jg52276 commented 4 years ago

Welcome ! Thank you for joining the section of VIRUSNET association support.

BEFORE ASKING HELP, READ CAREFULLY THIS INSTRUCTION:

Step 1: Are you in the right place?

Do you need assistance in PC cure from viruses?
Or would you like to report a bug or propose a feature for HiJackThis?

If yes, see the next step.

Step 2: Show us required logs (for PC cure):

Read carefully: How to make a request for help in the PC cure section
Attach 'Collection-[Date].zip' log created by AutoLogger
Describe your problem in details:

What did you done before the problem occurs: _____
What programs (browsers) affected by the problem: ____
Steps to reproduce: _____

jg52276 commented 4 years ago

For the past week or so Chrome has been running real slow. Microsoft edge works fine and my speed test are fast. I ran Malwarebytes and tried resetting chrome back to default with no luck, still slow. Can you look at these logs and see if you see anything that shouldn't be there.

Thanks

CollectionLog-2020.05.01-19.46.zip

dragokas commented 4 years ago

Hi, thank you for the log. We'll return to you as soon as possible.

Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics. Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.

Sandor-Helper commented 4 years ago

Hello,

Few questions: Do you know about this file?

C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd

And do you install this program by yourself?

Notepad Replacer 1.2

In addition please do this:

Download AdwCleaner (by Malwarebytes) and save it to Desktop. Run (it should be run by right-clicking as Administrator), press "Scan" and wait. At the end of the scan log will be found at: C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt (where x is any digit). Attach it to your next post here.

jg52276 commented 4 years ago

Thanks for getting back to me.

I did install the notepad replacer but I removed it today. Also the GeoCompy was from when I lived in NJ and was using a online betting site. I no longer live there so I no longer need it.

Here is the Adware log file also.

Thanks

On Sat, May 2, 2020 at 1:06 PM Sandor-Helper notifications@github.com wrote:

Hello,

Few questions: Do you know about this file?

C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd

And do you install this program by yourself?

Notepad Replacer 1.2

In addition please do this:

Download AdwCleaner (by Malwarebytes) https://toolslib.net/downloads/viewdownload/1-adwcleaner/ and save it to Desktop. Run (it should be run by right-clicking as Administrator), press "Scan" and wait. At the end of the scan log will be found at: C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt (where x is any digit). Attach it to your next post here.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/92#issuecomment-622984553, or unsubscribe https://github.com/notifications/unsubscribe-auth/APLMAZW77QUQSYEKIMD5L2DRPRHKLANCNFSM4MXPWAAA .

-------------------------------

Malwarebytes AdwCleaner 8.0.4.0

-------------------------------

Build: 04-03-2020

Database: 2020-04-08.2 (Cloud)

Support: https://www.malwarebytes.com/support

#

-------------------------------

Mode: Scan

-------------------------------

Start: 05-03-2020

Duration: 00:00:13

OS: Windows 10 Pro

Scanned: 31802

Detected: 11

[ Services ]

No malicious services found.

[ Folders ]

No malicious folders found.

[ Files ]

PUP.Optional.Legacy C:\END PUP.Optional.Legacy C:\Users\jg522\AppData\Roaming\Mozilla\Firefox\Profiles\3bvzc5o8.default\searchplugins\bing-lavasoft.xml

[ DLL ]

No malicious DLLs found.

[ WMI ]

No malicious WMI found.

[ Shortcuts ]

No malicious shortcuts found.

[ Tasks ]

No malicious tasks found.

[ Registry ]

PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion

[ Chromium (and derivatives) ]

No malicious Chromium entries found.

[ Chromium URLs ]

No malicious Chromium URLs found.

[ Firefox (and derivatives) ]

No malicious Firefox entries found.

[ Firefox URLs ]

No malicious Firefox URLs found.

[ Hosts File Entries ]

No malicious hosts file entries found.

[ Preinstalled Software ]

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\jg522\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Classes\CLSID{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall{00612F78-52C4-46C0-97F0-F50B6036B5E2}

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

-------------------------------

Malwarebytes AdwCleaner 8.0.4.0

-------------------------------

Build: 04-03-2020

Database: 2020-04-08.2 (Cloud)

Support: https://www.malwarebytes.com/support

#

-------------------------------

Mode: Clean

-------------------------------

Start: 05-03-2020

Duration: 00:00:01

OS: Windows 10 Pro

Cleaned: 11

Failed: 0

[ Services ]

No malicious services cleaned.

[ Folders ]

No malicious folders cleaned.

[ Files ]

Deleted C:\END Deleted C:\Users\jg522\AppData\Roaming\Mozilla\Firefox\Profiles\3bvzc5o8.default\searchplugins\bing-lavasoft.xml

[ DLL ]

No malicious DLLs cleaned.

[ WMI ]

No malicious WMI cleaned.

[ Shortcuts ]

No malicious shortcuts cleaned.

[ Tasks ]

No malicious tasks cleaned.

[ Registry ]

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

[ Chromium (and derivatives) ]

No malicious Chromium entries cleaned.

[ Chromium URLs ]

No malicious Chromium URLs cleaned.

[ Firefox (and derivatives) ]

No malicious Firefox entries cleaned.

[ Firefox URLs ]

No malicious Firefox URLs cleaned.

[ Hosts File Entries ]

No malicious hosts file entries cleaned.

[ Preinstalled Software ]

Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Users\jg522\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Classes\CLSID{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall{00612F78-52C4-46C0-97F0-F50B6036B5E2}

[+] Delete Tracing Keys [+] Reset Winsock

AdwCleaner[S00].txt - [2748 octets] - [03/05/2020 12:35:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Sandor-Helper commented 4 years ago

Thanks for the log. Please, instead of inserting it in message, better attach it.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
Please attach the logs back here.

jg52276 commented 4 years ago

Here are the logs

On Sun, May 3, 2020 at 1:52 PM Sandor-Helper notifications@github.com wrote:

Thanks for the log. Please, instead of inserting it in message, better attach it.

Please download Farbar Recovery Scan Tool https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.

Please attach the logs back here.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/92#issuecomment-623152091, or unsubscribe https://github.com/notifications/unsubscribe-auth/APLMAZXPLNDPLS2SZ6GOFFDRPWVMDANCNFSM4MXPWAAA .

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020 Ran by jg522 (03-05-2020 15:33:21) Running from C:\Users\jg522\Downloads Windows 10 Pro Version 1809 17763.1158 (X64) (2019-03-24 19:36:51) Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-914762255-1940287929-4287671751-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-914762255-1940287929-4287671751-503 - Limited - Disabled) Guest (S-1-5-21-914762255-1940287929-4287671751-501 - Limited - Disabled) jg522 (S-1-5-21-914762255-1940287929-4287671751-1001 - Administrator - Enabled) => C:\Users\jg522 rebec (S-1-5-21-914762255-1940287929-4287671751-1006 - Limited - Enabled) => C:\Users\rebec WDAGUtilityAccount (S-1-5-21-914762255-1940287929-4287671751-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM...\7-Zip) (Version: 15.12 - Igor Pavlov) Adobe Bridge 2020 (HKLM-x32...\KBRG_10_0_4) (Version: 10.0.4 - Adobe Inc.) Adobe Creative Cloud (HKLM-x32...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32...{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.3 - Adobe Systems Incorporated) Adobe Photoshop 2020 (HKLM-x32...\PHSP_21_1_2) (Version: 21.1.2 - Adobe Inc.) Adobe Photoshop CC 2015 (HKLM-x32...{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated) AI Suite 3 (HKLM-x32...{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.13 - ASUSTeK Computer Inc.) Amazon Music (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\Amazon Amazon Music) (Version: 7.10.1.2195 - Amazon.com Services LLC) AOMEI Partition Assistant Standard Edition 8.1 (HKLM-x32...{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-bit) (HKLM-x32...{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM...{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.) Apple Mobile Device Support (HKLM...{45DDDFED-AABC-450C-B49C-5B4A5E547F5B}) (Version: 13.0.0.38 - Apple Inc.) Apple Software Update (HKLM-x32...{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32...{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.24.0 - Asmedia Technology) ASUS(R) Intel(R) Extreme Tuning Utility (HKLM-x32...{84786AE5-6616-4C64-9E92-843A47961FA6}) (Version: 6.3.0.203 - Intel Corporation) Hidden ASUS(R) Intel(R) Extreme Tuning Utility (HKLM-x32...{b2d147ef-aafa-4fa4-a71a-1ec3efae41c1}) (Version: 6.3.0.203 - Intel Corporation) AURA (HKLM-x32...{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.01.09 - ASUSTeK Computer Inc.) Backup and Sync from Google (HKLM...{FE296942-D2D3-4149-8895-60655FE4CFDE}) (Version: 3.49.9800.0000 - Google, Inc.) Battlefield™ Hardline (HKLM-x32...{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.4.0.10 - Electronic Arts) BlueStacks App Player (HKLM...\BlueStacks) (Version: 4.190.0.5002 - BlueStack Systems, Inc.) Bomgar Jump Client 16.1.4 [support.mediapassport.com] [56FDE275] (HKLM...\Bomgar Jump Client [support.mediapassport.com-56FDE275]) (Version: 16.1.4 - Bomgar) Bomgar Jump Client 17.1.5 [support.mediapassport.com] [58460076] (HKLM...\Bomgar Jump Client [support.mediapassport.com-58460076]) (Version: 17.1.5 - Bomgar) Bonjour (HKLM...{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) ClipboardFusion 5.7 (HKLM-x32...\CE862FB9-804D-4D16-98F5-677FA31B647C_is1) (Version: 5.7.0.0 - Binary Fortress Software) CouchPotato (HKLM-x32...\CouchPotato_is1) (Version: 3 - Your Mom) Creative Live! Central 3 (HKLM-x32...\Creative Live! Central 2) (Version: 3.01.29 - Creative Technology Ltd) Creative Software AutoUpdate (HKLM-x32...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited) Creative System Information (HKLM-x32...\SysInfo) (Version: 1.10 - Creative Technology Limited) DisplayFusion 9.6.1 (HKLM-x32...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.6.1.0 - Binary Fortress Software) Dropbox (HKLM-x32...\Dropbox) (Version: 96.4.172 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32...{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden Epic Games Launcher (HKLM-x32...{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM...{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden FileSeek 6.3 (HKLM-x32...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 6.3.0.0 - Binary Fortress Software) Futuremark SystemInfo (HKLM-x32...{A93C08EF-FEB5-49B0-BA5C-2149018683B5}) (Version: 5.26.809.0 - Futuremark) Generic 2.0.2 (only current user) (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\0b2dd310-f8a1-5b63-abd1-c46a759e1eb1) (Version: 2.0.2 - Yuri Bely) GOM Player (HKLM-x32...\GOM Player) (Version: 2.3.51.5315 - GOM & Company) Google Chrome (HKLM-x32...{0B5D7DA7-9220-392F-89C6-4C75AB36E977}) (Version: 81.0.4044.129 - Google, Inc.) Google Photos Backup (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.) Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden GRS Workstation for Managers version 1.2.3 (HKLM-x32...{85716317-D3D4-4100-B409-D4F76468A9B7}_is1) (Version: 1.2.3 - Granbury Solutions) HP Dropbox Plugin (HKLM-x32...{C54DEA1F-7A8D-410B-A675-04E0FB562CB0}) (Version: 40.13.54.81239 - HP) HP ENVY 4500 series Basic Device Software (HKLM...{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32...{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP ENVY 7640 series Basic Device Software (HKLM...{9DA0F1F8-9B4F-4C6A-AF6E-DCD1BA99AC3E}) (Version: 40.13.1176.1978 - HP Inc.) HP ENVY 7640 series Help (HKLM-x32...{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard) HP Google Drive Plugin (HKLM-x32...{533B4739-13DD-4AAB-9524-070B3F0CE6ED}) (Version: 40.13.54.81239 - HP) HP Photo Creations (HKLM-x32...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32...{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) iCloud (HKLM...{359CA9EA-898C-4F5C-80D9-C111F27B489E}) (Version: 7.17.0.13 - Apple Inc.) ImgBurn (HKLM-x32...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) InfraRecorder 0.53 (x64 edition) (HKLM...{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl) iTunes (HKLM...{49F48AA2-DEA7-453A-8735-9C862E7C8467}) (Version: 12.10.4.2 - Apple Inc.) Java 8 Update 121 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) LastPass (uninstall only) (HKLM-x32...\LastPass) (Version: - LastPass) Launcher Prerequisites (x64) (HKLM-x32...{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LibreOffice 5.1.0.3 (HKLM...{C7F3829A-D959-417F-8A0A-EFAA5D484BE1}) (Version: 5.1.0.3 - The Document Foundation) Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM...\Creative VF0770) (Version: - Creative Technology Ltd.) Malwarebytes version 4.1.0.56 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\Teams) (Version: 1.3.00.362 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32...{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32...{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32...{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32...{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Minecraft (HKLM-x32...{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 45.5.0 ESR (x86 en-US) (HKLM-x32...\Mozilla Firefox 45.5.0 ESR (x86 en-US)) (Version: 45.5.0 - Mozilla) Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) Need for Speed™ Most Wanted (HKLM-x32...{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts) Newsbin for Astraweb (HKLM...\Newsbin6) (Version: 6.72 - DJI Interprises, LLC) Newshosting (HKLM...{A7BC5BBB-CE88-4F7F-B34E-49B801BA6C09}) (Version: 2.9.11 - Newshosting) newshosting (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\808e41b563160b28) (Version: 1.0.3.0 - NEWSHOSTING) NordVPN (HKLM-x32...{61912B8D-78D2-4C3A-B566-F72B189F9E30}) (Version: 6.28.13 - NordVPN) Hidden NordVPN (HKLM-x32...\NordVPN 6.28.13) (Version: 6.28.13 - NordVPN) NordVPN network TAP (HKLM-x32...{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN) Notepad++ (32-bit x86) (HKLM-x32...\Notepad++) (Version: 7.8.5 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA GeForce Experience 3.13.1.30 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0329 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation) Origin (HKLM-x32...\Origin) (Version: 10.5.68.39605 - Electronic Arts, Inc.) PeaZip 7.0.0 (WIN64) (HKLM...{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 7.0.0 - Giorgio Tani) Player Location Check (HKLM-x32...{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.0.5.1,3.1.1.3 - GeoComply) Plex Media Server (HKLM-x32...{3f65add2-61e1-429c-942e-61b2174f6d26}) (Version: 1.19.1.2630 - Plex, Inc.) Plex Media Server (HKLM-x32...{8C3A18D3-E4C5-4665-AA1B-7F50BD43FB26}) (Version: 1.19.2630 - Plex, Inc.) Hidden PrimoCache 2.7.0 (HKLM...{7A37EA43-BF6F-4DB7-83DB-97AA19BF9408}_is1) (Version: 2.7.0 - Romex Software) Product Improvement Study for HP ENVY 7640 series (HKLM...{B496F96B-0DCB-4015-B175-9904967F1E3C}) (Version: 40.13.1176.1978 - HP Inc.) PuTTY release 0.66 (HKLM-x32...\PuTTY_is1) (Version: 0.66 - Simon Tatham) Python 2.7.11 (HKLM-x32...{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation) QuickTime 7 (HKLM-x32...{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Raspberry Pi Imager (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\Raspberry Pi Imager) (Version: 1.2 - Raspberry Pi) Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.) Remote Support Jump Client 19.2.1 [support.mediapassport.com] [5C013553] (HKLM...\BeyondTrust Remote Support Jump Client [support.mediapassport.com-5C013553]) (Version: 19.2.1 - BeyondTrust) SABnzbd 2.3.5 (HKLM-x32...\SABnzbd) (Version: 2.3.5 - The SABnzbd Team) SD Card Formatter (HKLM-x32...{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association) Sonarr version 2.0 (HKLM-x32...{56C1065D-3523-4025-B76D-6F73F67F7F71}_is1) (Version: 2.0 - Team Sonarr) Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stopping Plex (HKLM-x32...{8CE6BDB5-DC60-4EDF-B857-8F387D77FA8C}) (Version: 1.19.2630 - Plex, Inc.) Hidden T7 Wired Gaming Mouse driver v1.0.5 (HKLM-x32...{12365A3F-048D-439B-92C8-E4D388939D1C}_is1) (Version: - ) TAP-NordVPN 9.21.2 (HKLM...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com) TeamViewer (HKLM-x32...\TeamViewer) (Version: 15.4.8332 - TeamViewer) Telegram Desktop version 2.0.1 (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.0.1 - Telegram FZ-LLC) The Sims™ 4 (HKLM-x32...{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.62.67.1020 - Electronic Arts Inc.) Tom Clancy's The Division 2 (HKLM-x32...\Uplay Install 4932) (Version: - Ubisoft) TrayStatus 4.2 (HKLM-x32...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 4.2.0.0 - Binary Fortress Software) TreeSize V6.3.2 (64 bit) (HKLM...\TreeSize_is1) (Version: 6.3.2 - JAM Software) TrueCrypt (HKLM-x32...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Uplay (HKLM-x32...\Uplay) (Version: 97.0 - Ubisoft) VLC media player (HKLM...\VLC media player) (Version: 3.0.8 - VideoLAN) VNC Server 6.7.1 (HKLM...{2CBE54E1-E93C-4C22-84B3-48DFC45C467A}) (Version: 6.7.1.42348 - RealVNC Ltd) VNC Viewer 6.20.113 (HKLM...{CD0CCE99-7981-4A53-851A-0A6275EC959C}) (Version: 6.20.113.42314 - RealVNC Ltd) Vulkan Run Time Libraries 1.0.3.0 (HKLM...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) WansviewCloud version V1.0.19042902 (HKLM-x32...{708EE143-14DD-413D-84ED-9A2FAF8331BF}_is1) (Version: V1.0.19042902 - Ajcloud) Win32DiskImager version 1.0.0 (HKLM-x32...{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers) WinDirStat 1.1.2 (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\WinDirStat) (Version: - ) Windows 10 Update Assistant (HKLM-x32...{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation) Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (07/14/2015 12.0.1.658) (HKLM...\BABE4E18F2E0DA329C1139E5584082BBE6F64E5F) (Version: 07/14/2015 12.0.1.658 - Broadcom Corporation) Wondershare Helper Compact 2.5.0 (HKLM-x32...{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare) Wondershare Video Converter Ultimate(Build 8.7.0.5) (HKLM-x32...\Wondershare Video Converter Ultimate_is1) (Version: 8.7.0.5 - Wondershare Software) Zoom (HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:

Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86enpm4xejd91yc [2020-04-11] (Adobe Systems Incorporated) Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x6422t9g3sebte08 [2020-03-10] (AMZN Mobile LLC.) [Startup Task] Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64tf1gferkr813w [2019-11-07] (Autodesk Inc.) HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64v10z8vjag6ke6 [2016-06-16] (Hewlett-Packard Company) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64v10z8vjag6ke6 [2020-04-14] (HP Inc.) Language Translator -> C:\Program Files\WindowsApps\63660JulioO.Casal.TheTranslator_4.5.3.0_x64662c6t0540t0w [2020-03-09] (Julio O. Casal) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x648wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x868wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x648wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x648wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x648wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x648wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x648wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64mcm4njqhnhss8 [2020-04-10] (Netflix, Inc.) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x6456jybvy8sckqj [2020-03-11] (NVIDIA Corp.) OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.9.0_x648wekyb3d8bbwe [2020-03-03] (Microsoft Corporation) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x648wekyb3d8bbwe [2020-03-13] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x648wekyb3d8bbwe [2019-09-16] (Microsoft Corporation) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.10.61.0_x6443tkc6nmykmb6 [2020-04-08] (Ookla) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86zpdnekdrzrea0 [2020-04-23] (Spotify AB) [Startup Task] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutralwgeqdkkx372wm [2018-09-08] (Twitter Inc.) Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x648wekyb3d8bbwe [2016-06-16] (Microsoft Corporation) [MS Ad] Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-02-15] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-90E75166DF6C} -> [Creative Cloud Files] => C:\Users\jg522\Creative Cloud Files [2015-12-22 17:11] CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\jg522\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\jg522\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\jg522\Dropbox [2015-12-28 17:04] CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-914762255-1940287929-4287671751-1001_Classes\CLSID{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\jg522\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-04-06] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-04-06] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-04-06] (Google LLC -> Google) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-12-03] (Notepad++ -> ) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [FileSeek] -> {b211c53f-0052-4187-957f-f5bea28eb679} => C:\Program Files (x86)\FileSeek\FileSeekContextMenuHandler64_706f3245-5e8f-4efe-8bd4-cbe1dcb7106a.dll [2020-03-14] (Binary Fortress Software Ltd -> Binary Fortress Software) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-04-06] (Google LLC -> Google) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll [2015-02-27] () [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-04-06] (Google LLC -> Google) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-03-04] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ContextMenuHandlers6: [FileSeek] -> {b211c53f-0052-4187-957f-f5bea28eb679} => C:\Program Files (x86)\FileSeek\FileSeekContextMenuHandler64_706f3245-5e8f-4efe-8bd4-cbe1dcb7106a.dll [2020-03-14] (Binary Fortress Software Ltd -> Binary Fortress Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com) HKLM...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-03-09 17:47 - 2017-12-19 23:01 - 000193536 ( (TODO: ) [File not signed]) [File is in use ] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\AsusGpuTweak.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 000629760 () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\aacdecoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 000336384 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\ac3decoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 000393728 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\ac3encoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 000607232 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\dcadecoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 001558016 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\h264decoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 000817152 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\hevcdecoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 001799680 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\libx264encoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 000578560 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\mp3decoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 000559616 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\mpeg2videodecoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 001267200 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\mpeg4decoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 001496576 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\msmpeg4v3decoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 001793024 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\rv40decoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 001496576 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\wmv1decoder.dll 2020-04-08 20:32 - 2020-04-08 20:32 - 002117120 ____ () [File not signed] \?\C:\Users\jg522\AppData\Local\Plex Media Server\Codecs\99c90e0-3079-windows-x86\wmv3decoder.dll 2020-03-09 17:47 - 2017-10-29 19:15 - 000147456 ____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll 2020-03-09 17:46 - 2017-12-26 09:26 - 000053248 () [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\cpuutil.dll 2020-03-09 17:47 - 2017-11-27 05:57 - 000062464 () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Exeio.dll 2020-03-09 17:47 - 2017-11-27 05:57 - 001772544 () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Vender.dll 2020-03-14 02:11 - 2017-01-04 09:55 - 001044480 () [File not signed] C:\Program Files (x86)\ClipboardFusion\x64\esqlite3.dll 2019-12-30 16:25 - 2017-01-04 10:55 - 001044480 ____ () [File not signed] C:\Program Files (x86)\DisplayFusion\x64\esqlite3.dll 2020-03-14 03:05 - 2017-01-04 09:55 - 001044480 ____ () [File not signed] C:\Program Files (x86)\TrayStatus\x64\esqlite3.dll 2020-04-12 23:02 - 2020-02-08 20:38 - 010159104 ____ () [File not signed] C:\Program Files\Agent\libOrg.WebRtc.WrapperC.dll 2019-10-11 07:21 - 2019-10-11 07:21 - 000111104 () [File not signed] C:\Program Files\Newshosting\CrashRpt.dll 2019-10-11 07:21 - 2019-10-11 07:21 - 000560128 () [File not signed] C:\Program Files\Newshosting\par2.dll 2019-10-11 07:22 - 2019-10-11 07:22 - 000446976 () [File not signed] C:\Program Files\Newshosting\plugins\newshosting.dll 2018-12-10 16:42 - 2018-12-10 16:42 - 000164864 () [File not signed] C:\Program Files\SABnzbd\lib_cffibackend.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000121856 ____ () [File not signed] C:\Program Files\SABnzbd\lib_ctypes.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 001639424 () [File not signed] C:\Program Files\SABnzbd\lib_hashlib.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000034816 ____ () [File not signed] C:\Program Files\SABnzbd\lib_multiprocessing.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000050688 () [File not signed] C:\Program Files\SABnzbd\lib_socket.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000064000 () [File not signed] C:\Program Files\SABnzbd\lib_sqlite3.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 002104832 () [File not signed] C:\Program Files\SABnzbd\lib_ssl.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000017920 () [File not signed] C:\Program Files\SABnzbd\lib_subprocessww.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000092672 ____ () [File not signed] C:\Program Files\SABnzbd\lib\bz2.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000013824 () [File not signed] C:\Program Files\SABnzbd\lib\Cheetah.namemapper.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000008192 ____ () [File not signed] C:\Program Files\SABnzbd\lib\cryptography.hazmat.bindings._constanttime.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 002680832 ____ () [File not signed] C:\Program Files\SABnzbd\lib\cryptography.hazmat.bindings.openssl.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000186368 ____ () [File not signed] C:\Program Files\SABnzbd\lib\pyexpat.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000549376 () [File not signed] C:\Program Files\SABnzbd\lib\pythoncom27.dll 2018-12-10 16:42 - 2018-12-10 16:42 - 000138752 () [File not signed] C:\Program Files\SABnzbd\lib\pywintypes27.dll 2018-12-10 16:42 - 2018-12-10 16:42 - 000012288 () [File not signed] C:\Program Files\SABnzbd\lib\sabyenc.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000011776 () [File not signed] C:\Program Files\SABnzbd\lib\select.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000032256 () [File not signed] C:\Program Files\SABnzbd\lib\servicemanager.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000802816 () [File not signed] C:\Program Files\SABnzbd\lib\sqlite3.dll 2018-12-10 16:42 - 2018-12-10 16:42 - 000010752 () [File not signed] C:\Program Files\SABnzbd\lib\timer.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000692224 () [File not signed] C:\Program Files\SABnzbd\lib\unicodedata.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000130560 () [File not signed] C:\Program Files\SABnzbd\lib\win32api.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000023040 () [File not signed] C:\Program Files\SABnzbd\lib\win32event.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000063488 () [File not signed] C:\Program Files\SABnzbd\lib\win32evtlog.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000150016 () [File not signed] C:\Program Files\SABnzbd\lib\win32file.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000223744 () [File not signed] C:\Program Files\SABnzbd\lib\win32gui.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000045056 () [File not signed] C:\Program Files\SABnzbd\lib\win32process.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000136192 () [File not signed] C:\Program Files\SABnzbd\lib\win32security.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000053760 () [File not signed] C:\Program Files\SABnzbd\lib\win32service.pyd 2018-12-10 16:42 - 2018-12-10 16:42 - 000393216 () [File not signed] C:\Program Files\SABnzbd\lib\winxpgui.pyd 2020-03-10 03:51 - 2020-03-10 03:51 - 072052736 () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x6422t9g3sebte08\Alexa.dll 2020-02-13 22:57 - 2020-02-13 22:58 - 000948736 _ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x6422t9g3sebte08\esqlite3.dll 2018-10-16 02:03 - 2018-10-16 02:03 - 000009216 ____ () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64_22t9g3sebte08\ImagePipelineNative.dll 2020-03-10 03:51 - 2020-03-10 03:51 - 000123392 () [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x6422t9g3sebte08\libpryon_lite.dll 2016-08-09 22:57 - 2015-02-27 14:38 - 000721263 ___ () [File not signed] C:\WINDOWS\SysWOW64\WSCM64.dll 2019-10-11 07:21 - 2019-10-11 07:21 - 000198144 (Alexander Roshal) [File not signed] C:\Program Files\Newshosting\unrar.dll 2020-03-09 17:23 - 2010-08-09 21:33 - 000108544 (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL 2020-03-09 17:47 - 2017-10-29 19:15 - 000108544 (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll 2020-03-09 17:47 - 2017-11-24 08:47 - 000108544 (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpi.dll 2020-03-09 17:46 - 2020-05-03 13:01 - 000042792 (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll 2020-03-09 17:47 - 2017-10-29 19:15 - 000676864 (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll 2020-03-09 17:47 - 2017-10-29 19:15 - 000221184 (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll 2020-03-09 17:47 - 2017-11-24 08:47 - 000221184 (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll 2020-03-09 17:47 - 2017-11-24 08:47 - 000676864 (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpiEx.dll 2020-03-09 17:47 - 2017-05-02 20:17 - 000106496 (ASUSTek Computer Inc.,) [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\EIO.DLL 2020-04-12 23:02 - 2019-10-07 18:08 - 022744576 (Emgu Corporation) [File not signed] C:\Program Files\Agent\dlls\x64\cvextern.DLL 2020-02-13 22:57 - 2020-02-13 22:58 - 000098816 (Facebook, Inc.) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x6422t9g3sebte08\yoga.dll 2020-04-12 23:02 - 2020-02-24 16:00 - 044621312 __ (FFmpeg Project) [File not signed] C:\Program Files\Agent\dlls\x64\avcodec-58.dll 2020-04-12 23:02 - 2020-02-24 16:00 - 002724352 (FFmpeg Project) [File not signed] C:\Program Files\Agent\dlls\x64\avdevice-58.dll 2020-04-12 23:02 - 2020-02-24 16:00 - 008271360 (FFmpeg Project) [File not signed] C:\Program Files\Agent\dlls\x64\avfilter-7.dll 2020-04-12 23:02 - 2020-02-24 16:00 - 010403840 (FFmpeg Project) [File not signed] C:\Program Files\Agent\dlls\x64\avformat-58.dll 2020-04-12 23:02 - 2020-02-24 16:00 - 000953344 (FFmpeg Project) [File not signed] C:\Program Files\Agent\dlls\x64\avutil-56.dll 2020-04-12 23:02 - 2020-02-24 16:00 - 000135168 (FFmpeg Project) [File not signed] C:\Program Files\Agent\dlls\x64\postproc-55.dll 2020-04-12 23:02 - 2020-02-24 16:00 - 000428544 (FFmpeg Project) [File not signed] C:\Program Files\Agent\dlls\x64\swresample-3.dll 2020-04-12 23:02 - 2020-02-24 16:00 - 000552960 (FFmpeg Project) [File not signed] C:\Program Files\Agent\dlls\x64\swscale-5.dll 2019-10-11 07:22 - 2019-10-11 07:22 - 002567680 (Newshosting) [File not signed] C:\Program Files\Newshosting\connector.dll 2019-10-11 07:21 - 2019-10-11 07:21 - 003909632 (Newshosting) [File not signed] C:\Program Files\Newshosting\core.dll 2018-12-10 16:42 - 2018-12-10 16:42 - 003428352 (Python Software Foundation) [File not signed] C:\Program Files\SABnzbd\PYTHON27.DLL 2020-03-14 02:11 - 2019-10-27 05:41 - 001631744 (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\ClipboardFusion\x64\SQLite.Interop.dll 2016-10-01 20:50 - 2017-04-06 17:27 - 000665719 (SQLite Development Team) [File not signed] C:\ProgramData\NzbDrone\bin\sqlite3.DLL 2019-02-22 05:18 - 2019-02-22 05:18 - 002116608 (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Newshosting\LIBEAY32.dll 2019-02-22 05:18 - 2019-02-22 05:18 - 000361984 (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Newshosting\ssleay32.dll 2019-09-17 06:43 - 2019-09-17 06:43 - 000035840 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\iconengines\qsvgicon.dll 2019-09-17 06:41 - 2019-09-17 06:41 - 000031744 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\imageformats\qgif.dll 2019-09-17 06:41 - 2019-09-17 06:41 - 000413696 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\imageformats\qjpeg.dll 2019-09-17 06:43 - 2019-09-17 06:43 - 000025088 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\imageformats\qsvg.dll 2019-09-17 06:42 - 2019-09-17 06:42 - 000373760 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\imageformats\qtiff.dll 2019-09-17 06:42 - 2019-09-17 06:42 - 000520704 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\imageformats\qwebp.dll 2019-09-17 06:42 - 2019-09-17 06:42 - 001385984 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\platforms\qwindows.dll 2019-09-17 06:41 - 2019-09-17 06:41 - 001155072 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\sqldrivers\qsqlite.dll 2019-09-17 06:41 - 2019-09-17 06:41 - 000135680 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\plugins\styles\qwindowsvistastyle.dll 2019-09-17 06:38 - 2019-09-17 06:38 - 000027136 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5Concurrent.dll 2019-09-17 06:38 - 2019-09-17 06:38 - 005958656 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5Core.dll 2019-09-17 06:39 - 2019-09-17 06:39 - 004527616 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5Gui.dll 2019-09-17 06:39 - 2019-09-17 06:39 - 001324032 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5Network.dll 2019-09-17 06:41 - 2019-09-17 06:41 - 000316928 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5PrintSupport.dll 2019-09-17 06:38 - 2019-09-17 06:38 - 000204800 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5Sql.dll 2019-09-17 06:42 - 2019-09-17 06:42 - 000331776 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5Svg.dll 2019-09-17 06:41 - 2019-09-17 06:41 - 005522944 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5Widgets.dll 2019-09-17 06:42 - 2019-09-17 06:42 - 000463360 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5WinExtras.dll 2019-09-17 06:38 - 2019-09-17 06:38 - 000192512 (The Qt Company Ltd.) [File not signed] C:\Program Files\Newshosting\Qt5Xml.dll 2020-02-13 22:57 - 2020-02-13 22:57 - 000442368 _ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64_22t9g3sebte08\bass.dll 2020-02-13 22:57 - 2020-02-13 22:57 - 000108032 (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64_22t9g3sebte08\bassmidi.dll 2020-02-13 22:57 - 2020-02-13 22:57 - 000041472 ____ (Un4seen Developments) [File not signed] C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_2.10.354.0_x64__22t9g3sebte08\bassmix.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [458] AlternateDataStreams: C:\Users\jg522\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130] AlternateDataStreams: C:\Users\rebec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bomgar-ps-5C013553-1579084678 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-12-20 03:31 - 2015-12-20 03:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-914762255-1940287929-4287671751-1001\Control Panel\Desktop\Wallpaper -> C:\Users\jg522\AppData\Local\DisplayFusion\Wallpaper_2.png DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\Run: => "MouseDriver" HKLM...\StartupApproved\Run: => "iTunesHelper" HKLM...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM...\StartupApproved\Run32: => "QuickTime Task" HKLM...\StartupApproved\Run32: => "BrowserPlugInHelper" HKLM...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM...\StartupApproved\Run32: => "Live! Central 3" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\StartupFolder: => "CouchPotato.lnk" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\StartupFolder: => "SickBeard.exe.lnk" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\StartupFolder: => "ShareX.lnk" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "AppleIEDAV" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "iCloudDrive" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "iCloudPhotos" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "ApplePhotoStreams" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "Amazon Music Helper" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "GarminExpress" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "VDownloader" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-914762255-1940287929-4287671751-1001...\StartupApproved\Run: => "LoadWatcher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2362DCB9-8F7E-4A39-ACE1-EB277DDE5223}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-team) [File not signed] FirewallRules: [{94D27CBD-6AD4-4FBF-AEFE-AED3F438A497}] => (Allow) E:\Steam\SteamApps\common\Tom Clancy's The Division\thedivision.exe (Ubisoft Entertainment Sweden AB -> Ubisoft) FirewallRules: [{F60BBF6D-ED52-4EB7-B82B-1914AB1CCCAF}] => (Allow) E:\Steam\SteamApps\common\Tom Clancy's The Division\thedivision.exe (Ubisoft Entertainment Sweden AB -> Ubisoft) FirewallRules: [{38288B5F-17D7-4987-9AB0-636AF767A235}] => (Allow) E:\Steam\SteamApps\common\Tom Clancy's The Division PTS\thedivision.exe No File FirewallRules: [{4E3F2034-FBC4-4A04-A749-6D3DA1CA51B2}] => (Allow) E:\Steam\SteamApps\common\Tom Clancy's The Division PTS\thedivision.exe No File FirewallRules: [{91807ACC-82F5-4EB3-9176-A7C03909B70F}] => (Allow) C:\Users\jg522\AppData\Local\Temp\7zS49DC\HPDiagnosticCoreUI.exe No File FirewallRules: [{ACB0AAAF-E7BC-42EE-89BA-F3E478C90F2F}] => (Allow) C:\Users\jg522\AppData\Local\Temp\7zS49DC\HPDiagnosticCoreUI.exe No File FirewallRules: [{E847EAED-5605-4617-9A2C-3B1908FDA6EB}] => (Allow) C:\Users\jg522\AppData\Local\Temp\7zS499B\HPDiagnosticCoreUI.exe No File FirewallRules: [{7B375E13-9B8D-404B-90D2-C2961F50CB51}] => (Allow) C:\Users\jg522\AppData\Local\Temp\7zS499B\HPDiagnosticCoreUI.exe No File FirewallRules: [{EE2F5094-A86C-447A-975B-C3E1E1D84423}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{50259E51-3E6D-48DE-9D7B-3DC207C24FF4}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [UDP Query User{66F6ECF0-3CD7-4B6F-9616-F86F7C6FA302}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File FirewallRules: [TCP Query User{B0D59281-2FEF-452F-AAF2-BC168DAB0849}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File FirewallRules: [{56E667B3-9C1B-4B92-95FD-9DBC5E50C3F3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DBDD1D63-6B80-45D3-ACF4-CDB064C3FB48}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{90DD5585-603B-414F-985A-6D17EAA019D9}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{3AAD844E-A461-4F6C-9CB9-44CF32788F4A}] => (Allow) E:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe No File FirewallRules: [{FB3B4153-2739-476F-AF60-74CCDE8ED1BA}] => (Allow) E:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe No File FirewallRules: [UDP Query User{0C4154C6-9090-42BD-ADB5-C789E597EECD}C:\users\jg522\desktop\sickbeard-win32-alpha-build503\sickbeard-console.exe] => (Block) C:\users\jg522\desktop\sickbeard-win32-alpha-build503\sickbeard-console.exe No File FirewallRules: [TCP Query User{A5A4B5E0-74D3-4135-B09F-6EA7D1AB3844}C:\users\jg522\desktop\sickbeard-win32-alpha-build503\sickbeard-console.exe] => (Block) C:\users\jg522\desktop\sickbeard-win32-alpha-build503\sickbeard-console.exe No File FirewallRules: [UDP Query User{A7BA074D-7070-4091-B6F0-82F9B197865E}C:\users\jg522\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\jg522\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon.com Services LLC) FirewallRules: [TCP Query User{4CE28C89-2EDB-4445-BF62-1AF6B0DCD4C4}C:\users\jg522\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\jg522\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon.com Services LLC) FirewallRules: [{EAAAD457-8937-460F-A14F-9509AA214C2C}] => (Allow) LPort=8989 FirewallRules: [{A96C4996-CA45-402E-8E7A-322E0067900C}] => (Allow) LPort=8848 FirewallRules: [{36AC5B48-D0A5-4414-B66F-EE3D877D0FDC}] => (Allow) LPort=8848 FirewallRules: [UDP Query User{407867B1-6DD2-4F28-AB0F-C97F140C0F3E}C:\program files (x86)\sighthound video\sighthound video.exe] => (Allow) C:\program files (x86)\sighthound video\sighthound video.exe No File FirewallRules: [TCP Query User{36B20C04-A3DA-4942-9D7E-F339BA381F67}C:\program files (x86)\sighthound video\sighthound video.exe] => (Allow) C:\program files (x86)\sighthound video\sighthound video.exe No File FirewallRules: [UDP Query User{A6235544-32E0-4841-B5DC-E6A9D042C13E}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe No File FirewallRules: [TCP Query User{1AE40451-2014-4D4F-8FD3-DE392F9CE03D}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe No File FirewallRules: [UDP Query User{96435EF6-050F-4788-AB05-7CEAFB112AA2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{2FDE4B76-C3A4-4A5A-87C6-108BD36BF54B}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0A6637CA-8645-43EE-A80C-7ED22616C505}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe No File FirewallRules: [{82B54A38-44E2-4578-9D26-3884798B9CEB}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe No File FirewallRules: [{410D9A95-506B-4D76-8753-BD67CE383DA7}] => (Allow) C:\Program Files (x86)\Origin Games\BFH\BFHWebHelper.exe No File FirewallRules: [{2A07A1A1-43ED-438E-B9E4-199B012863EF}] => (Allow) C:\Program Files (x86)\Origin Games\BFH\BFHWebHelper.exe No File FirewallRules: [UDP Query User{41976C20-7827-46BA-8270-DA81B3DBE69E}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [TCP Query User{F5342FDC-62EB-4C96-A1C3-62614D933F19}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{FBF22598-5151-47EA-8D4C-B589C99625BF}] => (Allow) E:\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe No File FirewallRules: [{435B1A6A-BE4A-4EFB-B2EF-AFDC1970B3A8}] => (Allow) E:\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe No File FirewallRules: [{5835ED2C-36A8-472F-90D9-1A4A702482FC}] => (Allow) E:\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe No File FirewallRules: [{DD8AAED6-4330-4272-A596-F2031B583B5C}] => (Allow) E:\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe No File FirewallRules: [{82D89BE8-EEEB-43F4-A2DD-C14707B743AC}] => (Allow) E:\Steam\SteamApps\common\Star Swarm Benchmark\StarSwarmLauncher.exe No File FirewallRules: [{CE8A05E3-84DF-47C1-86B6-9D7175112A06}] => (Allow) E:\Steam\SteamApps\common\Star Swarm Benchmark\StarSwarmLauncher.exe No File FirewallRules: [UDP Query User{42FCA668-BB40-417B-8E83-019C59D52DCC}C:\users\jg522\desktop\sickbeard-win32-alpha-build503\sickbeard.exe] => (Allow) C:\users\jg522\desktop\sickbeard-win32-alpha-build503\sickbeard.exe No File FirewallRules: [TCP Query User{EE96292C-F67A-49DE-A61A-1891FB0C67C4}C:\users\jg522\desktop\sickbeard-win32-alpha-build503\sickbeard.exe] => (Allow) C:\users\jg522\desktop\sickbeard-win32-alpha-build503\sickbeard.exe No File FirewallRules: [{3858DBF4-7159-4551-B26C-1090B267C2F2}] => (Allow) E:\Steam\SteamApps\common\SUPERHOT\SUPERHOT.exe (SUPERHOT Sp z o.o.) [File not signed] FirewallRules: [{27FB4F18-6D64-4453-A5EC-6C6F90125CA6}] => (Allow) E:\Steam\SteamApps\common\SUPERHOT\SUPERHOT.exe (SUPERHOT Sp z o.o.) [File not signed] FirewallRules: [{4EA53990-E131-4353-B769-66349CD0C4B0}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe No File FirewallRules: [{E2D330D0-01B3-4EFC-98F2-D90F3195C9C7}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe No File FirewallRules: [{8B4633B8-B4B0-4325-BB08-3699DA17961C}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe No File FirewallRules: [{AC2845DD-0BF8-4E5A-A00B-A2FF4F58AC37}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe No File FirewallRules: [{963CD12F-3733-4FE8-98F7-0E288BFC40F4}] => (Allow) E:\Steam\SteamApps\common\3DMark\3DMarkLauncher.exe No File FirewallRules: [{0D6750B7-5393-427B-B49C-DEA911236925}] => (Allow) E:\Steam\SteamApps\common\3DMark\3DMarkLauncher.exe No File FirewallRules: [{1218B7FC-6AB7-4C21-BE56-5A93AD68458B}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe (DJI Interprises, LLC -> CMCEI) [File not signed] FirewallRules: [{D55A22CC-51F6-4BF2-A726-4AFE8D8B95A7}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe (DJI Interprises, LLC -> CMCEI) [File not signed] FirewallRules: [{B88C9BCC-2BCA-4AE8-BA0E-D008558DCC26}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe No File FirewallRules: [{DC74FE32-C4C4-4248-AB71-A99241477659}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe No File FirewallRules: [UDP Query User{34F9346D-B71A-46A9-9845-C0F4026A4B8C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [TCP Query User{F57369FC-93D8-489F-8EF1-92B2044DE96E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{C65CB73C-1A57-470E-947F-6F34C7DEE31C}] => (Allow) E:\Steam\SteamApps\common\DisplayFusion\DisplayFusionLauncher.exe (Binary Fortress Software Ltd. -> B

Sandor-Helper commented 4 years ago

I've asked you not to insert logs in message, but to attach them - FRST.txt and Addition.txt, You can zip both of them.

jg52276 commented 4 years ago

Im Sorry I thought I was attaching them. I clicked on the paper clip and selected the files. Am I doing something wrong? I zipped them together this time. Let me know if this works.

On Mon, May 4, 2020 at 7:35 AM Sandor-Helper notifications@github.com wrote:

I've asked you not to insert logs in message, but to attach them both - FRST.txt and Addition.txt, You can zip both of them.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/92#issuecomment-623411327, or unsubscribe https://github.com/notifications/unsubscribe-auth/APLMAZTOOKQI52T2UARTMT3RP2R6NANCNFSM4MXPWAAA .

Sandor-Helper commented 4 years ago

No, I didn't see them. At the bottom of post you could see link named "Attach files by dragging..."

jg52276 commented 4 years ago

okay I dragged and dropped them the zip folder this time. On Mon, May 4, 2020 at 8:41 AM Sandor-Helper notifications@github.com wrote:

No, I didn't see them. At the bottom of post you could see link named "Attach files by dragging..."

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/92#issuecomment-623439865, or unsubscribe https://github.com/notifications/unsubscribe-auth/APLMAZVRNHQVON6L6O4XFOTRP2ZW5ANCNFSM4MXPWAAA .

Sandor-Helper commented 4 years ago

Strange, but I didn't see them yet. You already attach log at your first message... So you know how to do this.

jg52276 commented 4 years ago

I am sending this from a different browser to see it that works. I drag and dropped files like you said

On Mon, May 4, 2020 at 9:29 AM Sandor-Helper notifications@github.com wrote:

Strange, but I didn't see them yet. You already attach log at your first message... So you know how to do this.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/92#issuecomment-623464223, or unsubscribe https://github.com/notifications/unsubscribe-auth/APLMAZTN6CZ7FWWEXIB3DA3RP27LPANCNFSM4MXPWAAA .

Sandor-Helper commented 4 years ago

OK, upload this zip file to some cloud storage and give me link from it.

jg52276 commented 4 years ago

ok. Heres a drop box link.Hope this works https://www.dropbox.com/s/ulrpd80vgxrwwfh/Logs.zip?dl=0 for you.

On Mon, May 4, 2020 at 10:23 AM Sandor-Helper notifications@github.com wrote:

OK, upload this zip file to some cloud storage and give me link from it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/92#issuecomment-623495050, or unsubscribe https://github.com/notifications/unsubscribe-auth/APLMAZRRQ4MGNZJUCQY4UKTRP3FWXANCNFSM4MXPWAAA .

Sandor-Helper commented 4 years ago

Yes, it is.

Temporarily turn off any antivirus. Highlight following code:

Start::
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [458]
AlternateDataStreams: C:\Users\jg522\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\rebec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy). Run FRST (FRST64) as Administrator. Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

jg52276 commented 4 years ago

Ok. I followed the directions I hope I did it right. I attached the file and also the link is here FixLog https://www.dropbox.com/s/bmckdmk6jt6ef2u/Fixlog.txt?dl=0

On Mon, May 4, 2020 at 11:45 AM Sandor-Helper notifications@github.com wrote:

Yes, it is.

Temporarily turn off any antivirus. Highlight following code:

Start:: CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [458] AlternateDataStreams: C:\Users\jg522\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130] AlternateDataStreams: C:\Users\rebec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130] EmptyTemp: Reboot: End::

Copy highlighted text (right click - Copy). Run FRST (FRST64) as Administrator. Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dragokas/hijackthis/issues/92#issuecomment-623542658, or unsubscribe https://github.com/notifications/unsubscribe-auth/APLMAZXKTVIV4MNXGVCH4N3RP3PJFANCNFSM4MXPWAAA .

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020 Ran by jg522 (04-05-2020 13:56:00) Run:1 Running from C:\Users\jg522\Downloads Loaded Profiles: jg522 & rebec (Available Profiles: jg522 & rebec) Boot Mode: Normal

fixlist content:

CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [458] AlternateDataStreams: C:\Users\jg522\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130] AlternateDataStreams: C:\Users\rebec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130] EmptyTemp: Reboot:

Restore point was successfully created. HKLM\SOFTWARE\Policies\Google => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully C:\ProgramData\TEMP => ":6DAA43DB" ADS removed successfully C:\Users\jg522\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove. C:\Users\rebec\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33884952 B Java, Flash, Steam htmlcache => 702204691 B Windows/system/drivers => 629772 B Edge => 40461004 B Chrome => 420675830 B Firefox => 246171361 B Opera => 271022246 B

Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 11742 B NetworkService => 13452 B jg522 => 77826387 B rebec => 77909161 B

RecycleBin => 3113313063 B EmptyTemp: => 4.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:59:02 ====

dragokas commented 4 years ago

Looks like topic is a little bit stuck. Please, tell us did the last steps solve your problem?

dragokas commented 4 years ago

Closed. Reason: no answer for 10 days. If you still need our help, please, execute tha last steps, requested by helper.

dragokas / hijackthis

Google Chrome running real slow. #92

BEFORE ASKING HELP, READ CAREFULLY THIS INSTRUCTION:

Step 1: Are you in the right place?

Step 2: Show us required logs (for PC cure):

-------------------------------

Malwarebytes AdwCleaner 8.0.4.0

-------------------------------

Build: 04-03-2020

Database: 2020-04-08.2 (Cloud)

Support: https://www.malwarebytes.com/support

-------------------------------

Mode: Scan

-------------------------------

Start: 05-03-2020

Duration: 00:00:13

OS: Windows 10 Pro

Scanned: 31802

Detected: 11

-------------------------------

Malwarebytes AdwCleaner 8.0.4.0

-------------------------------

Build: 04-03-2020

Database: 2020-04-08.2 (Cloud)

Support: https://www.malwarebytes.com/support

-------------------------------

Mode: Clean

-------------------------------

Start: 05-03-2020

Duration: 00:00:01

OS: Windows 10 Pro

Cleaned: 11

Failed: 0

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020 Ran by jg522 (03-05-2020 15:33:21) Running from C:\Users\jg522\Downloads Windows 10 Pro Version 1809 17763.1158 (X64) (2019-03-24 19:36:51) Boot Mode: Normal

Packages:

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020 Ran by jg522 (04-05-2020 13:56:00) Run:1 Running from C:\Users\jg522\Downloads Loaded Profiles: jg522 & rebec (Available Profiles: jg522 & rebec) Boot Mode: Normal