Running from C:\Users\Admin\Desktop\FRST64.exe
Loaded Profiles: Simon & Admin
Platform: Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

========================================================

C:\FRST\FRST64.exe => moved successfully

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed] C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe <2>
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe <2>
(Intel® Corporation) [File not signed] C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe <2>
(Opera Software AS -> Opera Software) C:\Program Files\Opera\assistant\browser_assistant.exe <4>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc) [File not signed] [File is in use] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(services.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <3>
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\upfc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <3>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(svchost.exe ->) (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc) [File not signed] C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation) [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3004440 2020-05-19] (Opera Software AS -> Opera Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\Run: [BraveSoftware Update] => C:\Users\Simon\AppData\Local\BraveSoftware\Update\1.3.361.133\BraveUpdateCore.exe [222592 2022-08-15] (Brave Software, Inc. -> BraveSoftware Inc.)
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4362600 2023-03-25] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\...\Print\Monitors\EPSON XP-640 Series 64MonitorBE: C:\Windows\system32\E_YLMBRHE.DLL [182784 2015-12-09] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2015-12-24] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-12-05] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2018-01-26]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2020-06-28]
ShortcutTarget: JoyToKey.lnk -> C:\Users\Admin\Downloads\JoyToKey_en\JoyToKey.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2018-01-26]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed]
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2021-01-29]
ShortcutTarget: JoyToKey.lnk -> C:\Program Files (x86)\JoyToKey\JoyToKey.exe () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01ED0359-4664-47EF-9429-75A3FE6328E6} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-804952195-611626450-1021337796-1001Core => C:\Users\Simon\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File)
Task: {3ABF9E55-9B26-4444-B1DC-DADDEADC68F2} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-804952195-611626450-1021337796-1001UA => C:\Users\Simon\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4A10D318-84C3-4AB4-B4A0-A78791A75785} - System32\Tasks\Opera scheduled Autoupdate 1527664485 => C:\Program Files\Opera\launcher.exe [2686880 2023-04-18] (Opera Norway AS -> Opera Software)
Task: {4FA7D905-CF2E-4C4C-B9FB-10792D863066} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2022-06-26] () [File not signed]
Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File)
Task: {8D6DA520-4F85-4ED0-87E7-6D86685C3C86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E88A047-2887-4FB2-B227-3C7D083E7671} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid c5fd4c6a-5a47-4e81-9dcc-e68199d1a0f9
Task: {8F817DAF-6A0C-4486-BA96-AC05435686A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {A0DEBC97-A4F0-421B-B25F-FF3658B7AC7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A5E5BA98-495A-4A28-AC82-96D2146FAFC9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2638856 2023-04-13] (Overwolf Ltd -> Overwolf LTD)
Task: {a76d9b75-2552-4930-84aa-e3e5c1f0455a} - no filepath
Task: {B5C18A46-5FC9-414A-B6B6-40CB4D169CE3} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-804952195-611626450-1021337796-1001UA1d7e62f78c1d018 => C:\Users\Simon\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File)
Task: {C7A3A07D-27B8-49C3-A7EE-73A27160F362} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation) [File not signed]
Task: {CF5BDA1E-549B-43EF-99D8-CA0E4FE2303F} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid de8faacc-4284-4069-8f1c-f446c461b168
Task: {D8411D9F-4175-4606-9E79-6F4A5FEF4B36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DBF02E94-1D16-494B-9970-B9D4BB1DB67A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DC635195-1C07-45BB-9CB4-2DD2EAEFF691} - System32\Tasks\EPSON XP-640 Series Update {2349EA23-7492-4E6A-A8D6-DDFE8529B22C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRHE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {DD378646-A8BC-411E-A7B0-6A1EC3560D07} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-804952195-611626450-1021337796-1001Core1d7e62f78bec4f0 => C:\Users\Simon\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E791FD7B-288D-4DEF-910D-AB396A899998} - System32\Tasks\Opera scheduled assistant Autoupdate 1547476640 => C:\Program Files\Opera\launcher.exe [2686880 2023-04-18] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON XP-640 Series Update {2349EA23-7492-4E6A-A8D6-DDFE8529B22C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRHE.EXE:/EXE:{2349EA23-7492-4E6A-A8D6-DDFE8529B22C} /F:UpdateWORKGROUP\DESKTOP-GJD8DQO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1ad97ca0-cfea-449d-a133-8303749731e0}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{c24ef2d8-3263-4595-abb3-28dc3122cdbb}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Edge:
=======
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-25]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-10-30] (BattlEye Innovations e.K. -> )
S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\85.0.4183.6\remoting_host.exe [72176 2020-06-28] (Google LLC -> Google Inc.)
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2018-01-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [133080 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2016-01-13] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\GamingServices.exe [75256 2023-04-19] (Microsoft Corporation -> )
R2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [75256 2023-04-19] (Microsoft Corporation -> )
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586536 2017-12-12] (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc) [File not signed] [File is in use]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14280 2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2638856 2023-04-13] (Overwolf Ltd -> Overwolf LTD)
S2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel® iCDG WINS WSS CCF -> Intel Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1090416 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
R3 HCW85BDA; C:\WINDOWS\system32\drivers\HCW85BDA.sys [2265832 2017-06-19] (Hauppauge Computer Works Inc. -> Hauppauge Computer Works)
R3 MarvinBus; C:\WINDOWS\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Pinnacle Systems GmbH)
R3 MpKsl461a21e8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{455C2155-5A6A-45A7-A3C0-6759526E2CF4}\MpKslDrv.sys [211208 2023-04-22] (Microsoft Windows -> Microsoft Corporation)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> )
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-05-16] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-02-03] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [497920 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-04-22 09:09 - 2023-04-22 09:09 - 000021964 _____ C:\Users\Admin\Desktop\FRST.txt
2023-04-22 09:09 - 2023-04-21 16:03 - 002381312 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2023-04-22 08:55 - 2023-04-22 09:09 - 000000000 ____D C:\FRST
2023-04-20 18:23 - 2023-04-20 18:23 - 000000000 ____D C:\Users\Admin\AppData\Local\Publishers
2023-04-20 18:22 - 2023-04-20 18:22 - 000000000 ____D C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder
2023-04-20 05:28 - 2023-04-20 05:43 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2023-04-18 22:09 - 2023-04-18 22:09 - 000001586 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Hybrid Sleep.lnk
2023-04-16 21:22 - 2023-04-16 21:25 - 000000000 ____D C:\Users\Simon\Downloads\SDIO_1.12.11.751
2023-04-16 21:22 - 2023-04-16 21:22 - 006475179 _____ C:\Users\Simon\Downloads\SDIO_1.12.11.751.zip
2023-04-16 10:50 - 2023-04-16 10:58 - 000000000 ____D C:\Users\Admin\AppData\Roaming\WizTree3
2023-04-15 23:44 - 2023-04-15 23:44 - 1008985143 _____ C:\WINDOWS\MEMORY.DMP
2023-04-15 23:44 - 2023-04-15 23:44 - 001841828 _____ C:\WINDOWS\Minidump\041523-16953-01.dmp
2023-04-15 23:44 - 2023-04-15 23:44 - 000000000 ____D C:\WINDOWS\Minidump
2023-04-14 12:30 - 2023-04-14 12:30 - 000000000 ___HD C:\$WinREAgent
2023-04-12 07:04 - 2023-04-12 07:04 - 000000072 _____ C:\Users\Simon\Desktop\Witherstorm Lvl 7.txt
2023-04-10 19:32 - 2023-04-10 19:32 - 000357526 _____ C:\Users\Simon\Downloads\bookmarks_4_10_23.html
2023-04-09 18:52 - 2023-04-09 18:52 - 000000000 ____D C:\Users\Simon\Downloads\Steam
2023-04-05 18:22 - 2023-04-05 18:29 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\MMC
2023-04-02 21:20 - 2023-04-02 21:21 - 067444475 _____ C:\Users\Simon\Downloads\getvid (12).mp4
2023-03-26 16:09 - 2023-03-26 16:09 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Henry++
2023-03-25 17:37 - 2023-03-25 17:37 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-804952195-611626450-1021337796-1002
2023-03-25 17:37 - 2023-03-25 17:37 - 000000000 ___RD C:\Users\Admin\OneDrive
2023-03-25 17:36 - 2023-04-20 18:30 - 000000000 ____D C:\Users\Admin\AppData\Local\ClassicShell
2023-03-25 17:36 - 2023-03-25 17:36 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2023-03-25 17:36 - 2023-03-25 17:36 - 000000000 ____D C:\Users\Admin\AppData\Roaming\ClassicShell
2023-03-25 17:35 - 2023-04-20 18:23 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2023-03-25 17:35 - 2023-04-16 06:55 - 000000000 ____D C:\Users\Admin
2023-03-25 17:35 - 2023-03-25 17:37 - 000002407 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-25 17:35 - 2023-03-25 17:35 - 000002355 _____ C:\Users\Admin\Desktop\Microsoft Edge.lnk
2023-03-25 17:35 - 2023-03-25 17:35 - 000000020 ___SH C:\Users\Admin\ntuser.ini
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ___SD C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ___SD C:\Users\Admin\AppData\Roaming\Microsoft\Protect
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ___SD C:\Users\Admin\AppData\Roaming\Microsoft\Crypto
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ___SD C:\Users\Admin\AppData\Roaming\Microsoft\Credentials
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ___RD C:\Users\Admin\3D Objects
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Vault
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2023-03-25 17:35 - 2023-03-25 17:35 - 000000000 ____D C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform
2023-03-25 17:35 - 2021-04-18 20:52 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Network

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-04-22 09:09 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-22 09:08 - 2021-07-17 09:09 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-22 09:08 - 2021-04-18 20:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-04-22 09:08 - 2021-04-01 20:24 - 000000000 ____D C:\Users\Simon\AppData\Local\ClassicShell
2023-04-22 09:08 - 2020-09-12 00:39 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-22 09:08 - 2019-12-07 18:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-22 09:08 - 2019-12-07 18:33 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2023-04-22 09:08 - 2018-03-02 21:12 - 000000000 ____D C:\ProgramData\Origin
2023-04-22 09:08 - 2018-01-26 08:26 - 000000000 ____D C:\ProgramData\Hauppauge
2023-04-22 09:06 - 2021-02-13 21:19 - 001820326 _____ C:\WINDOWS\ntbtlog.txt
2023-04-22 08:37 - 2021-04-18 20:56 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-04-22 08:37 - 2021-04-18 20:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-04-22 08:37 - 2019-12-07 18:43 - 000000000 ____D C:\WINDOWS\INF
2023-04-22 06:54 - 2018-05-30 16:42 - 000000000 ____D C:\Program Files\Opera
2023-04-20 06:39 - 2020-01-14 21:29 - 000000918 _____ C:\Users\Simon\Desktop\SpongeBob SquarePants - Shortcut.lnk
2023-04-19 23:27 - 2021-04-18 20:54 - 000003940 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1527664485
2023-04-19 23:27 - 2018-05-30 16:44 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2023-04-19 14:36 - 2023-01-02 06:34 - 000000000 ____D C:\Program Files (x86)\Overwolf
2023-04-19 12:11 - 2022-12-28 11:23 - 002790904 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000484856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000247248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000202232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000165368 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000079352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2023-04-19 12:11 - 2022-12-28 11:23 - 000062968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2023-04-19 12:11 - 2019-12-07 18:44 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-17 05:34 - 2020-08-31 00:47 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-04-16 09:11 - 2021-04-18 20:51 - 000000000 ____D C:\Users\Simon
2023-04-15 15:02 - 2021-03-07 06:54 - 000002663 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-04-15 03:52 - 2021-04-18 20:49 - 000345168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-14 12:36 - 2019-12-07 18:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-14 12:34 - 2021-04-18 20:49 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-04-14 09:35 - 2018-03-10 10:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-04-14 09:25 - 2018-03-10 10:23 - 156112424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-04-12 15:43 - 2019-10-05 01:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-04-12 07:00 - 2023-01-02 06:34 - 000002324 _____ C:\Users\Simon\Desktop\CurseForge.lnk
2023-04-12 07:00 - 2023-01-02 06:33 - 000000000 ____D C:\Users\Simon\AppData\Local\Overwolf
2023-04-11 15:38 - 2018-08-12 10:40 - 000000000 ____D C:\Users\Simon\AppData\Roaming\vlc
2023-04-11 15:37 - 2023-03-16 11:22 - 000000000 ____D C:\Program Files\simplewall
2023-04-10 20:35 - 2021-06-14 10:11 - 000000000 ____D C:\Program Files (x86)\Steam
2023-04-07 19:40 - 2022-12-29 08:54 - 000006449 _____ C:\Users\Simon\Downloads\JoyToKey.7z
2023-04-07 19:40 - 2020-03-22 20:45 - 000000000 ____D C:\Users\Simon\Documents\JoyToKey
2023-04-05 07:28 - 2021-04-18 20:54 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-05 07:28 - 2021-04-18 20:54 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-04-04 07:16 - 2018-08-12 10:41 - 000000000 ____D C:\Users\Simon\AppData\Roaming\dvdcss
2023-04-03 17:47 - 2022-07-01 17:09 - 000001146 _____ C:\Users\Public\Desktop\VLC media player.lnk
2023-03-30 15:25 - 2021-11-22 15:31 - 000000000 ____D C:\Users\Simon\AppData\Roaming\MusicBee
2023-03-26 17:46 - 2018-01-26 10:58 - 000000000 ____D C:\Users\Simon\AppData\Local\CrashDumps
2023-03-25 17:35 - 2019-12-07 18:44 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-03-25 17:35 - 2018-01-25 23:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-03-23 21:29 - 2019-10-05 08:51 - 000000000 ____D C:\Users\Simon\AppData\Local\D3DSCache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2023
Ran by Admin (22-04-2023 09:10:55)
Running from C:\Users\Admin\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) (2021-04-18 11:24:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-804952195-611626450-1021337796-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-804952195-611626450-1021337796-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-804952195-611626450-1021337796-503 - Limited - Disabled)
Guest (S-1-5-21-804952195-611626450-1021337796-501 - Limited - Disabled)
Simon (S-1-5-21-804952195-611626450-1021337796-1001 - Limited - Enabled) => C:\Users\Simon
WDAGUtilityAccount (S-1-5-21-804952195-611626450-1021337796-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe DNG Codec (HKLM-x32\...\Adobe DNG Codec) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603 (HKLM-x32\...\Allok 3GP PSP MP4 iPod Video Converter_is1) (Version: - Allok Soft Inc)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 5.2 - Power Software Ltd)
ApowerMirror V1.5.1.8 (HKLM-x32\...\{a9482532-9c34-478c-80c3-85bdccbb981f}_is1) (Version: 1.5.1.8 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\BraveSoftware Brave-Browser) (Version: 112.1.50.119 - Brave Software Inc)
Calculator (HKLM\...\{FC211C17-798B-4E74-BE2D-D179B0FC316A}_is1) (Version: 10.0.14393.0 - )
Chrome Remote Desktop Host (HKLM-x32\...\{044C9627-4253-4828-A3CB-6EF8CEC04963}) (Version: 85.0.4183.6 - Google Inc.)
Citra (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\{7b6ed24a-4045-4dcf-b32d-890cba952e99}) (Version: 1.0.0 - Citra Team)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
CurseForge (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.223.1.9730 - Overwolf app)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DupeTrasher 1.2 (HKLM-x32\...\DupeTrasher_is1) (Version: - Assembly Developers)
EasiestSoft Movie Editor 5.1.0 (HKLM-x32\...\{8BB65DEC-BE2C-EB66-7595-ADAE2D710380}_is1) (Version: 5.1.0 - EasiestSoft International LLC.)
Easy Photo Scan (HKLM-x32\...\{250F80AF-F5EA-4E42-BB64-5D8014C7C538}) (Version: 1.00.0007 - Seiko Epson Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.42.00 - SEIKO EPSON CORPORATION)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.01 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{82B94253-3FBC-4779-B3BF-C690AD54AFDB}) (Version: 4.4.0 - SEIKO EPSON CORPORATION)
EPSON XP-640 Series Printer Uninstall (HKLM\...\EPSON XP-640 Series) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{0CB4EF8E-EE5B-49F6-8376-A702C222D6DA}) (Version: 3.1.3.0 - SEIKO EPSON Corporation)
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Free Virtual Keyboard (HKLM-x32\...\{CA4F9519-1A83-4907-8651-F17073A0E1CE}_is1) (Version: 5.0.0.0 - Comfort Software Group)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GreatFamily 2.2.2 (HKLM-x32\...\GreatFamily) (Version: - )
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
Hauppauge WinTV 8.5 (HKLM-x32\...\Hauppauge WinTV 8.5) (Version: v8.5.35346 (CD 5.8) - Hauppauge Computer Works)
Imaging And Configuration Designer (HKLM-x32\...\{8072F2F3-C269-A639-4626-9209FFF6DEDB}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{2852AE0C-1EEB-72F9-1C5D-FACF6C9304DE}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{30C24881-949F-D09C-5376-9F0DC6B412CD}) (Version: 10.1.19041.1 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel庐 CCF Manager (HKLM\...\{DFD2C0B0-664C-4383-B348-2F531462EBAD}) (Version: 3.0.0.1172 - Intel Corporation) Hidden
Intel庐 CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java™ SE Development Kit 17.0.5 (64-bit) (HKLM\...\{523C28BF-1BB4-5EB4-AD61-2D035E64A315}) (Version: 17.0.5.0 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JoyToKey version 6.9.2 (HKLM-x32\...\{EBF21C82-423E-49FD-BCBD-88C08397CB44}_is1) (Version: 6.9.2 - JTK software)
Kits Configuration Installer (HKLM-x32\...\{8867E8B9-1539-18F3-54AB-B1F1E641AC14}) (Version: 10.1.19041.1 - Microsoft) Hidden
K-Lite Codec Pack 17.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.1.0 - KLCP)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Media Renamer (HKLM\...\{869D06EA-2277-4588-9567-CDFE5C30A399}_is1) (Version: 2.1.1 - Benjamin Schirmer)
Microsoft .NET Host - 6.0.1 (x64) (HKLM\...\{4E77768C-3EF9-428C-BE54-EB82BB9426AB}) (Version: 48.7.32725 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.1 (x64) (HKLM\...\{50008A1B-8D93-4292-ABBB-B439EBC9F425}) (Version: 48.7.32725 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.1 (x64) (HKLM\...\{97CC09C6-5CD8-4C2B-B4C2-235BBFC713DB}) (Version: 48.7.32725 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.48 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.48 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-804952195-611626450-1021337796-1002\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.1 (x64) (HKLM\...\{E70047D4-1184-4BFA-84DA-40D9898F5564}) (Version: 48.7.32738 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.1 (x64) (HKLM-x32\...\{7037b699-7382-448c-89a7-4765961d2537}) (Version: 6.0.1.30718 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)
MusicBee 3.4.7805 (HKLM-x32\...\MusicBee) (Version: 3.4.7805 - Steven Mayall)
NVIDIA Graphics Driver 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Test Certificates (HKLM-x32\...\{DAF67B85-47AE-B13B-5C22-3A7149E46EB8}) (Version: 10.1.19041.1 - Microsoft) Hidden
Opera Stable 97.0.4719.83 (HKLM-x32\...\Opera 97.0.4719.83) (Version: 97.0.4719.83 - Opera Software)
Oracle VM VirtualBox 6.1.22 (HKLM\...\{573CC601-ED8D-450F-BE6F-A313DD77A4A0}) (Version: 6.1.22 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.122.52971 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.221.109.13 - Overwolf Ltd.)
Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
qBittorrent 4.4.5 (HKLM-x32\...\qBittorrent) (Version: 4.4.5 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8703.1 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Roblox Player for Simon (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Simon (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\roblox-studio) (Version: - Roblox Corporation)
simplewall (HKLM\...\simplewall) (Version: 3.6.7 - Henry++)
Sound Blaster Z-Series (HKLM-x32\...\{B2C527EF-4F7B-405A-ADB4-89B432891FF2}) (Version: 1.00.28 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
STCServ (HKLM\...\{A954D353-9DAF-4916-8E71-F1E959EBCD1E}) (Version: 3.0.0.1783 - Intel Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims鈩� 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.77.146.1030 - Electronic Arts Inc.)
Toolkit Documentation (HKLM-x32\...\{1978CD82-5D9C-F9BD-4FA3-17AFA5AE12B2}) (Version: 10.1.19041.1 - Microsoft) Hidden
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 114.1 - Ubisoft)
UEV Tools on amd64 (HKLM\...\{91339917-AF30-9EC7-D5AA-05919BB21DB9}) (Version: 10.1.19041.1 - Microsoft) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User State Migration Tool (HKLM-x32\...\{2AD80B8E-9213-FEA7-BA85-0EFED76D6F11}) (Version: 10.1.19041.1 - Microsoft) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.19.1.0 - Winaero)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{9346016b-6620-4841-8ea4-ad91d3ea02b5}) (Version: 10.1.19041.1 - Microsoft Corporation)
Windows Deployment Customizations (HKLM-x32\...\{2C4DAAC8-4CD1-9CFC-EBD1-E6A17C8199E4}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows Deployment Tools (HKLM-x32\...\{FE728B5E-3753-0F68-EC2D-66ABE2DEC1C1}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows IP Over USB (HKLM-x32\...\{31F47324-5E87-946A-78F5-55BB06744389}) (Version: 10.1.19041.1 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Windows System Image Manager on amd64 (HKLM-x32\...\{D5CE010A-37F1-27CD-D6A1-61FB1F206892}) (Version: 10.1.19041.1 - Microsoft) Hidden
WizTree v4.12 (HKLM\...\WizTree_is1) (Version: 4.12 - Antibody Software)
WPT Redistributables (HKLM-x32\...\{AE00264D-F001-A1D3-F3B8-74A9D2193E7F}) (Version: 10.1.19041.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{FD439F85-AD64-B3E5-9FC5-444AE8C8AF7B}) (Version: 10.1.19041.1 - Microsoft) Hidden

Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-04-20] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{06B74C04-E813-4DD4-A972-172836EFA8D6}\InprocServer32 -> C:\Users\Simon\AppData\Local\BraveSoftware\Update\1.3.361.133\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{06C9646D-2807-44C0-97D2-6DA0DB623DB4}\localserver32 -> C:\Users\Simon\AppData\Local\BraveSoftware\Brave-Browser\Application\112.1.50.119\notification_helper.exe (Brave Software, Inc. -> Brave Software, Inc.)
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{0C88CF8F-9090-44FB-BE92-A5392C63F44C}\InprocServer32 -> C:\Users\Simon\AppData\Local\BraveSoftware\Update\1.3.101.0\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{7A42A5E5-D3E4-48B4-BE81-71BEC9E2A662}\InprocServer32 -> C:\Users\Simon\AppData\Local\BraveSoftware\Update\1.3.361.111\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{97C5E76A-3749-4B57-BF8F-F14C50CBB82A}\InprocServer32 -> C:\Users\Simon\AppData\Local\BraveSoftware\Update\1.3.361.133\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
CustomCLSID: HKU\S-1-5-21-804952195-611626450-1021337796-1001_Classes\CLSID\{F6E536F5-F795-49CE-A85D-2DA66503C6F1}\InprocServer32 -> C:\Users\Simon\AppData\Local\BraveSoftware\Update\1.3.361.133\psuser_64.dll (Brave Software, Inc. -> BraveSoftware Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-02-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2011-02-18] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2011-02-18] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-01-26 08:47 - 2017-08-23 21:10 - 000025600 _____ () [File not signed] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2018-01-26 08:47 - 2011-08-23 10:34 - 000057344 _____ () [File not signed] C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2019-10-19 18:31 - 2019-10-19 18:31 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2018-01-26 08:47 - 2017-11-09 14:18 - 000734720 _____ (Hauppauge Computer Works) [File not signed] [File is in use] C:\Program Files (x86)\WinTV\WinTV8\NativeMMS.dll
2018-01-26 08:47 - 2015-11-24 18:29 - 000134656 _____ (Hauppauge Computer Works) [File not signed] C:\Program Files (x86)\WinTV\WinTV8\hcwtsfilter.ax
2018-01-26 08:47 - 2015-11-24 18:29 - 000113152 _____ (Hauppauge Computer Works) [File not signed] C:\Program Files (x86)\WinTV\WinTV8\HCWTSWriter.ax
2018-01-26 08:47 - 2017-09-15 06:50 - 000333312 _____ (Hauppauge Computer Works, Inc.) [File not signed] C:\Program Files (x86)\WinTV\WinTV8\PsiParser.ax
2018-01-28 19:00 - 2018-01-28 19:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-07-15 12:15 - 2018-07-15 12:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2018-07-15 12:15 - 2018-07-15 12:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 12:15 - 2018-07-15 12:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
2019-12-06 19:37 - 2019-12-06 19:37 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2015-12-24 12:40 - 2015-12-24 12:40 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2021-07-23 15:36 - 2021-07-23 15:56 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-07-23 15:36 - 2021-07-23 15:56 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-07-23 15:36 - 2021-07-23 15:56 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Simon\AppData\Local\Temp:$DATA鈥� [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-804952195-611626450-1021337796-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D020218-A2D586A4510&form=CONMHP&conlogo=CT3335800
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 23:16 - 2019-01-04 18:55 - 000000895 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-12-14 19:53 - 2018-12-14 19:53 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\QuickTime\QTSystem\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Pinnacle\Shared Files\;C:\Program Files (x86)\Pinnacle\Shared Files\Filter\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\dotnet\
HKU\S-1-5-21-804952195-611626450-1021337796-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Simon\Pictures\Erin's iPad\DCIM\100APPLE\IMG_0081.JPG
HKU\S-1-5-21-804952195-611626450-1021337796-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: chromoting => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 2
MSCONFIG\Services: RemoteAccess => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\StartupApproved\StartupFolder: => "HideVolumeOSD (Hide).lnk"
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{257F894B-AEC8-42F8-AE36-15DAEE29BD40}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{89E24DE8-2A38-4F26-8437-5439AD4F271D}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{AE950CB0-59EB-4899-A37D-F2DD9589C0EF}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{F2CA4432-4EBA-4C32-83EA-B2E293EBF854}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{064A1F4A-0C17-4AAC-9224-2459EC15FEF8}C:\users\simon\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\simon\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{4B922B2D-4AB6-456A-97E1-C35686CED6DF}C:\users\simon\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\simon\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{E8A7A802-FC91-4EF0-94DE-F375A82EF171}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{6CECFE26-D239-4EE3-9EDA-900D102C7636}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{8D5E56DA-5999-4434-8900-C44CA7368DE0}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{31DD3A10-284F-424C-874E-366B21EC4CBE}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4A47687E-D766-4E69-9A8F-6464EA6B72C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DF01A448-1336-4671-9A86-43BDBEAE4AA8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B1C0F890-6519-43BC-B16B-E0860070A558}] => (Allow) C:\Program Files\Opera\97.0.4719.63\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{2EA022A5-6EFC-4D0A-88C2-C3CDB93C1390}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed]
FirewallRules: [UDP Query User{60028930-12FE-4283-B347-A81EA1960B2E}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed]
FirewallRules: [TCP Query User{9D1C3B5A-CD9D-4F4C-A93F-BFFE9AF084EF}C:\users\simon\downloads\sdio_1.12.11.751\sdio_x64_r751.exe] => (Allow) C:\users\simon\downloads\sdio_1.12.11.751\sdio_x64_r751.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [UDP Query User{FDCE9737-D57A-4277-93F5-445C137F43AE}C:\users\simon\downloads\sdio_1.12.11.751\sdio_x64_r751.exe] => (Allow) C:\users\simon\downloads\sdio_1.12.11.751\sdio_x64_r751.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [{7EDA07ED-0BA6-4000-9653-8336D07E5682}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.48\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C08FEA84-FB36-4D07-B32A-4B2A331CDAD8}] => (Allow) C:\Program Files (x86)\Overwolf\0.221.109.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{B91EE11E-D9B8-4CF8-9957-6CA41D12636E}] => (Allow) C:\Program Files (x86)\Overwolf\0.221.109.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{FB5A4712-37EC-4743-9ADB-85769942A2DC}] => (Allow) C:\Program Files\Opera\97.0.4719.83\opera.exe (Opera Norway AS -> Opera Software)

==================== Restore Points =========================

01-04-2023 20:59:43 Scheduled Checkpoint
10-04-2023 23:33:47 Scheduled Checkpoint
14-04-2023 12:30:20 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/22/2023 08:55:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 18.4.2023.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 24dc

Start Time: 01d974a880c78d6c

Termination Time: 4294967295

Application Path: C:\Users\Simon\Desktop\FRST64.exe

Report Id: 5f2c8177-2217-452d-894d-5b8fcda32463

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (04/17/2023 10:24:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Elements TV Series (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/17/2023 10:24:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on TOSH 1TB (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/17/2023 10:24:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on WD Green 1TB (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/14/2023 12:30:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/10/2023 11:33:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/10/2023 10:43:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Elements TV Series (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/10/2023 10:43:10 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on TOSH 1TB (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

System errors:
=============
Error: (04/22/2023 09:10:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Common Connectivity Framework service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/22/2023 09:10:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Common Connectivity Framework service to connect.

Error: (04/22/2023 09:10:21 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (04/22/2023 09:08:35 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (04/22/2023 09:08:34 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (04/22/2023 09:08:19 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (04/22/2023 09:08:16 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 32151874566

Error: (04/22/2023 09:07:59 AM) (Source: DCOM) (EventID: 10005) (User: LOUNGE)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Windows Defender:
================
Date: 2023-04-22 07:21:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-04-22 07:00:52
Description:
C:\Windows\explorer.exe has been blocked from modifying %userprofile%\Music\ by Controlled Folder Access.
Detection time: 2023-04-21T21:30:52.651Z
Path: %userprofile%\Music\
Process Name: C:\Windows\explorer.exe
Security intelligence Version: 1.387.1544.0
Engine Version: 1.1.20200.4
Product Version: 4.18.2303.8

Date: 2023-04-22 06:55:40
Description:
C:\Users\Simon\AppData\Local\BraveSoftware\Brave-Browser\Application\brave.exe has been blocked from modifying %userprofile%\Favorites by Controlled Folder Access.
Detection time: 2023-04-21T21:25:40.751Z
Path: %userprofile%\Favorites
Process Name: C:\Users\Simon\AppData\Local\BraveSoftware\Brave-Browser\Application\brave.exe
Security intelligence Version: 1.387.1544.0
Engine Version: 1.1.20200.4
Product Version: 4.18.2303.8

Date: 2023-04-22 06:51:50
Description:
C:\Program Files\Opera\opera.exe has been blocked from modifying %userprofile%\Favorites by Controlled Folder Access.
Detection time: 2023-04-21T21:21:50.008Z
Path: %userprofile%\Favorites
Process Name: C:\Program Files\Opera\opera.exe
Security intelligence Version: 1.387.1544.0
Engine Version: 1.1.20200.4
Product Version: 4.18.2303.8

Date: 2023-04-22 06:50:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
锘縀vent[0]:

Date: 2023-04-22 09:06:17
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-04-20 19:33:50
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-04-14 01:54:24
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.387.870.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20200.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-03-10 09:11:37
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.1289.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F1 11/22/2016
Motherboard: Gigabyte Technology Co., Ltd. H270-HD3-CF
Processor: Intel® Core™ i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 21%
Total physical RAM: 16342.44 MB
Available physical RAM: 12809.11 MB
Total Virtual: 18774.44 MB
Available Virtual: 14483.6 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:254.65 GB) (Free:135.38 GB) (Model: Crucial_CT275MX300SSD1) NTFS
Drive d: (WD Green 1TB) (Fixed) (Total:931.51 GB) (Free:127.13 GB) (Model: WDC WD10EAVS-00D7B1) NTFS
Drive e: (TOSH 1TB) (Fixed) (Total:931.39 GB) (Free:74.35 GB) (Model: TOSHIBA DT01ACA100) NTFS

\\?\Volume{16499a5b-8c5a-4880-a1dc-1b521c6773c2}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{84e6df6a-486a-47a0-9755-5a88c45e8697}\ () (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
\\?\Volume{fe6a03a6-07cf-4179-8066-909b5caeaa5c}\ (SYSTEM) (Fixed) (Total:0.44 GB) (Free:0.41 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 256.2 GB) (Disk ID: 86187D38)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: EE7A450C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
62,343 posts
OFFLINE

Gender:Male
Location:California
Local time:04:36 PM

Posted 26 April 2023 - 08:10 AM

Greetings and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please run a new FRST scan and copy/paste both reports in your reply.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#3 Siborg

Topic Starter

Members
20 posts
OFFLINE

Posted 26 April 2023 - 04:02 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2023
Ran by Admin (administrator) on LOUNGE (Gigabyte Technology Co., Ltd. H270-HD3) (27-04-2023 06:16:54)
Running from C:\Users\Admin\Desktop\FRST64.exe
Loaded Profiles: Admin
Platform: Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed] C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\assistant\browser_assistant.exe <2>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc) [File not signed] [File is in use] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(services.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\upfc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(svchost.exe ->) (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc) [File not signed] C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation) [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3004440 2020-05-19] (Opera Software AS -> Opera Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\Run: [BraveSoftware Update] => C:\Users\Simon\AppData\Local\BraveSoftware\Update\1.3.361.133\BraveUpdateCore.exe [222592 2022-08-15] (Brave Software, Inc. -> BraveSoftware Inc.)
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4362600 2023-03-25] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\...\Print\Monitors\EPSON XP-640 Series 64MonitorBE: C:\Windows\system32\E_YLMBRHE.DLL [182784 2015-12-09] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2015-12-24] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-12-05] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2018-01-26]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2020-06-28]
ShortcutTarget: JoyToKey.lnk -> C:\Users\Admin\Downloads\JoyToKey_en\JoyToKey.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2018-01-26]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed]
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2021-01-29]
ShortcutTarget: JoyToKey.lnk -> C:\Program Files (x86)\JoyToKey\JoyToKey.exe () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01ED0359-4664-47EF-9429-75A3FE6328E6} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-804952195-611626450-1021337796-1001Core => C:\Users\Simon\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File)
Task: {3ABF9E55-9B26-4444-B1DC-DADDEADC68F2} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-804952195-611626450-1021337796-1001UA => C:\Users\Simon\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4A10D318-84C3-4AB4-B4A0-A78791A75785} - System32\Tasks\Opera scheduled Autoupdate 1527664485 => C:\Program Files\Opera\launcher.exe [2686880 2023-04-18] (Opera Norway AS -> Opera Software)
Task: {4FA7D905-CF2E-4C4C-B9FB-10792D863066} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2022-06-26] () [File not signed]
Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File)
Task: {8D6DA520-4F85-4ED0-87E7-6D86685C3C86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E88A047-2887-4FB2-B227-3C7D083E7671} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid c5fd4c6a-5a47-4e81-9dcc-e68199d1a0f9
Task: {8F817DAF-6A0C-4486-BA96-AC05435686A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {A0DEBC97-A4F0-421B-B25F-FF3658B7AC7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A5E5BA98-495A-4A28-AC82-96D2146FAFC9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2638856 2023-04-13] (Overwolf Ltd -> Overwolf LTD)
Task: {a76d9b75-2552-4930-84aa-e3e5c1f0455a} - no filepath
Task: {B5C18A46-5FC9-414A-B6B6-40CB4D169CE3} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-804952195-611626450-1021337796-1001UA1d7e62f78c1d018 => C:\Users\Simon\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File)
Task: {C7A3A07D-27B8-49C3-A7EE-73A27160F362} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation) [File not signed]
Task: {CF5BDA1E-549B-43EF-99D8-CA0E4FE2303F} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid de8faacc-4284-4069-8f1c-f446c461b168
Task: {D8411D9F-4175-4606-9E79-6F4A5FEF4B36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DBF02E94-1D16-494B-9970-B9D4BB1DB67A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DC635195-1C07-45BB-9CB4-2DD2EAEFF691} - System32\Tasks\EPSON XP-640 Series Update {2349EA23-7492-4E6A-A8D6-DDFE8529B22C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRHE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {DD378646-A8BC-411E-A7B0-6A1EC3560D07} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-804952195-611626450-1021337796-1001Core1d7e62f78bec4f0 => C:\Users\Simon\AppData\Local\BraveSoftware\Update\BraveUpdate.exe [162400 2021-03-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E791FD7B-288D-4DEF-910D-AB396A899998} - System32\Tasks\Opera scheduled assistant Autoupdate 1547476640 => C:\Program Files\Opera\launcher.exe [2686880 2023-04-18] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON XP-640 Series Update {2349EA23-7492-4E6A-A8D6-DDFE8529B22C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRHE.EXE:/EXE:{2349EA23-7492-4E6A-A8D6-DDFE8529B22C} /F:UpdateWORKGROUP\DESKTOP-GJD8DQO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1ad97ca0-cfea-449d-a133-8303749731e0}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{c24ef2d8-3263-4595-abb3-28dc3122cdbb}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Edge:
=======
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-25]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-10-30] (BattlEye Innovations e.K. -> )
S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\85.0.4183.6\remoting_host.exe [72176 2020-06-28] (Google LLC -> Google Inc.)
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2018-01-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [133080 2021-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2016-01-13] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 GamingServices; C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\GamingServices.exe [75256 2023-04-19] (Microsoft Corporation -> )
R2 GamingServicesNet; C:\Program Files\WindowsApps\Microsoft.GamingServices_11.76.5001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe [75256 2023-04-19] (Microsoft Corporation -> )
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586536 2017-12-12] (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc) [File not signed] [File is in use]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14280 2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2638856 2023-04-13] (Overwolf Ltd -> Overwolf LTD)
S2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel® iCDG WINS WSS CCF -> Intel Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746688 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1090416 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
R3 HCW85BDA; C:\WINDOWS\system32\drivers\HCW85BDA.sys [2265832 2017-06-19] (Hauppauge Computer Works Inc. -> Hauppauge Computer Works)
R3 MarvinBus; C:\WINDOWS\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Pinnacle Systems GmbH)
R3 MpKsl24dddc68; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{455C2155-5A6A-45A7-A3C0-6759526E2CF4}\MpKslDrv.sys [211208 2023-04-27] (Microsoft Windows -> Microsoft Corporation)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> )
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-05-16] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-02-03] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239616 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [249536 2021-04-28] (Oracle Corporation -> Oracle Corporation)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [497920 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-04-22 09:10 - 2023-04-22 09:11 - 000047313 _____ C:\Users\Admin\Desktop\Addition.txt
2023-04-22 09:09 - 2023-04-27 06:17 - 000021645 _____ C:\Users\Admin\Desktop\FRST.txt
2023-04-22 09:09 - 2023-04-21 16:03 - 002381312 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2023-04-22 08:55 - 2023-04-27 06:17 - 000000000 ____D C:\FRST
2023-04-20 18:23 - 2023-04-20 18:23 - 000000000 ____D C:\Users\Admin\AppData\Local\Publishers
2023-04-20 18:22 - 2023-04-20 18:22 - 000000000 ____D C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder
2023-04-20 05:28 - 2023-04-20 05:43 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2023-04-18 22:09 - 2023-04-18 22:09 - 000001586 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Hybrid Sleep.lnk
2023-04-16 21:22 - 2023-04-16 21:25 - 000000000 ____D C:\Users\Simon\Downloads\SDIO_1.12.11.751
2023-04-16 21:22 - 2023-04-16 21:22 - 006475179 _____ C:\Users\Simon\Downloads\SDIO_1.12.11.751.zip
2023-04-16 10:50 - 2023-04-16 10:58 - 000000000 ____D C:\Users\Admin\AppData\Roaming\WizTree3
2023-04-15 23:44 - 2023-04-15 23:44 - 1008985143 _____ C:\WINDOWS\MEMORY.DMP
2023-04-15 23:44 - 2023-04-15 23:44 - 001841828 _____ C:\WINDOWS\Minidump\041523-16953-01.dmp
2023-04-15 23:44 - 2023-04-15 23:44 - 000000000 ____D C:\WINDOWS\Minidump
2023-04-14 12:30 - 2023-04-14 12:30 - 000000000 ___HD C:\$WinREAgent
2023-04-12 07:04 - 2023-04-12 07:04 - 000000072 _____ C:\Users\Simon\Desktop\Witherstorm Lvl 7.txt
2023-04-10 19:32 - 2023-04-10 19:32 - 000357526 _____ C:\Users\Simon\Downloads\bookmarks_4_10_23.html
2023-04-09 18:52 - 2023-04-09 18:52 - 000000000 ____D C:\Users\Simon\Downloads\Steam
2023-04-05 18:22 - 2023-04-05 18:29 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\MMC
2023-04-02 21:20 - 2023-04-02 21:21 - 067444475 _____ C:\Users\Simon\Downloads\getvid (12).mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-04-27 06:16 - 2021-07-17 09:09 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-27 06:16 - 2021-04-01 20:24 - 000000000 ____D C:\Users\Simon\AppData\Local\ClassicShell
2023-04-27 06:16 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-27 06:15 - 2021-04-18 20:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-04-27 06:15 - 2020-09-12 00:39 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-27 06:15 - 2019-12-07 18:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-27 06:15 - 2018-03-02 21:12 - 000000000 ____D C:\ProgramData\Origin
2023-04-27 06:15 - 2018-01-26 08:26 - 000000000 ____D C:\ProgramData\Hauppauge
2023-04-26 17:35 - 2019-12-07 18:33 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2023-04-26 17:32 - 2018-05-30 16:42 - 000000000 ____D C:\Program Files\Opera
2023-04-23 10:12 - 2021-04-18 20:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-04-22 09:14 - 2023-03-25 17:36 - 000000000 ____D C:\Users\Admin\AppData\Local\ClassicShell
2023-04-22 09:13 - 2021-04-18 20:56 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-04-22 09:13 - 2019-12-07 18:43 - 000000000 ____D C:\WINDOWS\INF
2023-04-22 09:06 - 2021-02-13 21:19 - 001820326 _____ C:\WINDOWS\ntbtlog.txt
2023-04-20 18:23 - 2023-03-25 17:35 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2023-04-20 06:39 - 2020-01-14 21:29 - 000000918 _____ C:\Users\Simon\Desktop\SpongeBob SquarePants - Shortcut.lnk
2023-04-19 23:27 - 2021-04-18 20:54 - 000003940 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1527664485
2023-04-19 23:27 - 2018-05-30 16:44 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2023-04-19 14:36 - 2023-01-02 06:34 - 000000000 ____D C:\Program Files (x86)\Overwolf
2023-04-19 12:11 - 2022-12-28 11:23 - 002790904 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000484856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000247248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000202232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000165368 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2023-04-19 12:11 - 2022-12-28 11:23 - 000079352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2023-04-19 12:11 - 2022-12-28 11:23 - 000062968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2023-04-19 12:11 - 2019-12-07 18:44 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-17 05:34 - 2020-08-31 00:47 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-04-16 09:11 - 2021-04-18 20:51 - 000000000 ____D C:\Users\Simon
2023-04-16 06:55 - 2023-03-25 17:35 - 000000000 ____D C:\Users\Admin
2023-04-15 15:02 - 2021-03-07 06:54 - 000002663 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-04-15 03:52 - 2021-04-18 20:49 - 000345168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-15 03:51 - 2019-12-07 18:44 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-14 12:36 - 2019-12-07 18:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-14 12:34 - 2021-04-18 20:49 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-04-14 09:35 - 2018-03-10 10:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-04-14 09:25 - 2018-03-10 10:23 - 156112424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-04-12 15:43 - 2019-10-05 01:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-04-12 07:00 - 2023-01-02 06:34 - 000002324 _____ C:\Users\Simon\Desktop\CurseForge.lnk
2023-04-12 07:00 - 2023-01-02 06:33 - 000000000 ____D C:\Users\Simon\AppData\Local\Overwolf
2023-04-11 15:38 - 2018-08-12 10:40 - 000000000 ____D C:\Users\Simon\AppData\Roaming\vlc
2023-04-11 15:37 - 2023-03-16 11:22 - 000000000 ____D C:\Program Files\simplewall
2023-04-10 20:35 - 2021-06-14 10:11 - 000000000 ____D C:\Program Files (x86)\Steam
2023-04-07 19:40 - 2022-12-29 08:54 - 000006449 _____ C:\Users\Simon\Downloads\JoyToKey.7z
2023-04-07 19:40 - 2020-03-22 20:45 - 000000000 ____D C:\Users\Simon\Documents\JoyToKey
2023-04-05 07:28 - 2021-04-18 20:54 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-05 07:28 - 2021-04-18 20:54 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-04-04 07:16 - 2018-08-12 10:41 - 000000000 ____D C:\Users\Simon\AppData\Roaming\dvdcss
2023-04-03 17:47 - 2022-07-01 17:09 - 000001146 _____ C:\Users\Public\Desktop\VLC media player.lnk
2023-03-30 15:25 - 2021-11-22 15:31 - 000000000 ____D C:\Users\Simon\AppData\Roaming\MusicBee

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2023
Ran by Admin (27-04-2023 06:18:20)
Running from C:\Users\Admin\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) (2021-04-18 11:24:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-804952195-611626450-1021337796-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-804952195-611626450-1021337796-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-804952195-611626450-1021337796-503 - Limited - Disabled)
Guest (S-1-5-21-804952195-611626450-1021337796-501 - Limited - Disabled)
Simon (S-1-5-21-804952195-611626450-1021337796-1001 - Limited - Enabled) => C:\Users\Simon
WDAGUtilityAccount (S-1-5-21-804952195-611626450-1021337796-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe DNG Codec (HKLM-x32\...\Adobe DNG Codec) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603 (HKLM-x32\...\Allok 3GP PSP MP4 iPod Video Converter_is1) (Version: - Allok Soft Inc)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 5.2 - Power Software Ltd)
ApowerMirror V1.5.1.8 (HKLM-x32\...\{a9482532-9c34-478c-80c3-85bdccbb981f}_is1) (Version: 1.5.1.8 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\BraveSoftware Brave-Browser) (Version: 112.1.50.119 - Brave Software Inc)
Calculator (HKLM\...\{FC211C17-798B-4E74-BE2D-D179B0FC316A}_is1) (Version: 10.0.14393.0 - )
Chrome Remote Desktop Host (HKLM-x32\...\{044C9627-4253-4828-A3CB-6EF8CEC04963}) (Version: 85.0.4183.6 - Google Inc.)
Citra (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\{7b6ed24a-4045-4dcf-b32d-890cba952e99}) (Version: 1.0.0 - Citra Team)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
CurseForge (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.223.1.9730 - Overwolf app)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DupeTrasher 1.2 (HKLM-x32\...\DupeTrasher_is1) (Version: - Assembly Developers)
EasiestSoft Movie Editor 5.1.0 (HKLM-x32\...\{8BB65DEC-BE2C-EB66-7595-ADAE2D710380}_is1) (Version: 5.1.0 - EasiestSoft International LLC.)
Easy Photo Scan (HKLM-x32\...\{250F80AF-F5EA-4E42-BB64-5D8014C7C538}) (Version: 1.00.0007 - Seiko Epson Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.42.00 - SEIKO EPSON CORPORATION)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.01 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{82B94253-3FBC-4779-B3BF-C690AD54AFDB}) (Version: 4.4.0 - SEIKO EPSON CORPORATION)
EPSON XP-640 Series Printer Uninstall (HKLM\...\EPSON XP-640 Series) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{0CB4EF8E-EE5B-49F6-8376-A702C222D6DA}) (Version: 3.1.3.0 - SEIKO EPSON Corporation)
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Free Virtual Keyboard (HKLM-x32\...\{CA4F9519-1A83-4907-8651-F17073A0E1CE}_is1) (Version: 5.0.0.0 - Comfort Software Group)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GreatFamily 2.2.2 (HKLM-x32\...\GreatFamily) (Version: - )
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
Hauppauge WinTV 8.5 (HKLM-x32\...\Hauppauge WinTV 8.5) (Version: v8.5.35346 (CD 5.8) - Hauppauge Computer Works)
Imaging And Configuration Designer (HKLM-x32\...\{8072F2F3-C269-A639-4626-9209FFF6DEDB}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{2852AE0C-1EEB-72F9-1C5D-FACF6C9304DE}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{30C24881-949F-D09C-5376-9F0DC6B412CD}) (Version: 10.1.19041.1 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® CCF Manager (HKLM\...\{DFD2C0B0-664C-4383-B348-2F531462EBAD}) (Version: 3.0.0.1172 - Intel Corporation) Hidden
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java™ SE Development Kit 17.0.5 (64-bit) (HKLM\...\{523C28BF-1BB4-5EB4-AD61-2D035E64A315}) (Version: 17.0.5.0 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JoyToKey version 6.9.2 (HKLM-x32\...\{EBF21C82-423E-49FD-BCBD-88C08397CB44}_is1) (Version: 6.9.2 - JTK software)
Kits Configuration Installer (HKLM-x32\...\{8867E8B9-1539-18F3-54AB-B1F1E641AC14}) (Version: 10.1.19041.1 - Microsoft) Hidden
K-Lite Codec Pack 17.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.1.0 - KLCP)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Media Renamer (HKLM\...\{869D06EA-2277-4588-9567-CDFE5C30A399}_is1) (Version: 2.1.1 - Benjamin Schirmer)
Microsoft .NET Host - 6.0.1 (x64) (HKLM\...\{4E77768C-3EF9-428C-BE54-EB82BB9426AB}) (Version: 48.7.32725 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.1 (x64) (HKLM\...\{50008A1B-8D93-4292-ABBB-B439EBC9F425}) (Version: 48.7.32725 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.1 (x64) (HKLM\...\{97CC09C6-5CD8-4C2B-B4C2-235BBFC713DB}) (Version: 48.7.32725 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.48 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.48 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-804952195-611626450-1021337796-1002\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.1 (x64) (HKLM\...\{E70047D4-1184-4BFA-84DA-40D9898F5564}) (Version: 48.7.32738 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.1 (x64) (HKLM-x32\...\{7037b699-7382-448c-89a7-4765961d2537}) (Version: 6.0.1.30718 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)
MusicBee 3.4.7805 (HKLM-x32\...\MusicBee) (Version: 3.4.7805 - Steven Mayall)
NVIDIA Graphics Driver 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Test Certificates (HKLM-x32\...\{DAF67B85-47AE-B13B-5C22-3A7149E46EB8}) (Version: 10.1.19041.1 - Microsoft) Hidden
Opera Stable 97.0.4719.83 (HKLM-x32\...\Opera 97.0.4719.83) (Version: 97.0.4719.83 - Opera Software)
Oracle VM VirtualBox 6.1.22 (HKLM\...\{573CC601-ED8D-450F-BE6F-A313DD77A4A0}) (Version: 6.1.22 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.122.52971 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.221.109.13 - Overwolf Ltd.)
Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - )
qBittorrent 4.4.5 (HKLM-x32\...\qBittorrent) (Version: 4.4.5 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8703.1 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
Roblox Player for Simon (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Simon (HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\roblox-studio) (Version: - Roblox Corporation)
simplewall (HKLM\...\simplewall) (Version: 3.6.7 - Henry++)
Sound Blaster Z-Series (HKLM-x32\...\{B2C527EF-4F7B-405A-ADB4-89B432891FF2}) (Version: 1.00.28 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
STCServ (HKLM\...\{A954D353-9DAF-4916-8E71-F1E959EBCD1E}) (Version: 3.0.0.1783 - Intel Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.77.146.1030 - Electronic Arts Inc.)
Toolkit Documentation (HKLM-x32\...\{1978CD82-5D9C-F9BD-4FA3-17AFA5AE12B2}) (Version: 10.1.19041.1 - Microsoft) Hidden
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 114.1 - Ubisoft)
UEV Tools on amd64 (HKLM\...\{91339917-AF30-9EC7-D5AA-05919BB21DB9}) (Version: 10.1.19041.1 - Microsoft) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User State Migration Tool (HKLM-x32\...\{2AD80B8E-9213-FEA7-BA85-0EFED76D6F11}) (Version: 10.1.19041.1 - Microsoft) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.19.1.0 - Winaero)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{9346016b-6620-4841-8ea4-ad91d3ea02b5}) (Version: 10.1.19041.1 - Microsoft Corporation)
Windows Deployment Customizations (HKLM-x32\...\{2C4DAAC8-4CD1-9CFC-EBD1-E6A17C8199E4}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows Deployment Tools (HKLM-x32\...\{FE728B5E-3753-0F68-EC2D-66ABE2DEC1C1}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows IP Over USB (HKLM-x32\...\{31F47324-5E87-946A-78F5-55BB06744389}) (Version: 10.1.19041.1 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Windows System Image Manager on amd64 (HKLM-x32\...\{D5CE010A-37F1-27CD-D6A1-61FB1F206892}) (Version: 10.1.19041.1 - Microsoft) Hidden
WizTree v4.12 (HKLM\...\WizTree_is1) (Version: 4.12 - Antibody Software)
WPT Redistributables (HKLM-x32\...\{AE00264D-F001-A1D3-F3B8-74A9D2193E7F}) (Version: 10.1.19041.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{FD439F85-AD64-B3E5-9FC5-444AE8C8AF7B}) (Version: 10.1.19041.1 - Microsoft) Hidden

Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-04-20] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-02-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2011-02-18] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2011-02-18] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-01-26 08:47 - 2017-08-23 21:10 - 000025600 _____ () [File not signed] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2018-01-26 08:47 - 2011-08-23 10:34 - 000057344 _____ () [File not signed] C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2019-10-19 18:31 - 2019-10-19 18:31 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2018-01-26 08:47 - 2017-11-09 14:18 - 000734720 _____ (Hauppauge Computer Works) [File not signed] [File is in use] C:\Program Files (x86)\WinTV\WinTV8\NativeMMS.dll
2018-01-26 08:47 - 2015-11-24 18:29 - 000134656 _____ (Hauppauge Computer Works) [File not signed] C:\Program Files (x86)\WinTV\WinTV8\hcwtsfilter.ax
2018-01-26 08:47 - 2015-11-24 18:29 - 000113152 _____ (Hauppauge Computer Works) [File not signed] C:\Program Files (x86)\WinTV\WinTV8\HCWTSWriter.ax
2018-01-26 08:47 - 2017-09-15 06:50 - 000333312 _____ (Hauppauge Computer Works, Inc.) [File not signed] C:\Program Files (x86)\WinTV\WinTV8\PsiParser.ax
2018-01-28 19:00 - 2018-01-28 19:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-07-15 12:15 - 2018-07-15 12:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2018-07-15 12:15 - 2018-07-15 12:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 12:15 - 2018-07-15 12:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
2019-12-06 19:37 - 2019-12-06 19:37 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2015-12-24 12:40 - 2015-12-24 12:40 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2021-07-23 15:36 - 2021-07-23 15:56 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-07-23 15:36 - 2021-07-23 15:56 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-07-23 15:36 - 2021-07-23 15:56 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2023-03-15 11:07 - 2021-07-23 15:56 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Simon\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-804952195-611626450-1021337796-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D020218-A2D586A4510&form=CONMHP&conlogo=CT3335800
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-26] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 23:16 - 2019-01-04 18:55 - 000000895 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-12-14 19:53 - 2018-12-14 19:53 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\QuickTime\QTSystem\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Pinnacle\Shared Files\;C:\Program Files (x86)\Pinnacle\Shared Files\Filter\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\dotnet\
HKU\S-1-5-21-804952195-611626450-1021337796-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Simon\Pictures\Erin's iPad\DCIM\100APPLE\IMG_0081.JPG
HKU\S-1-5-21-804952195-611626450-1021337796-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: chromoting => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 2
MSCONFIG\Services: RemoteAccess => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\StartupApproved\StartupFolder: => "HideVolumeOSD (Hide).lnk"
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-804952195-611626450-1021337796-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{257F894B-AEC8-42F8-AE36-15DAEE29BD40}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{89E24DE8-2A38-4F26-8437-5439AD4F271D}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{AE950CB0-59EB-4899-A37D-F2DD9589C0EF}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{F2CA4432-4EBA-4C32-83EA-B2E293EBF854}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{064A1F4A-0C17-4AAC-9224-2459EC15FEF8}C:\users\simon\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\simon\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{4B922B2D-4AB6-456A-97E1-C35686CED6DF}C:\users\simon\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\simon\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{E8A7A802-FC91-4EF0-94DE-F375A82EF171}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{6CECFE26-D239-4EE3-9EDA-900D102C7636}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{8D5E56DA-5999-4434-8900-C44CA7368DE0}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{31DD3A10-284F-424C-874E-366B21EC4CBE}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4A47687E-D766-4E69-9A8F-6464EA6B72C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DF01A448-1336-4671-9A86-43BDBEAE4AA8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B1C0F890-6519-43BC-B16B-E0860070A558}] => (Allow) C:\Program Files\Opera\97.0.4719.63\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{2EA022A5-6EFC-4D0A-88C2-C3CDB93C1390}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed]
FirewallRules: [UDP Query User{60028930-12FE-4283-B347-A81EA1960B2E}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe (Hauppauge Computer Works Inc. -> Hauppauge Computer Works, Inc.) [File not signed]
FirewallRules: [TCP Query User{9D1C3B5A-CD9D-4F4C-A93F-BFFE9AF084EF}C:\users\simon\downloads\sdio_1.12.11.751\sdio_x64_r751.exe] => (Allow) C:\users\simon\downloads\sdio_1.12.11.751\sdio_x64_r751.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [UDP Query User{FDCE9737-D57A-4277-93F5-445C137F43AE}C:\users\simon\downloads\sdio_1.12.11.751\sdio_x64_r751.exe] => (Allow) C:\users\simon\downloads\sdio_1.12.11.751\sdio_x64_r751.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [{7EDA07ED-0BA6-4000-9653-8336D07E5682}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.48\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C08FEA84-FB36-4D07-B32A-4B2A331CDAD8}] => (Allow) C:\Program Files (x86)\Overwolf\0.221.109.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{B91EE11E-D9B8-4CF8-9957-6CA41D12636E}] => (Allow) C:\Program Files (x86)\Overwolf\0.221.109.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{FB5A4712-37EC-4743-9ADB-85769942A2DC}] => (Allow) C:\Program Files\Opera\97.0.4719.83\opera.exe (Opera Norway AS -> Opera Software)

==================== Restore Points =========================

01-04-2023 20:59:43 Scheduled Checkpoint
10-04-2023 23:33:47 Scheduled Checkpoint
14-04-2023 12:30:20 Windows Modules Installer
23-04-2023 08:11:38 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/23/2023 08:11:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/22/2023 08:55:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 18.4.2023.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 24dc

Start Time: 01d974a880c78d6c

Termination Time: 4294967295

Application Path: C:\Users\Simon\Desktop\FRST64.exe

Report Id: 5f2c8177-2217-452d-894d-5b8fcda32463

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (04/17/2023 10:24:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Elements TV Series (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/17/2023 10:24:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on TOSH 1TB (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/17/2023 10:24:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on WD Green 1TB (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/14/2023 12:30:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/10/2023 11:33:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/10/2023 10:43:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Elements TV Series (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

System errors:
=============
Error: (04/27/2023 06:17:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Common Connectivity Framework service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/27/2023 06:17:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Common Connectivity Framework service to connect.

Error: (04/27/2023 06:17:30 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (04/27/2023 06:16:02 AM) (Source: DCOM) (EventID: 10010) (User: LOUNGE)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (04/27/2023 06:16:02 AM) (Source: DCOM) (EventID: 10010) (User: LOUNGE)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (04/27/2023 06:15:44 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (04/27/2023 06:15:43 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Error: (04/27/2023 06:15:28 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.

Windows Defender:
================
Date: 2023-04-23 08:11:48
Description:
Controlled Folder Access blocked C:\Windows\System32\SrTasks.exe from making changes to memory.
Detection time: 2023-04-22T22:41:48.001Z
Path: \Device\HarddiskVolume3
Process Name: C:\Windows\System32\SrTasks.exe
Security intelligence Version: 1.387.1544.0
Engine Version: 1.1.20200.4
Product Version: 4.18.2303.8

Date: 2023-04-22 09:16:12
Description:
Controlled Folder Access blocked C:\Windows\explorer.exe from making changes to memory.
Detection time: 2023-04-21T23:46:12.692Z
Path: \Device\HarddiskVolume13
Process Name: C:\Windows\explorer.exe
Security intelligence Version: 1.387.1544.0
Engine Version: 1.1.20200.4
Product Version: 4.18.2303.8

Date: 2023-04-22 07:21:41
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-04-22 07:00:52
Description:
C:\Windows\explorer.exe has been blocked from modifying %userprofile%\Music\ by Controlled Folder Access.
Detection time: 2023-04-21T21:30:52.651Z
Path: %userprofile%\Music\
Process Name: C:\Windows\explorer.exe
Security intelligence Version: 1.387.1544.0
Engine Version: 1.1.20200.4
Product Version: 4.18.2303.8

Date: 2023-04-22 06:55:40
Description:
C:\Users\Simon\AppData\Local\BraveSoftware\Brave-Browser\Application\brave.exe has been blocked from modifying %userprofile%\Favorites by Controlled Folder Access.
Detection time: 2023-04-21T21:25:40.751Z
Path: %userprofile%\Favorites
Process Name: C:\Users\Simon\AppData\Local\BraveSoftware\Brave-Browser\Application\brave.exe
Security intelligence Version: 1.387.1544.0
Engine Version: 1.1.20200.4
Product Version: 4.18.2303.8
Event[0]:

Date: 2023-04-22 09:06:17
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-04-20 19:33:50
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2023-04-14 01:54:24
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.387.870.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20200.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-03-10 09:11:37
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.383.1289.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20000.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F1 11/22/2016
Motherboard: Gigabyte Technology Co., Ltd. H270-HD3-CF
Processor: Intel® Core™ i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 18%
Total physical RAM: 16342.44 MB
Available physical RAM: 13297.79 MB
Total Virtual: 18774.44 MB
Available Virtual: 15377.14 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:254.65 GB) (Free:134.8 GB) (Model: Crucial_CT275MX300SSD1) NTFS
Drive d: (WD Green 1TB) (Fixed) (Total:931.51 GB) (Free:127.13 GB) (Model: WDC WD10EAVS-00D7B1) NTFS
Drive e: (TOSH 1TB) (Fixed) (Total:931.39 GB) (Free:74.35 GB) (Model: TOSHIBA DT01ACA100) NTFS

\\?\Volume{16499a5b-8c5a-4880-a1dc-1b521c6773c2}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{84e6df6a-486a-47a0-9755-5a88c45e8697}\ () (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
\\?\Volume{fe6a03a6-07cf-4179-8066-909b5caeaa5c}\ (SYSTEM) (Fixed) (Total:0.44 GB) (Free:0.41 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 256.2 GB) (Disk ID: 86187D38)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: EE7A450C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

#4 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
62,343 posts
OFFLINE

Gender:Male
Location:California
Local time:04:36 PM

Posted 26 April 2023 - 07:15 PM

Thank you for your patience.

Please consider and do this.

===================================================

Uninstalling Adobe Flash Player

--------------------

Note: Adobe Flash Player is no longer supported and is a security risk.

Download Adobe Flash Player Uninstaller and save it to your Desktop
Right click on the icon and select Run as administrator
Click Uninstall then Done to reboot your computer

===================================================

Java Out of Date

--------------------

Java is known to have ongoing security concerns. If you know you don't need it, or even if you are unsure, I would recommend uninstalling it. If it is necessary in the future you will be alerted for the need to download it.

If you would rather have the program on your system complete the Clean Install of Java Using JavaRa instructions here.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST will do it for you

Start::
CreateRestorePoint:
CloseProcesses:
Powershell: Get-MpThreatDetection | Out-File "C:\Users\Admin\Desktop\WDHistory.txt"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2020-06-28]
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2021-01-29]
Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File) 
Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File) 
Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File) 
Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File) 
Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File) 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File 
ShortcutTarget: JoyToKey.lnk -> C:\Users\Admin\Downloads\JoyToKey_en\JoyToKey.exe (No File) 
Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File) 
Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File) 
Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File) 
Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File) 
Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File) 
Task: {a76d9b75-2552-4930-84aa-e3e5c1f0455a} - no filepath 
AlternateDataStreams: C:\Users\Simon\AppData\Local\Temp:$DATA [16] 
zip: C:\WINDOWS\Minidump
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Upon completion a WDHistory.txt file will be placed on the Desktop. Attach the file to your reply.
The tool will create a zipped folder on your Desktop with today's date, example: 02.17.2022_13.24.50.zip. Please upload the file here.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Flash Player uninstalled?
Java uninstalled or updated?
Attached WDHistory.txt report
Uploaded zip file

#5 Siborg

Topic Starter

Members
20 posts
OFFLINE

Posted 27 April 2023 - 11:03 PM

Flash Player uninstalled & restarted PC
Java uninstalled
No WDHistory.txt report placed on the Desktop
No zip file placed on the Desktop
Retried fix, here are the results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-04-2023
Ran by Admin (28-04-2023 13:24:53) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start:: CreateRestorePoint: CloseProcesses: Powershell: Get-MpThreatDetection | Out-File "C:\Users\Admin\Desktop\WDHistory.txt" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2020-06-28] Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2021-01-29] Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File) Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File) Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File) Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File) Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShortcutTarget: JoyToKey.lnk -> C:\Users\Admin\Downloads\JoyToKey_en\JoyToKey.exe (No File) Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File) Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File) Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File) Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File) Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File) Task: {a76d9b75-2552-4930-84aa-e3e5c1f0455a} - no filepath AlternateDataStreams: C:\Users\Simon\AppData\Local\Temp:$DATA [16] zip: C:\WINDOWS\Minidump End::
*****************

"CreateRestorePoint: CloseProcesses: Powershell: Get-MpThreatDetection | Out-File "C:\Users\Admin\Desktop\WDHistory.txt" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2020-06-28] Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2021-01-29] Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File) Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File) Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File) Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File) Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File C:\Users\Admin\Downloads\JoyToKey_en\JoyToKey.exe (No File) Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File) Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File) Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File) Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File) Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin" => not found

==== End of Fixlog 13:24:53 ====

#6 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
62,343 posts
OFFLINE

Gender:Male
Location:California
Local time:04:36 PM

Posted 28 April 2023 - 07:40 AM

Could you please attach the Fixlog.txt report?

#7 Siborg

Topic Starter

Members
20 posts
OFFLINE

Posted 29 April 2023 - 03:15 AM

Fixlog.txt attached

#8 Siborg

Topic Starter

Members
20 posts
OFFLINE

Posted 29 April 2023 - 03:17 AM

Let's see if it works this time

#9 Siborg

Topic Starter

Members
20 posts
OFFLINE

Posted 29 April 2023 - 03:32 AM

This time

Attached Files

Fixlog.txt 5.24KB 4 downloads

#10 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
62,343 posts
OFFLINE

Gender:Male
Location:California
Local time:04:36 PM

Posted 29 April 2023 - 03:35 PM

Thank you.

Something didn't work quite right. Let's try things this way.

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

Please download and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
Right click on FRST and select Run as administrator
Click Fix and once completed your computer will reboot
The tool will create a log on the desktop called Fixlog.txt
Copy and paste the contents of the report in your reply. If it is too large you can attach it or uploaded here
Upon completion a WDHistory.txt file will be placed on the Desktop. Attach the file to your reply.
The tool will create a zipped folder on your Desktop with today's date, example: 02.17.2022_13.24.50.zip. Please upload the file here.

Fixlog
Attached WDHistory.txt report
Uploaded zip file

#11 Siborg

Topic Starter

Members
20 posts
OFFLINE

Posted 29 April 2023 - 05:07 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-04-2023
Ran by Admin (30-04-2023 07:23:20) Run:3
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Powershell: Get-MpThreatDetection | Out-File "C:\Users\Admin\Desktop\WDHistory.txt"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2020-06-28]
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk [2021-01-29]
Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File)
Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File)
Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File)
Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShortcutTarget: JoyToKey.lnk -> C:\Users\Admin\Downloads\JoyToKey_en\JoyToKey.exe (No File)
Task: {25B6C529-1F84-4840-9415-77D637B99F25} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {2B7A2150-9C08-4DE8-A5DD-B86EF57365BF} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File)
Task: {79326EBA-EFF0-48D7-A3D2-03696839460B} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File)
Task: {C2088C1B-5B4A-4A36-A832-BBD7F9261F18} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File)
Task: {FE72577A-337E-41B3-83F9-AAEE26628BCB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe -check pepperplugin (No File)
Task: {a76d9b75-2552-4930-84aa-e3e5c1f0455a} - no filepath
AlternateDataStreams: C:\Users\Simon\AppData\Local\Temp:$DATA [16]
zip: C:\WINDOWS\Minidump
*****************

Restore point was successfully created.
Processes closed successfully.

========= Get-MpThreatDetection | Out-File "C:\Users\Admin\Desktop\WDHistory.txt" =========

========= End of Powershell: =========

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk => moved successfully
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JoyToKey.lnk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{25B6C529-1F84-4840-9415-77D637B99F25}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25B6C529-1F84-4840-9415-77D637B99F25}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B7A2150-9C08-4DE8-A5DD-B86EF57365BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7A2150-9C08-4DE8-A5DD-B86EF57365BF}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CUAssistant\CULauncher" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{79326EBA-EFF0-48D7-A3D2-03696839460B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79326EBA-EFF0-48D7-A3D2-03696839460B}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Avast SecureLine VPN Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast SecureLine VPN Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C2088C1B-5B4A-4A36-A832-BBD7F9261F18}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2088C1B-5B4A-4A36-A832-BBD7F9261F18}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Avast Cleanup Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Cleanup Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE72577A-337E-41B3-83F9-AAEE26628BCB}" => not found
"C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
"C:\Users\Admin\Downloads\JoyToKey_en\JoyToKey.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25B6C529-1F84-4840-9415-77D637B99F25}" => not found
"C:\WINDOWS\System32\Tasks\Avast Software\Overseer" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7A2150-9C08-4DE8-A5DD-B86EF57365BF}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CUAssistant\CULauncher" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79326EBA-EFF0-48D7-A3D2-03696839460B}" => not found
"C:\WINDOWS\System32\Tasks\Avast Software\Avast SecureLine VPN Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast SecureLine VPN Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2088C1B-5B4A-4A36-A832-BBD7F9261F18}" => not found
"C:\WINDOWS\System32\Tasks\Avast Software\Avast Cleanup Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Avast Cleanup Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE72577A-337E-41B3-83F9-AAEE26628BCB}" => not found
"C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{a76d9b75-2552-4930-84aa-e3e5c1f0455a}" => removed successfully
C:\Users\Simon\AppData\Local\Temp => ":$DATA" ADS removed successfully
================== Zip: ===================
C:\WINDOWS\Minidump -> copied successfully to C:\Users\Admin\Desktop\30.04.2023_07.23.32.zip
=========== Zip: End ===========

The system needed a reboot.

==== End of Fixlog 07:23:33 ====

Attached Files

WDHistory.txt 35.93KB 4 downloads

#12 Siborg

Topic Starter

Members
20 posts
OFFLINE

Posted 29 April 2023 - 05:18 PM

I have submitted the zip file

#13 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
62,343 posts
OFFLINE

Gender:Male
Location:California
Local time:04:36 PM

Posted 29 April 2023 - 08:01 PM

I received it thank you.

Can you provide an update on the computer behavior?

#14 Siborg

Topic Starter

Members
20 posts
OFFLINE

Posted 30 April 2023 - 09:17 PM

Still the same. Could I send screenshots of Simplewall?

#15 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
62,343 posts
OFFLINE

Gender:Male
Location:California
Local time:04:36 PM

Posted 01 May 2023 - 07:55 AM

Yes, please upload the screen shot here.

Back to Virus, Trojan, Spyware, and Malware Removal Help

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

svchost process being used, accessed remotely by different ip addresses

#1 Siborg

BC AdBot (Login to Remove)

#2 Oh My!

#3 Siborg

#4 Oh My!

#5 Siborg

#6 Oh My!

#7 Siborg

#8 Siborg

#9 Siborg

Attached Files

#10 Oh My!

#11 Siborg

Attached Files

#12 Siborg

#13 Oh My!

#14 Siborg

#15 Oh My!

1 user(s) are reading this topic

Sign In