Secure Search Browser Removal

Status
Not open for further replies.
Pajer1a

Pajer1a

New Member
Thread author
Jul 29, 2021
4
Using Chrome, my browser has been hijacked by McAfee Secure Search. I am unable to remove it. I did FRST and Malwarebytes scans. This is my first post to this forum, and do not fine an "Attachment" icon, so I will copy all files below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by HP (administrator) on DESKTOP-O92Q0OS (HP HP Pavilion Desktop 595-p0xxx) (29-07-2021 21:27:32)
Running from C:\Users\HP\Downloads
Loaded Profiles: HP
Platform: Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <27>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_35df954651b1f88f\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c95e7d335bd30097\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c95e7d335bd30097\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c95e7d335bd30097\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c95e7d335bd30097\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHeciSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\HP\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21061.10121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtAudioServ.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Pro Softnet Corp (IDrive, Inc.) -> ) C:\Program Files\ZipDrive\ZipDrive Agent\zipdrive-agent-service.exe
(Pro Softnet Corp (IDrive, Inc.) -> Idrive) C:\Program Files\ZipDrive\ZipDrive Agent\ZipDrive-Agent-App.exe
(Pro Softnet Corp (IDrive, Inc.) -> zipdrive_relay_server) C:\Program Files\ZipDrive\ZipDrive Agent\utils\zipdrive_relay_server.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
(Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-17] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8107808 2021-07-17] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [77432 2021-07-02] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1981048 2021-07-02] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\...\Run: [GoogleChromeAutoLaunch_AF07ADB424B82216064A05A2CAB71EA4] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\...\Run: [Amazon Music Helper] => C:\Users\HP\AppData\Local\Amazon Music\Amazon Music Helper.exe [2107848 2020-05-22] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\...\Run: [HP ENVY 7640 series (NET)] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [3769248 2019-03-19] (HP Inc -> HP Inc.)
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\...\Run: [ZipDrive-Agent] => C:\Program Files\ZipDrive\ZipDrive Agent\ZipDrive-Agent-App.exe [662344 2021-02-18] (Pro Softnet Corp (IDrive, Inc.) -> Idrive)
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [148800 2021-07-28] (Siber Systems -> Siber Systems)
HKLM\...\Print\Monitors\HP DC11 Status Monitor: C:\WINDOWS\system32\hpinkstsDC11LM.dll [391984 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-25] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042F11A4-FD19-4812-A234-9F20F8DFD285} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => cmd /c start hpdiags://ABO
Task: {0F136074-BEA9-400C-AEC7-3E3560FA90EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {133BB09D-7DA5-458C-90A4-0CD7C252ED7D} - System32\Tasks\GoogleUpdateTaskMachineUA1d587a45b0b4b58 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-22] (Google Inc -> Google LLC)
Task: {2C81B3B8-0963-487D-A97F-DCFBD74907A3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [148800 2021-07-28] (Siber Systems -> Siber Systems)
Task: {39D1178A-976E-478D-81E2-FFFFAF1C8095} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {468AF7DB-1A80-4734-86B5-D9D4E18496C6} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "RoboForm for Business"
Task: {4721BD6B-66F2-4833-9A10-CBD65A0DB077} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => cmd /c start hpdiags://LaunchUI
Task: {4E52A13B-009B-4F71-AD68-3FA65BF1398E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => cmd /c start hpdiags:
Task: {4F6D9FF8-4878-4554-BD7B-CC65BB0AA7E9} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-07] (HP Inc. -> HP Inc.)
Task: {54F13B7A-9701-42D5-ACFC-14C95579224D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-07] (HP Inc. -> HP Inc.)
Task: {5545120B-943B-4014-B370-48F2464C464D} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Task: {59C7A23B-48C6-4A54-9F53-F13C545277B0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => cmd /c start hpdiags://BCF
Task: {5B55203C-84DB-4E1E-8E03-B1F343AB3E20} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => cmd /c start hpdiags://BHM1
Task: {5E2247FA-7430-457F-A1DA-99E06752B1BF} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => cmd /c start hpdiags://BatteryStatusTest
Task: {6BCAA4A5-FC68-4F57-AB96-DDD4376FE6AE} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {76708260-AA2B-4682-9B67-1DF6BA681960} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
Task: {82171F90-F7BE-4524-AFBB-9A905844529B} - System32\Tasks\DropboxUpdateTaskMachineUA1d5d62a7731045 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8C1CD4EA-601B-4931-8749-0859835709A4} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [3311520 2021-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D10FC22-61D2-4363-9743-A62696C683F4} - System32\Tasks\DropboxUpdateTaskMachineCore1d5d62a76e4b99 => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {910C59CE-F819-488F-9840-4C8FA9A2D60A} - System32\Tasks\HPCustParticipation HP ENVY 7640 series => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe [6437792 2019-03-19] (HP Inc -> HP Inc.)
Task: {945F55CA-CFC4-4BDD-A6CD-8FC9305B4724} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-22] (Google Inc -> Google LLC)
Task: {94B7126F-5CCC-4470-B5D5-045807ECB87C} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => cmd /c start hpdiags://SmartCheckError
Task: {A1211F91-8F01-426B-9072-0E732E87EF4F} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => cmd /c start hpdiags://BatteryStatusError
Task: {A4CAE9D7-302E-4B29-97D4-072992804B0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-07-09] (HP Inc. -> HP Inc.)
Task: {AB052144-92C1-46B2-96C6-B8BC3B10E58F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B33D9A94-32E6-45F8-9DFC-B2CC89D476B2} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [462696 2018-06-01] (HP Inc. -> HP Inc.)
Task: {BE94C79B-EC15-4337-99D7-3B53BE1A41BC} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => cmd /c start hpdiags://BHM2
Task: {BFC350A6-9EE1-4764-82CA-34BCF2C15826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [560816 2021-07-09] (HP Inc. -> HP Inc.)
Task: {C0E7FC6B-4B1B-442B-88CF-EC66114ADF47} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CE4852D4-6DF7-450D-B409-204E1A3BB6A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-22] (Google Inc -> Google LLC)
Task: {E582664D-B0F1-4302-AB7D-A6541E60E3DA} - System32\Tasks\GoogleUpdateTaskMachineCore1d587a45b08e924 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-22] (Google Inc -> Google LLC)
Task: {FE26395D-356F-4AE6-B459-B4AB26BF569C} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => cmd /c start hpdiags://SmartCheckTest
Task: {FED371A5-8380-4440-ABFC-981B1CF35188} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-02] (Dropbox, Inc -> Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d5d62a76e4b99.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d5d62a7731045.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3d88ff67-c8ba-46af-8bad-75fd3eb5cd02}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-29]
Edge Notifications: Default -> hxxps://www.foodandwine.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-14]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2021-07-29]
CHR Notifications: Default -> hxxps://conservativebuzz.com; hxxps://economictimes.indiatimes.com; hxxps://hibid.com; hxxps://home.howstuffworks.com; hxxps://isecretshop.com; hxxps://lilicloth.com; hxxps://pch.unitedstatescredit.com; hxxps://shop.52kards.com; hxxps://spicysouthernkitchen.com; hxxps://travelers.bonusdrive.com; hxxps://www.accuweather.com; hxxps://www.allrecipes.com; hxxps://www.banggood.com; hxxps://www.bankrate.com; hxxps://www.bestbuy.com; hxxps://www.bestdeals.today; hxxps://www.bestdoweljigs.com; hxxps://www.casinoworld.com; hxxps://www.cnet.com; hxxps://www.dailymail.co.uk; hxxps://www.discountmags.com; hxxps://www.facebook.com; hxxps://www.fastpeoplesearch.com; hxxps://www.foodandwine.com; hxxps://www.govplanet.com; hxxps://www.healthplansamerica.org; hxxps://www.hp.com; hxxps://www.mysteryshoppermagazine.com; hxxps://www.newsbreak.com; hxxps://www.pinterest.com; hxxps://www.realsimple.com; hxxps://www.reddit.com; hxxps://www.spectrum.net; hxxps://www.streamradiolive.co; hxxps://www.techconnect.com; hxxps://www.theepochtimes.com; hxxps://www.urbanoutfitters.com; hxxps://www.washingtontimes.com; hxxps://www.youtube.com; hxxps://www.zdnet.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://nimncpmjkcpdnhdgcfcpficlhgflfckj/index.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91088G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-29]
CHR Extension: (Consumer Reports) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmigknmjdpedgfbfjphohjdocmkapak [2020-03-29]
CHR Extension: (Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-29]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-29]
CHR Extension: (Google Play Music) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-11-19]
CHR Extension: (Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-29]
CHR Extension: (iCloud Bookmarks) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2020-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-29]
CHR Extension: (The Camelizer) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2021-05-26]
CHR Extension: (Google Play Music) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2020-06-21]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-26]
CHR Extension: (Web) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaffcafpjmbdjkfpkgihpchfdhdaego [2020-07-07]
CHR Extension: (RetailMeNot Deal Finder™️) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2021-07-21]
CHR Extension: (HP Network Check Launcher) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2020-03-29]
CHR Extension: (Speed Test Guide - Not Live) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkilbiahalnlmbdplofomffbdlomfopi [2020-08-24]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2021-03-16]
CHR Extension: (Google Play) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2020-06-21]
CHR Extension: (Online coupon tool: Add to Chrome for free) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-07-25]
CHR Extension: (StreamRadioLive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nimncpmjkcpdnhdgcfcpficlhgflfckj [2020-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail - Reply at the TOP) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcmppcoeknickodfpmlancikgghcll [2020-03-29]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2021-04-23]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-26]
CHR Extension: (RoboForm Password Manager) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2021-07-28]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2019-05-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2019-05-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-02] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-05-02] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-07-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c95e7d335bd30097\x64\AppHelperCap.exe [738368 2021-06-27] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c95e7d335bd30097\x64\DiagsCap.exe [735832 2021-06-27] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [478056 2018-06-01] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c95e7d335bd30097\x64\NetworkCap.exe [735824 2021-06-27] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-07] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c95e7d335bd30097\x64\SysInfoCap.exe [737368 2021-06-27] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_35df954651b1f88f\x64\TouchpointAnalyticsClientService.exe [489584 2021-06-18] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [394872 2021-07-02] (Pro Softnet Corporation -> Prosoftnet)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-02] (Malwarebytes Inc -> Malwarebytes)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2148856 2020-02-24] (Plex, Inc. -> Plex, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkBtAudioServ; C:\WINDOWS\RtkBtAudioServ.exe [348224 2019-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1579312 2019-11-21] (WildTangent Inc -> )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 zipdrive-agent-service; C:\Program Files\ZipDrive\ZipDrive Agent\zipdrive-agent-service.exe [17736 2021-02-18] (Pro Softnet Corp (IDrive, Inc.) -> )
R2 zipdriveRSSvc; C:\Program Files\ZipDrive\ZipDrive Agent\utils\zipdrive_relay_server.exe [177992 2021-01-05] (Pro Softnet Corp (IDrive, Inc.) -> zipdrive_relay_server)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 cxbu0x64; C:\WINDOWS\system32\DRIVERS\cxbu0x64.sys [147576 2014-04-05] (HID Global -> HID Global Corporation)
S3 CXCVBS; C:\WINDOWS\system32\drivers\cxCVBS.sys [252544 2019-05-13] (Shenzhen Geniatech Technology LTD. -> Conexant Systems, Inc.)
S3 CXPLRCAP; C:\WINDOWS\system32\drivers\CxPlrCap.sys [235904 2010-01-06] (Beijing Geniatech Inc. Ltd. -> Conexant Systems, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [23960 2018-07-06] (HP Inc. -> HP Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-07-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-23] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-07-29] (Malwarebytes Inc -> Malwarebytes)
R3 RtkA2dp; C:\WINDOWS\system32\DRIVERS\RtkA2dp.sys [217032 2019-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [96984 2019-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [41008 2021-03-30] (McAfee, LLC. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-07-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425192 2021-07-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-29 21:27 - 2021-07-29 21:27 - 000031263 _____ C:\Users\HP\Downloads\FRST.txt
2021-07-29 21:24 - 2021-07-29 21:27 - 000000000 ____D C:\FRST
2021-07-29 21:23 - 2021-07-29 21:23 - 002300416 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2021-07-29 21:14 - 2021-07-29 21:14 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-07-29 21:14 - 2021-07-29 21:14 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-07-29 21:14 - 2021-07-29 21:14 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-07-29 21:14 - 2021-07-29 21:14 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-07-26 22:37 - 2021-07-26 22:37 - 000014829 _____ C:\Users\HP\Documents\Onion Fritters.odt
2021-07-25 11:27 - 2021-07-25 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-07-17 10:58 - 2021-07-17 10:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-07-17 10:58 - 2021-07-17 10:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-07-17 10:58 - 2021-07-17 10:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-07-17 10:58 - 2021-07-17 10:58 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-07-17 09:16 - 2021-07-17 09:16 - 000012634 _____ C:\Users\HP\Desktop\Untitled 1.odt
2021-07-15 10:20 - 2021-07-15 10:20 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-15 10:20 - 2021-07-15 10:20 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-15 10:20 - 2021-07-15 10:20 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-15 10:20 - 2021-07-15 10:20 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-15 10:20 - 2021-07-15 10:20 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-15 10:20 - 2021-07-15 10:20 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-13 18:59 - 2021-07-13 18:59 - 000000980 _____ C:\Users\HP\Desktop\WinMerge.lnk
2021-07-09 18:24 - 2021-07-09 18:24 - 011854754 _____ C:\Users\HP\Downloads\How to get rid of old people.mp4
2021-07-07 23:14 - 2021-07-07 23:14 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-07 23:14 - 2021-07-07 23:14 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-07 23:14 - 2021-07-07 23:14 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-07 23:14 - 2021-07-07 23:14 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-07 23:14 - 2021-07-07 23:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-07 23:14 - 2021-07-07 23:14 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-07 23:14 - 2021-07-07 23:14 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-07 23:14 - 2021-07-07 23:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-07 23:14 - 2021-07-07 23:14 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-07 23:14 - 2021-07-07 23:14 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-07 20:48 - 2021-07-07 20:48 - 000000000 ____D C:\Users\HP\Documents\CyberLink
2021-07-07 19:56 - 2021-07-07 19:56 - 007724901 _____ (hxxps://winmerge.org ) C:\Users\HP\Downloads\WinMerge-2.16.12-x64-Setup.exe
2021-07-07 19:56 - 2021-07-07 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2021-07-07 19:56 - 2021-07-07 19:56 - 000000000 ____D C:\Program Files\WinMerge
2021-07-02 17:56 - 2021-07-02 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2021-06-30 21:05 - 2021-06-30 21:05 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-06-30 21:05 - 2021-06-30 21:05 - 000000936 _____ C:\Users\Public\Desktop\4K Video Downloader.lnk
2021-06-30 20:52 - 2021-06-30 21:00 - 000000000 ____D C:\Users\HP\AppData\Local\YouTubePlaylistBuilder
2021-06-30 20:52 - 2021-06-30 20:52 - 000000000 ____D C:\Users\HP\AppData\Roaming\YouTubePlaylistBuilder
2021-06-30 20:52 - 2021-06-30 20:52 - 000000000 ____D C:\Users\HP\AppData\Local\VideoConverter
2021-06-30 20:52 - 2021-06-30 20:52 - 000000000 ____D C:\Users\HP\AppData\Local\Downloaded Installations
2021-06-30 20:52 - 2021-06-30 20:52 - 000000000 ____D C:\ProgramData\YouTubePlaylistBuilder
2021-06-30 18:44 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-06-30 16:11 - 2021-06-30 16:11 - 000000000 ____D C:\WINDOWS\system32\Samsung
2021-06-30 16:11 - 2021-06-30 16:11 - 000000000 ____D C:\ProgramData\Samsung
2021-06-30 16:11 - 2020-11-11 03:54 - 000043376 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ss_conn_usb_driver2.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-29 21:24 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-29 21:13 - 2019-02-21 05:23 - 000000000 ____D C:\ProgramData\McAfee
2021-07-29 21:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-29 20:44 - 2019-05-02 19:24 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-29 18:50 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-29 17:13 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-29 17:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-29 16:46 - 2021-04-16 21:07 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{53F2A38D-13FD-4462-8F89-C43CB9261798}
2021-07-29 05:08 - 2020-05-12 20:14 - 000000000 ____D C:\ProgramData\IDrive
2021-07-28 19:31 - 2021-04-16 21:07 - 000004470 _____ C:\WINDOWS\system32\Tasks\Open URL by RoboForm
2021-07-28 19:31 - 2021-04-16 21:07 - 000003794 _____ C:\WINDOWS\system32\Tasks\Run RoboForm TaskBar Icon
2021-07-28 19:31 - 2019-05-02 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2021-07-28 19:30 - 2021-04-20 18:40 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-07-28 19:30 - 2019-02-21 04:35 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-28 13:16 - 2020-08-02 19:02 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-07-25 11:37 - 2021-04-17 00:46 - 000679042 _____ C:\WINDOWS\system32\perfh01D.dat
2021-07-25 11:37 - 2021-04-17 00:46 - 000137730 _____ C:\WINDOWS\system32\perfc01D.dat
2021-07-25 11:37 - 2021-04-16 21:10 - 001653000 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-25 11:33 - 2020-11-19 03:30 - 000492472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-25 11:33 - 2020-03-28 11:53 - 000000000 ___RD C:\Users\HP\OneDrive
2021-07-25 11:33 - 2020-03-28 11:51 - 000000000 __SHD C:\Users\HP\IntelGraphicsProfiles
2021-07-25 11:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-07-25 11:32 - 2020-12-17 19:12 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-25 11:32 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-25 11:32 - 2020-03-28 17:41 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHP.job
2021-07-25 11:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-25 11:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-25 11:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-25 11:32 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-25 11:32 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-07-25 11:27 - 2019-05-02 21:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-07-25 11:26 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-25 11:26 - 2019-05-22 19:26 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-17 13:15 - 2021-04-16 21:07 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2596955177-2053472912-3161159150-1003
2021-07-17 13:15 - 2021-04-16 21:02 - 000002381 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-15 19:39 - 2021-04-16 21:07 - 000003448 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d587a45b0b4b58
2021-07-15 19:39 - 2021-04-16 21:07 - 000003324 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d587a45b08e924
2021-07-15 18:57 - 2020-04-20 20:48 - 000000000 ____D C:\Users\HP\AppData\Local\Plex
2021-07-15 18:08 - 2020-04-20 20:50 - 000000000 ____D C:\Users\HP\AppData\Local\Plex Media Server
2021-07-15 14:57 - 2021-04-16 21:07 - 000003232 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForHP
2021-07-15 10:21 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-15 10:17 - 2020-11-20 00:00 - 000000000 ___HD C:\$WinREAgent
2021-07-14 20:25 - 2021-04-16 21:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-07-14 20:24 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-14 20:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-14 20:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-14 20:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-14 20:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-14 20:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-14 20:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-14 20:24 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-14 20:19 - 2020-08-10 18:59 - 000000000 ____D C:\Users\HP\AppData\Local\CrashDumps
2021-07-13 13:13 - 2019-05-02 21:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-13 13:11 - 2019-05-02 21:23 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-09 19:01 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-07 21:58 - 2021-04-16 21:02 - 000000000 ____D C:\Users\HP
2021-07-07 20:52 - 2020-03-28 11:51 - 000000000 ____D C:\Users\HP\AppData\Local\Packages
2021-07-07 20:48 - 2020-11-12 19:03 - 000000000 ____D C:\Users\HP\AppData\Roaming\vlc
2021-07-02 17:56 - 2020-05-12 20:14 - 000000000 ____D C:\Program Files (x86)\IDriveWindows
2021-07-02 17:52 - 2020-01-28 18:26 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA1d5d62a7731045.job
2021-07-02 17:52 - 2020-01-28 18:26 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d5d62a76e4b99.job
2021-07-02 16:36 - 2020-05-04 19:22 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-02 16:34 - 2020-12-28 20:47 - 000000000 ____D C:\Users\HP\AppData\Roaming\dvdcss
2021-07-02 01:44 - 2021-04-26 01:38 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d73325d3bf6a3a
2021-07-02 01:44 - 2020-11-19 03:32 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-29 11:52 - 2020-05-29 22:09 - 000533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2021-06-29 11:52 - 2020-05-29 22:09 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll

==================== Files in the root of some directories ========

2020-09-18 19:23 - 2020-09-25 21:30 - 000000093 _____ () C:\Users\HP\AppData\Local\X-Plane 11 Preferences.prf
2020-09-18 20:38 - 2020-09-25 21:19 - 000000037 _____ () C:\Users\HP\AppData\Local\X-Plane Installer.prf
2020-09-18 20:38 - 2020-09-25 21:22 - 000000015 _____ () C:\Users\HP\AppData\Local\X-Plane_drm_11.prf
2020-09-18 19:23 - 2020-09-18 19:23 - 000000016 _____ () C:\Users\HP\AppData\Local\x-plane_install_11.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

ADDITIONS.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by HP (29-07-2021 21:28:21)
Running from C:\Users\HP\Downloads
Windows 10 Home Version 20H2 19042.1110 (X64) (2021-04-17 01:07:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2596955177-2053472912-3161159150-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2596955177-2053472912-3161159150-503 - Limited - Disabled)
Guest (S-1-5-21-2596955177-2053472912-3161159150-501 - Limited - Disabled)
HP (S-1-5-21-2596955177-2053472912-3161159150-1003 - Administrator - Enabled) => C:\Users\HP
WDAGUtilityAccount (S-1-5-21-2596955177-2053472912-3161159150-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"ViewNX 2" (HKLM-x32\...\{3272057B-D3C3-4EAF-B023-15E4CA91046D}) (Version: 1.00.0000 - Nikon)
4K Video Downloader (HKLM\...\{560E7B2D-43A3-4A2C-B578-44525724B639}) (Version: 4.16.4.4300 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{6919d361-5a00-4c44-a3be-f5033ff85337}) (Version: 4.16.4.4300 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\...\Amazon Amazon Music) (Version: 7.12.0.2203 - Amazon.com Services LLC)
Amazon Print Connect (HKLM\...\{79E517A4-F87E-44DB-9F76-64455DBFB70F}) (Version: 1.0.0.0 - Amazon.com, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4823.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4823.0 - CyberLink Corp.)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 6.14 - NCH Software)
Driver Install 64-Bit (HKLM-x32\...\{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China) Hidden
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
Dropbox (HKLM-x32\...\Dropbox) (Version: 127.4.4265 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.485.1 - Dropbox, Inc.) Hidden
EzGrabber version 3.0.2 (HKLM-x32\...\{59D21F0E-EA54-4438-A5B7-7EAD262FD873}_is1) (Version: 3.0.2 - Geniatech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{C54DEA1F-7A8D-410B-A675-04E0FB562CB0}) (Version: 40.13.54.81239 - HP)
HP ENVY 7640 series Basic Device Software (HKLM\...\{9DA0F1F8-9B4F-4C6A-AF6E-DCD1BA99AC3E}) (Version: 40.13.1176.1978 - HP Inc.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{533B4739-13DD-4AAB-9524-070B3F0CE6ED}) (Version: 40.13.54.81239 - HP)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{016FBF6D-AEDE-4D33-87B4-DF6815EF674A}) (Version: 1.4.0.485 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{35556CCA-F14E-48F3-93F4-E29C4B3DBE30}) (Version: 1.4.485.0 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
IDrive version 6.7.3.37 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.37 - Pro Softnet Corp)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6446 - Intel Corporation)
LibreOffice 7.1.1.2 (HKLM\...\{14E9DACB-8945-4B62-A19B-2C6245D48490}) (Version: 7.1.1.2 - The Document Foundation)
Malwarebytes version 4.4.2.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.55 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
PhotoJam 3 (HKLM-x32\...\PhotoJam 3) (Version: - )
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.16 - Nikon)
Plex (HKLM-x32\...\Plex) (Version: 1.10.0 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{23062b36-eec3-43c5-9437-987990d2b300}) (Version: 1.18.7.2457 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{7E47A632-E6DD-4853-87F6-F878B731EF9E}) (Version: 1.18.2457 - Plex, Inc.) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 6.24 - NCH Software)
Product Improvement Study for HP ENVY 7640 series (HKLM\...\{B496F96B-0DCB-4015-B175-9904967F1E3C}) (Version: 40.13.1176.1978 - HP Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.1021 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
RoboForm 9-1-9-9 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 9-1-9-9 - Siber Systems)
Stopping Plex (HKLM-x32\...\{0FBDB583-4DF5-416A-B787-BD273CA52776}) (Version: 1.18.2457 - Plex, Inc.) Hidden
USB2.0 Audio Capture (HKLM\...\VID_1F4D&PID_0102&MI_00) (Version: 1.0.0.0 - Conexant Systems)
USB2.0 Video Capture (HKLM\...\VID_1F4D&PID_0102&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinMerge 2.16.12.0 x64 (HKLM\...\WinMerge_is1) (Version: 2.16.12.0 - Thingamahoochie Software)
ZipDrive Agent (HKLM\...\{6D7AB35C-A0DB-4D10-AB20-583BDE9E501F}) (Version: 3.0.0.4 - ZipDrive) Hidden
ZipDrive Agent (HKLM-x32\...\{c8205938-8d3c-4170-b371-49c7c7e2de10}) (Version: 3.0.0.2 - ZipDrive)
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-07-29] (Amazon.com)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.4.11.0_x86__xcg28tkrsnqww [2021-05-09] (Cool File Viewer)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-07-29] (HP Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2019-02-21] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.7.0.0_x64__v10z8vjag6ke6 [2021-07-07] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-04-10] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_129.1.234.0_x64__v10z8vjag6ke6 [2021-07-25] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.536.0_x64__v10z8vjag6ke6 [2021-07-09] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2021-07-02] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-07-02] (Apple Inc.) [Startup Task]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14228.20204.0_x86__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14228.20204.0_x86__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14228.20204.0_x86__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14228.20204.0_x86__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14228.20204.0_x86__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14228.20204.0_x86__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-17] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14228.20204.0_x86__8wekyb3d8bbwe [2021-07-29] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-04-01] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-13] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-01] (Microsoft Corporation)
Sokoban Classic Game -> C:\Program Files\WindowsApps\45281cmmobile.SokobanClassicGame_1.0.0.2_x86__9edamvz7s1gx6 [2021-01-28] (cmmobile) [MS Ad]
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2021-07-16] (WildTangent Games)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ 0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-06-29] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-06-29] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ 0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2021-06-29] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-06-29] () [File not signed]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2021-04-03] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-06-29] () [File not signed]
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2021-04-03] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2021-06-29] () [File not signed]
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2021-04-03] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxDTCM.dll [2020-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2021-04-03] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-21] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-21] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-09-21] (Microsoft Corporation) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\HP Instant Ink HP® Official Site.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pnbonagfebdpggpfhfdcjmjdkfjelppk
ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kmhopmchchfpfdcdjodmpfaaphdclmlj
ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Instant Ink HP® Official Site.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=pnbonagfebdpggpfhfdcjmjdkfjelppk
==================== Loaded Modules (Whitelisted) =============
2020-05-29 22:09 - 2021-06-29 11:52 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2021-07-15 04:26 - 2021-07-15 04:26 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\89f23e1ce285ad499204ebd7558165f3\BRIDGECommon.ni.dll
2021-07-15 04:26 - 2021-07-15 04:26 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\7e4dfac6510a5de61a2bc0234cdff0f1\BridgeExtension.ni.dll
2021-07-15 04:26 - 2021-07-15 04:26 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\2b66785cb9f0b844871dd73e39d38325\CleanStartController.ni.dll
2021-07-15 04:27 - 2021-07-15 04:27 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\32823212b1b4d757abc6b7c3d2914e55\Interop.IWshRuntimeLibrary.ni.dll
2021-07-15 04:26 - 2021-07-15 04:26 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\49e811c43e8f8d7010a998e81f9e81c9\RegistrationUtilities.ni.dll
2021-07-15 04:27 - 2021-07-15 04:27 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\027f60599325fa4540a4b4e6963dfa54\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-06-20 08:46 - 2020-06-20 08:46 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2021-07-15 04:26 - 2021-07-15 04:26 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\a96bbbf7d20f205cef167ad11dcf13bd\CommonPortable.ni.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000046592 _____ (Huor Swords) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Logging.Log4Net.AspNetCore.dll
2021-07-07 19:56 - 2021-04-03 16:04 - 000203264 _____ (hxxp://winmerge.org) [File not signed] C:\Program Files\WinMerge\ShellExtensionX64.dll
2021-07-15 04:27 - 2021-07-15 04:27 - 001701888 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\e0afd35193c433995d446df4bc7d79f0\NAudio.ni.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000048640 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Connections.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000064512 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Cors.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000024576 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000022528 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.HostFiltering.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000020992 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Hosting.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000337920 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Hosting.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000007680 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Hosting.Server.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000187392 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Http.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000193536 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Http.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000031232 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Http.Features.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000050176 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.HttpOverrides.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000027648 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.HttpsPolicy.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000039424 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Routing.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000611840 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Routing.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000529408 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Server.IIS.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000033280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Server.IISIntegration.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 001310720 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Server.Kestrel.Core.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000010752 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Server.Kestrel.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000118272 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000026624 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.AspNetCore.WebSockets.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000019968 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Configuration.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000033280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Configuration.Binder.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000018432 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Configuration.CommandLine.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000036864 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Configuration.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000017408 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Configuration.EnvironmentVariables.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000022528 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Configuration.FileExtensions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000022016 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Configuration.Json.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000063488 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.DependencyInjection.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000163840 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.DependencyInjection.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000011264 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.FileProviders.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000057856 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.FileProviders.Physical.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000074752 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.FileSystemGlobbing.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000028160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Hosting.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000068096 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Hosting.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000020480 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Hosting.Systemd.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000019456 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Hosting.WindowsServices.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000093184 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Logging.Abstractions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000017920 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Logging.Configuration.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000037376 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Logging.Console.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000011264 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Logging.Debug.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000053760 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Logging.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000022016 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Logging.EventLog.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000038912 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Logging.EventSource.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000019456 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.ObjectPool.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000014336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Options.ConfigurationExtensions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000091648 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Options.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000065024 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Extensions.Primitives.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000188928 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Net.Http.Headers.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000012288 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\Microsoft.Win32.Primitives.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000637440 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Collections.Immutable.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000087552 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Collections.NonGeneric.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000080896 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Collections.Specialized.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000006656 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.ComponentModel.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000044032 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.ComponentModel.Primitives.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000697344 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.ComponentModel.TypeConverter.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000143360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Console.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000090112 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Diagnostics.DiagnosticSource.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000293888 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Diagnostics.EventLog.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000247296 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Diagnostics.Process.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000239104 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.IO.Compression.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000206336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.IO.FileSystem.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000059392 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.IO.FileSystem.Watcher.dll
2021-01-25 13:12 - 2021-01-25 13:12 - 000140288 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.IO.Pipelines.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000410624 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Linq.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 005245952 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Linq.Expressions.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000076288 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Net.NameResolution.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000203776 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Net.Primitives.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000527872 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Net.Sockets.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000077824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.ObjectModel.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 008410624 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Private.Xml.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 001054208 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Reflection.Metadata.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000009728 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Runtime.CompilerServices.Unsafe.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000017408 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Runtime.InteropServices.RuntimeInformation.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000681472 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Security.Cryptography.Algorithms.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000060928 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Security.Cryptography.Encoding.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000092672 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Security.Cryptography.Primitives.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000455168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Security.Cryptography.X509Certificates.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000100864 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.ServiceProcess.ServiceController.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000813056 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\System.Text.Json.dll
2021-07-15 04:26 - 2021-07-15 04:26 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\04c467978ba84a7abf27da2c6cfeba6c\Newtonsoft.Json.ni.dll
2021-07-15 04:27 - 2021-07-15 04:27 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\8c1fced6141c67105e0e20e95f330770\Newtonsoft.Json.ni.dll
2020-05-12 21:21 - 2021-06-29 11:52 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000601088 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\log4net.dll
2021-07-15 04:27 - 2021-07-15 04:27 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\cb3d9405736b089a3cc972191ce02d55\log4net.ni.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 006349312 _____ (The Legion of the Bouncy Castle Inc.) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\BouncyCastle.Crypto.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000047104 _____ (zipdrive_relay_server) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\zipdrive_relay_server.dll
2021-01-25 13:11 - 2021-01-25 13:11 - 000150016 _____ (zipdrive_relay_server_lib) [File not signed] [File is in use] C:\Program Files\ZipDrive\ZipDrive Agent\utils\zipdrive_relay_server_lib.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {7889E631-BBC2-4BE3-A877-FDDEF101FE4D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {7889E631-BBC2-4BE3-A877-FDDEF101FE4D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-07-28] (Siber Systems -> Siber Systems Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2019-12-16] (HP Inc. -> HP Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2021-07-28] (Siber Systems -> Siber Systems Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2019-12-16] (HP Inc. -> HP Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2021-07-28] (Siber Systems -> Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2021-07-28] (Siber Systems -> Siber Systems Inc.)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 03:31 - 2021-07-29 21:13 - 000000838 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2596955177-2053472912-3161159150-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\2015- SXM (171).JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Dropbox"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FC30DEE4-DDA9-484D-BB4C-C03B9451D6E7}] => (Allow) C:\Program Files\ZipDrive\ZipDrive Agent\utils\zipdrive_relay_server.exe (Pro Softnet Corp (IDrive, Inc.) -> zipdrive_relay_server)
FirewallRules: [UDP Query User{30D5F09F-C5E8-403C-BFDC-CE3DFF0CA2E4}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe (Plex, Inc. -> )
FirewallRules: [TCP Query User{215D2334-2873-4319-9AD7-F3F4A1347C5D}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe (Plex, Inc. -> )
FirewallRules: [{1216FDCE-2E9D-4951-BC44-9CCD73C31225}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B33A8978-C3C5-49E0-A11B-4A2BC8A259D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FFB57559-2253-4D68-B614-FE23ADFFE06F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05348CC0-FD05-4ADB-A3D4-D60CDA429848}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8E07500D-4D14-46B8-91D3-3CA6018CC173}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C45C8176-A568-4F62-B32B-09F01B01A37F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{0D5FE7AC-B5C6-4C20-A1F5-000FCA855FDC}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{F11DED94-75D7-4F44-A49C-09DA994D0C6F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{23FEFC8C-9FDB-4C20-8DBC-C4221AD38C58}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{A6DCC24A-7501-459D-A514-085C4AB887E0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D03E7E50-7118-4798-BC00-50F550A3CE44}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F50E1317-9573-47CE-BEB2-F85301832D4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DBB0151-A69F-41DF-B875-50F9539E83FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B91F35B1-5B1B-44FB-86B3-F1384CB4AA1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1E735E8A-77E9-45F2-88DB-1303A34EE1DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E4C895F4-2AE6-4DDE-A945-6F30ECF4BB18}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7A6AAA5A-B203-4DF6-BE84-5DC9CFF516D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ABC04810-FBE7-47D3-B5F7-24F17A39C5C0}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File
FirewallRules: [TCP Query User{18AEDF42-59A3-4F10-B892-F86624DD2684}C:\x-plane 11\x-plane.exe] => (Allow) C:\x-plane 11\x-plane.exe (Laminar Research, LLC -> Laminar Research)
FirewallRules: [UDP Query User{BB114399-C88C-4FB5-BEAE-C55D4688B872}C:\x-plane 11\x-plane.exe] => (Allow) C:\x-plane 11\x-plane.exe (Laminar Research, LLC -> Laminar Research)
FirewallRules: [{475D581C-F075-46CE-8571-BCBF4557E366}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe (HP Inc -> HP Inc.)
FirewallRules: [{6747F2B4-CEC2-445D-AFE2-BEA4484534AB}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe (HP Inc -> HP Inc.)
FirewallRules: [{B226E2D3-254A-46CC-B160-E994C08DF35D}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe (HP Inc -> HP Inc.)
FirewallRules: [{75394D45-01F5-44C1-A12A-49F4D897592E}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)
FirewallRules: [{145C166E-B3D8-4CEB-8781-D89C5510FE7D}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{814B9D6B-7D4A-4697-957A-D899CF43BBCC}] => (Allow) LPort=5357
FirewallRules: [{5B853CB3-0E18-45A6-8C6B-5E3A1BE2CA1A}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{BFF99574-0939-4B9D-8CEF-D76E48B12E02}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{60BB300D-CDA6-4B4D-834C-547B21D56380}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{38684D52-A973-4E72-B7A2-660A7209E312}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B089CB8B-23E9-4B96-B0A0-C45113F0C27B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4559FE1B-49E2-47F0-A0FA-1E29758C9E03}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C675494B-2158-4C37-B18E-2F10CBAF70D8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C30E3EFC-EE87-42BD-9DE3-2C1D5A32B070}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF92EAAC-1DE6-41C4-8DBD-543893B7EAD6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6BC1F543-F0F3-465C-AB41-02FD52C021D1}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0690\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{AF5BE725-1C07-4724-B69B-6D567C6A607C}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0690\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{5D76901F-8AFF-4397-9C76-20F57F391365}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS314C\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{A0FA192B-E84C-4AEC-A06F-D7068EE3E45B}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS314C\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{F8C5A54E-75A2-47A6-A770-995B444945EC}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Allow) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [UDP Query User{3C598DEF-4BD3-4F4C-9D0B-E5077B504318}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Allow) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [{A280DC6D-69D6-40E0-8A7C-7394C57CB9E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{037F0141-9591-4BC9-8CE4-BD8AE6ABEFCD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ACF46AD4-4DFD-42D9-A97C-4F4703CCB9DD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DD98AC99-9674-41A2-8C89-377B1E5FC01B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CF9A8BAA-1F82-4657-83DF-6C013514923E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E4B9B12C-6CAB-4258-B89B-32A09ED91FCF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{423D32CC-348D-40F4-9075-09079DF55DC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1BD34C77-7BD2-486A-AE5C-A67D020A221B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E08F665F-92B8-4210-B273-92E8F107F0FF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{570E5FC9-8E45-4902-AD32-1666F8429455}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{90F327EB-79F2-437D-94BA-A0C48C8B0C06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{331389F5-FF61-46A6-8EB0-0498087CC846}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6C26BF7-BC16-4652-96EE-D6123B7712E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{63D4837D-9ED2-4606-AD57-C40F0302EE7B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6951E1D3-DDC7-4FFE-83B8-3BB7F818136C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14228.20204.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:118.01 GB) (Free:42.04 GB) (36%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/29/2021 09:14:51 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (07/26/2021 01:59:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-O92Q0OS.local already in use; will try DESKTOP-O92Q0OS-2.local instead
Error: (07/26/2021 01:59:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-O92Q0OS.local. Addr 192.168.1.139
Error: (07/26/2021 01:59:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.139:5353 16 DESKTOP-O92Q0OS.local. AAAA 2603:7081:5907:415B:8548:F758:F350:2439
Error: (07/26/2021 01:59:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-O92Q0OS.local. AAAA FE80:0000:0000:0000:8548:F758:F350:2439
Error: (07/26/2021 01:59:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.139:5353 16 DESKTOP-O92Q0OS.local. AAAA 2603:7081:5907:415B:8548:F758:F350:2439
Error: (07/26/2021 01:59:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 DESKTOP-O92Q0OS.local. Addr 192.168.1.139
Error: (07/26/2021 01:59:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.139:5353 16 DESKTOP-O92Q0OS.local. AAAA 2603:7081:5907:415B:8548:F758:F350:2439
System errors:
=============
Error: (07/29/2021 05:12:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (07/25/2021 11:32:08 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O92Q0OS)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.
Error: (07/25/2021 11:32:08 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-O92Q0OS)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.
Error: (07/20/2021 10:04:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (07/19/2021 06:21:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (07/17/2021 08:21:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (07/16/2021 06:57:06 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (d4:e6:b7:f4:74:ee) failed.
Error: (07/16/2021 12:07:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.
Windows Defender:
================
Date: 2021-07-29 19:12:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-07-28 19:41:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-07-27 19:22:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-07-26 19:33:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-07-25 19:33:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-07-07 22:04:32
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1317.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80070643
Error description: Fatal error during installation.
Date: 2021-07-07 22:04:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.591.0
Previous security intelligence Version: 1.341.1317.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-07-07 22:04:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.591.0
Previous security intelligence Version: 1.341.1317.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-07-07 22:04:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2021-07-02 17:52:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.341.1317.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18200.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2021-07-25 11:35:06
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: AMI F.42 05/28/2020
Motherboard: HP 843B
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 16210.97 MB
Available physical RAM: 9417.05 MB
Total Virtual: 18642.97 MB
Available Virtual: 11234.76 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:118.01 GB) (Free:42.04 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:816.28 GB) NTFS
Drive f: () (Removable) (Total:60.34 GB) (Free:18.46 GB) exFAT
\\?\Volume{ce77fc6b-1122-4c21-b8a4-882e17362eaf}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.49 GB) NTFS
\\?\Volume{a275eae5-3f66-4374-964b-90111e21f035}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 313ADC61)
Partition: GPT.
==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: A8A385F5)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 60.4 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/29/21
Scan Time: 9:19 PM
Log File: 3aac0368-f0d4-11eb-bf8d-485f994f590c.json

-Software Information-
Version: 4.4.2.123
Components Version: 1.0.1358
Update Package Version: 1.0.43706
License: Premium

-System Information-
OS: Windows 10 (Build 19042.1110)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 344357
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello Pajer1a

I am Karsten and will help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.
  • Note: On weekends I might be slow to reply
-------------------------------------------------------------------

1. Farbar Recovery Scan Tool (FRST) Script

Copy the following text including "Start::" and "End::"


Start::
CreateRestorePoint:
CloseProcesses:
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [41008 2021-03-30] (McAfee, LLC. -> The OpenVPN Project)
C:\WINDOWS\System32\drivers\tap0901.sys
C:\Program Files\Common Files\McAfee
C:\ProgramData\McAfee
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91088G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Web) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaffcafpjmbdjkfpkgihpchfdhdaego [2020-07-07]
EmptyTemp:
End::


Run FRST64.exe and click on Fix.
A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.

2. Farbar Recovery Scan Tool (FRST) Search
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/paste or type the following line into the Search: box.
    SearchAll: McAfee;searchassist;mcafee
  • Press the Search Files button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please attach the log to your next reply
 
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, upnorth and Nevi
Pajer1a

Pajer1a

New Member
Thread author
Jul 29, 2021
4
Karsten- Thanks for your help. I did not understand what to do with the script that is listed in the first part of your response. I did the next 2 steps, and am including them below. One question- After running Frst64, extensions were added, and my Roboform program was removed from my system. Is this normal??
Thanks again... Jerry
 

Attachments

  • SearchReg.txt
    283.8 KB · Views: 5
  • Fixlog.txt
    2.4 KB · Views: 3
  • Like
Reactions: upnorth and Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
Hello. The disappearance of RoboForm should not happen. I only removed McAfee entries and did a search for McAfee remnants.
What do you mean with "extensions were added"?
Can you please re-scan with FRST and provide new FRST.exe and Addition.txt? I put instructions below.

---------------------------

Re-Scan with Farbar Recovery Scan Tool (FRST)
  • Double-Click FRST64.exe to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the logs in your next reply.
 
  • Like
Reactions: oldschool, Nevi and upnorth
Pajer1a

Pajer1a

New Member
Thread author
Jul 29, 2021
4
Yes, Roboform is removed, and the following 3 extensions were added to Chrome- Note that I have not enabled these extensions:
1. HP Newwork Check Launcher
2. Malwarebytes Bytes Browser Guard
3. Roboform Password Manager
 

Attachments

  • Addition.txt
    65.2 KB · Views: 1
  • FRST.txt
    40 KB · Views: 1
  • Like
Reactions: Nevi
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
RoboForm is still installed on your system as your logs show. So I am guessing it is rather a component that isn't shown to you where you expect it to be. Where exactly do you launch or use RoboForm?

Everything else you describe is related to Chrome settings. The extensions were there before, however, McAfee's Secure Browser affected the settings.
You can disable or remove the extensions you don't want to have. Let me know if you need assistance for that.

The following fix will create a registry backup (which may take a while) and remove more McAfee remnants that we found with the search.

1. Farbar Recovery Scan Tool (FRST) Script
  • Download the attached fixlist.txt
  • Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
  • Double-click FRST64.exe to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.

After this fix, is there anything besides Roboform that is bothering you?
 

Attachments

  • fixlist.txt
    8.9 KB · Views: 3
  • Like
Reactions: Nevi
Pajer1a

Pajer1a

New Member
Thread author
Jul 29, 2021
4
I have my Roboform, and have enabled the extensions (they had been disabled). If my McAfee stuff is gone, I am happy. Thanks a million for your help. Some of us would be lost without guys like yourself willing to spend the time with us. I don't see a file attachment icon, so I am copying the Fixlog.txt below.

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2021
Ran by HP (03-08-2021 19:30:28) Run:2
Running from C:\Users\HP\Downloads\Frst64
Loaded Profiles: HP
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
cmd: mkdir C:\RegBackup
cmd: reg export HKCR C:\RegBackup\HKCR.Reg /y
cmd: reg export HKCU C:\RegBackup\HKCU.Reg /y
cmd: reg export HKLM C:\RegBackup\HKLM.Reg /y
cmd: reg export HKU C:\RegBackup\HKU.Reg /y
cmd: reg export HKCC C:\RegBackup\HKCC.Reg /y
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
c:\program files (x86)\mcafee
C:\Program Files\McAfee Security Scan
C:\Program Files\Common Files\McAfee
[-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\mcafeeupdater]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCAEB2CC-5FB4-4BDA-A835-A7707130400C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.language-sv_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.scale-100_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2596955177-2053472912-3161159150-1001\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\mcafeeupdater]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-2596955177-2053472912-3161159150-1001\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.54.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-2596955177-2053472912-3161159150-1001\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-2596955177-2053472912-3161159150-1003\5A894077.McAfeeSecurity_2.1.54.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.54.0_neutral_split.language-sv_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.54.0_neutral_split.scale-100_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.54.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.54.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-2596955177-2053472912-3161159150-1001\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy]
[-HKEY_USERS\S-1-5-21-2596955177-2053472912-3161159150-1003\SOFTWARE\McAfee]
[-HKEY_USERS\S-1-5-21-2596955177-2053472912-3161159150-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Namespace\packagestate\5a894077.mcafeesecurity_wafk5atnkzcwy-0]
[-HKEY_USERS\S-1-5-21-2596955177-2053472912-3161159150-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\CollectionStaging\packagestate-5a894077.mcafeesecurity_wafk5atnkzcwy-0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.language-sv_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.scale-100_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.scale-150_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_~_wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\4^5A894077.McAfeeSecurity_wafk5atnkzcwy!App]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\5^5A894077.McAfeeSecurity_wafk5atnkzcwy!App]
EmptyTemp:

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

========= mkdir C:\RegBackup =========


========= End of CMD: =========


========= reg export HKCR C:\RegBackup\HKCR.Reg /y =========

ERROR: Invalid syntax.
Type "REG EXPORT /?" for usage.

========= End of CMD: =========


========= reg export HKCU C:\RegBackup\HKCU.Reg /y =========

ERROR: Invalid syntax.
Type "REG EXPORT /?" for usage.

========= End of CMD: =========


========= reg export HKLM C:\RegBackup\HKLM.Reg /y =========

ERROR: Invalid syntax.
Type "REG EXPORT /?" for usage.

========= End of CMD: =========


========= reg export HKU C:\RegBackup\HKU.Reg /y =========

ERROR: Invalid syntax.
Type "REG EXPORT /?" for usage.

========= End of CMD: =========


========= reg export HKCC C:\RegBackup\HKCC.Reg /y =========

ERROR: Invalid syntax.
Type "REG EXPORT /?" for usage.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

"c:\program files (x86)\mcafee" => not found
"C:\Program Files\McAfee Security Scan" => not found
"C:\Program Files\Common Files\McAfee" => not found
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\mcafeeupdater => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCAEB2CC-5FB4-4BDA-A835-A7707130400C} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.language-sv_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.scale-100_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2596955177-2053472912-3161159150-1001\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\mcafeeupdater => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy => not found
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-2596955177-2053472912-3161159150-1001\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.54.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-2596955177-2053472912-3161159150-1001\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-2596955177-2053472912-3161159150-1003\5A894077.McAfeeSecurity_2.1.54.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.54.0_neutral_split.language-sv_wafk5atnkzcwy" => not found
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.54.0_neutral_split.scale-100_wafk5atnkzcwy" => not found
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.54.0_neutral_~_wafk5atnkzcwy" => not found
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Staged\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.54.0_x64__wafk5atnkzcwy" => not found
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy" => not found
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy" => not found
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy" => not found
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy => removed successfully
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy] => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-2596955177-2053472912-3161159150-1001\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy => removed successfully
HKEY_USERS\S-1-5-21-2596955177-2053472912-3161159150-1003\SOFTWARE\McAfee => removed successfully
HKEY_USERS\S-1-5-21-2596955177-2053472912-3161159150-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Namespace\packagestate\5a894077.mcafeesecurity_wafk5atnkzcwy-0 => removed successfully
HKEY_USERS\S-1-5-21-2596955177-2053472912-3161159150-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\CollectionStaging\packagestate-5a894077.mcafeesecurity_wafk5atnkzcwy-0 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.scale-100_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.27.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.27.0_neutral_split.language-sv_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.language-sv_wafk5atnkzcwy => not found
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.scale-100_wafk5atnkzcwy => not found
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_split.scale-150_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_neutral_~_wafk5atnkzcwy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\4^5A894077.McAfeeSecurity_wafk5atnkzcwy!App" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\5^5A894077.McAfeeSecurity_wafk5atnkzcwy!App" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12712135 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 35159954 B
Edge => 0 B
Chrome => 428817742 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2922 B
NetworkService => 10170 B
HP => 162231016 B

RecycleBin => 2593410 B
EmptyTemp: => 623.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:30:42 ====
 
  • Like
Reactions: Nevi and struppigel
struppigel

struppigel

Super Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
667
If there are no outstanding issues, we can wrap this up. Drag FRST to the trash bin. You can also delete the folder C:\RegBackup. The registry backup did not work even though I tested the commands on my machine before I gave them to you. :unsure: But they were just a precaution in case something I do goes wrong.
The rest however worked fine.
Do you have any remaining questions?
 
Last edited:
  • Like
Reactions: oldschool, upnorth, Gandalf_The_Grey and 1 other person
Status
Not open for further replies.

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,486
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
2,348
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,264
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top