Cyber Tech Help Support Forums

Cyber Tech Help Support Forums (https://www.cybertechhelp.com/index.php)
-   Windows 7 (https://www.cybertechhelp.com/forumdisplay.php?f=46)
-   -   2 strange remote desktop connections. (https://www.cybertechhelp.com/showthread.php?t=234766)

bot96 February 19th, 2022 03:40 AM

2 strange remote desktop connections.
 
Hello to all, today I notice 2 strange remote desktop connections on my PC. my PC is set to not allow remote connections. how did i get these ?.

Jintan February 20th, 2022 07:44 PM

Hi bot96,

Let's use a malware scan to see what is on your computer. No worries - it won't make any changes.



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

bot96 March 5th, 2022 02:16 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by Bill (04-03-2022 19:35:27)
Running from C:\Users\Bill\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X64) (2020-11-09 04:24:34)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3498834930-2541690638-1204314038-500 - Administrator - Disabled)
Bill (S-1-5-21-3498834930-2541690638-1204314038-1000 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-3498834930-2541690638-1204314038-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3498834930-2541690638-1204314038-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.1.2504 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.90 - Piriform)
Driver Easy 5.7.1 (HKLM\...\DriverEasy_is1) (Version: 5.7.1 - Easeware)
ETDWare PS/2-X64 11.8.20.3_WHQL (HKLM\...\Elantech) (Version: 11.8.20.3 - ELAN Microelectronic Corp.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
HP EmailSMTP Plugin (HKLM\...\{A0297BA5-F669-4C84-B721-AD22FF595FA0}) (Version: 56.0.478.0 - HP)
HP ENVY 6400 series Basic Device Software (HKLM\...\{14375C0B-2F49-49EA-80C6-1108E8880360}) (Version: 55.3.5043.21317 - HP Inc.)
HP FTP Plugin (HKLM\...\{229CAC4E-274B-4FD8-B23C-286DEF16858F}) (Version: 56.0.478.0 - HP)
HP SFTP Plugin (HKLM\...\{B1F46C45-17FE-4CEC-AAD2-EF619025FF2E}) (Version: 56.0.478.0 - HP Inc.)
HP SharePoint Plugin (HKLM\...\{7E2591BA-6CC4-428B-BC53-E82ECB71D968}) (Version: 56.0.478.0 - HP)
Intel Driver && Support Assistant (HKLM-x32\...\{9E0D27E1-B7C9-4D9E-BADF-67CC919A9EAC}) (Version: 21.7.50.3 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{60212f27-7b67-4ebb-bb56-547d825dc13f}) (Version: 21.7.50.3 - Intel)
Intel® Driver & Support Assistant (HKLM-x32\...\{8e97d87d-065f-48c1-bd2b-f7bff04dcfc1}) (Version: 21.6.39.7 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
Java 8 Update 321 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 97.0.1 (x64 en-US)) (Version: 97.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.3 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4017.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4017.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9038.1 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.3.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.5 - VS Revo Group, Ltd.)
TOOL ALL IN ONE (HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\067ec52159e66db0) (Version: 2.0.1.3 - Mauronofrio)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.13 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.5.64 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden
Windows Driver Package - Hewlett-Packard USB (09/08/2015 1.0.0.1) (HKLM\...\C9EDF507DA1B23454B1BF10495C79A1C34ADD79F ) (Version: 09/08/2015 1.0.0.1 - Hewlett-Packard)
Wise Registry Cleaner 10.7.1 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 10.7.1 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-10] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-10] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Fi lter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-core-file-l1-2-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-core-file-l2-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-core-localization-l1-2-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-core-processthreads-l1-1-1.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-core-synch-l1-2-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-core-timezone-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-convert-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-environment-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-filesystem-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-heap-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-locale-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-math-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-multibyte-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-runtime-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-stdio-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-string-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-time-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \api-ms-win-crt-utility-l1-1-0.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\msvcp140.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \MSVCP140.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\ucrtbase.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \ucrtbase.DLL
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\vcruntime140. dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \VCRUNTIME140.dll
2022-03-04 16:06 - 2022-03-04 16:06 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Avast Software\Avast\avast.local_vc142.crt\vcruntime140_ 1.dll] C:\Program Files\Avast Software\Avast\defs\22030406\avast.local_vc142.crt \VCRUNTIME140_1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000 -> DefaultScope {5E70D020-F197-4FCA-8253-BA1E9D292E21} URL =
SearchScopes: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000 -> {5E70D020-F197-4FCA-8253-BA1E9D292E21} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll [2022-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-01-21] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-180-windows-i586.cab
DPF: HKLM-x32 {CAFEEFAC-0018-0000-00301-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-180-windows-i586.cab
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2019-02-22] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2021-08-14 19:32 - 000454599 ____R C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15604 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;% SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SYSTEMROOT%\System32\WindowsPowerShell\v1. 0;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files\HP\Common\HPDestPlgIn\;C:\Program Files (x86)\HP\Common\HPDestPlgIn\
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 192.168.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1922258-7B6B-401B-A1BA-094DF0346DDD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{676E95EE-6702-4071-85F3-AD6D77705158}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{910A470F-4AC4-463C-9EF6-305B67B3F203}C:\users\bill\documents\android-studio-ide-191.5717577-windows\android-studio\jre\bin\java.exe] => (Allow) C:\users\bill\documents\android-studio-ide-191.5717577-windows\android-studio\jre\bin\java.exe
FirewallRules: [UDP Query User{12EBBF1C-E1F4-40FD-8D85-D93FFAAA4EFC}C:\users\bill\documents\android-studio-ide-191.5717577-windows\android-studio\jre\bin\java.exe] => (Allow) C:\users\bill\documents\android-studio-ide-191.5717577-windows\android-studio\jre\bin\java.exe
FirewallRules: [{5F1FCA05-0382-477D-AFDA-E56F55A39DDD}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagn osticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{1AC23013-C0EC-4813-848F-C8B5A5BBCE4B}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagn osticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{78A55679-ACA2-48FF-9C29-B57F15695E83}] => (Allow) C:\Program Files\HP\HP ENVY 6400 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{27325A95-F380-44C8-B4BA-8625A2B8410D}] => (Allow) LPort=5357
FirewallRules: [{1A3171EE-1A16-40D7-8E7F-3B7B926F17E5}] => (Allow) C:\Program Files\HP\HP ENVY 6400 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{44B3BE29-6557-49A3-B274-835B9E9FA735}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7F09B20F-6C60-4DDE-8535-A1B2E22B2067}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{664C6F2D-B8A7-41EA-B4D5-7D27EC7F79B6}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [{D2B9DCB1-EA63-4EAE-B4E3-DCECB79321C8}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{BDFE64B4-D7C7-4826-91E4-13002FF2F5E8}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{CF6E61A6-08DF-40E6-831C-5E9DF4E92657}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{3ECF80D1-48E4-40DB-BD70-6E145FCED805}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)

==================== Restore Points =========================

22-02-2022 21:02:08 Created by Wise Registry Cleaner
02-03-2022 17:09:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/04/2022 07:08:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/04/2022 06:15:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 21.11.20039.0, time stamp: 0x61c60cdc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24545, time stamp: 0x5e0eb7f5
Exception code: 0xc06d007e
Fault offset: 0x0000c5af
Faulting process id: 0x17a0
Faulting application start time: 0x01d8301dcd5d6bd3
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Faulting module path: C:\windows\syswow64\KERNELBASE.dll
Report Id: 0c62b9e0-9c11-11ec-ab58-f8a963d84040

Error: (03/04/2022 06:06:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/04/2022 04:13:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
CheckForProtocolEnforcement - ProtocolEnforcementState::getInstance() Validate validation flags returned True

Error: (03/04/2022 04:13:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
RegistryHelper::ReadValueFromRegistry Error occured while reading from registry key with path SOFTWARE\Policies\Microsoft\Windows\CurrentVersion \Internet Settings and key SecureProtocols. Error Code = 2. Windows Error Code:0. Reason: The operation completed successfully.
.

Error: (03/04/2022 04:13:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
CheckForProtocolEnforcement - ProtocolEnforcementState::getInstance() Validate enforcement flags returned True

Error: (03/04/2022 04:12:22 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
Exception opening/reading company file during Syb 16 engine on Syb 17 company file check

Error: (03/04/2022 04:12:12 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2016":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'


System errors:
=============
Error: (03/04/2022 07:40:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (03/04/2022 07:08:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NGC

Error: (03/04/2022 07:08:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

Error: (03/04/2022 07:07:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
The system cannot find the path specified.

Error: (03/04/2022 06:06:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NGC

Error: (03/04/2022 06:06:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.

Error: (03/04/2022 06:05:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
The system cannot find the path specified.

Error: (03/04/2022 04:05:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NGC


==================== Memory info ===========================

BIOS: TOSHIBA 1.30 11/28/2014
Motherboard: TOSHIBA ZFWAA
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 43%
Total physical RAM: 6031.24 MB
Available physical RAM: 3398.73 MB
Total Virtual: 12060.62 MB
Available Virtual: 9492.29 MB

==================== Drives ================================

Drive c: (TI10695800D) (Fixed) (Total:687.55 GB) (Free:586.79 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7c6c4644-2254-11eb-ba9a-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.18 GB) NTFS

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

bot96 March 5th, 2022 02:22 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by Bill (administrator) on BILL-PC (TOSHIBA Satellite C55-B) (04-03-2022 19:28:28)
Running from C:\Users\Bill\Downloads
Loaded Profiles: Bill
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\Bill\AppData\Local\Apps\2.0\4Q4H81C9.63C\ 1NTDM2VV.CC2\tool..tion_5e5355aaea7379a3_0002.0000 _15c695e9e39a5da5\adb.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(C:\HP\Diagnostics\PSDR\FileExtractor.exe ->) (HP Inc. -> HP Development Company, L.P.) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Toshiba\TECO\Teco.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(explorer.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(HP Inc. -> HPDC LP) C:\HP\Diagnostics\PSDR\FileExtractor.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(services.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(svchost.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3244360 2014-03-04] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-26] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2021-12-08] (Intel Corporation -> Intel)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2019-02-22] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Policies\...\system: [disablecmd] 0
HKLM\...\Print\Monitors\HP 4054 Status Monitor: C:\windows\system32\hpinksts4054LM.dll [468984 2021-02-03] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\windows\system32\hpinkstsC511LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4500 series): C:\windows\system32\HPDiscoPMC511.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 6400 series): C:\windows\system32\HPDiscoPM4054.dll [1055904 2021-11-13] (HP Inc. -> HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2022-01-07]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2020-11-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2022-01-07]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C5F83E1-F73C-4FC0-81A6-8C786FCACEB7} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Bill\AppData\Local\ESET\ESETOnlineScanner \ESETOnlineScanner.exe [21737944 2022-02-21] (ESET, spol. s r.o. -> ESET)
Task: {1E73DD9A-E2EE-44DC-951F-D764902365A1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2021-01-17] (Adobe Inc. -> Adobe)
Task: {3B38BE87-AB2F-42F5-9683-01C5864737A0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618088 2021-12-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {4550EE47-B910-4DAC-9E67-3FEEFE4887E4} - System32\Tasks\{47A014EE-8C4D-4B4E-92A0-62146515CCC4} => C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32Pro.exe [791752 2019-02-22] (Intuit, Inc. -> Intuit Inc.)
Task: {5A33B06E-8937-42A6-89B3-8622C88F64B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-02-14] (Piriform Software Ltd -> Piriform)
Task: {637BEC91-60ED-4EFF-8C30-FE37F6627772} - System32\Tasks\{600CE733-A206-49EE-B4C2-F3579F01EB60} => C:\Users\Bill\Downloads\HPPSdr.exe [11848496 2021-12-16] (HP Inc. -> )
Task: {6538A60D-B466-4E7C-A83C-0A70512F47ED} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4992792 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
Task: {7058A1B4-5F5A-4A69-8E2F-9FEEAD859A75} - System32\Tasks\{BEC945C3-3869-494B-B5BC-984A7DA3C09C} => D:\GM\GM Service Information\siupdate.exe (No File)
Task: {A9836746-310C-44E0-AC49-0A8018006DEA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Bill\AppData\Local\ESET\ESETOnlineScanner \ESETOnlineScanner.exe [21737944 2022-02-21] (ESET, spol. s r.o. -> ESET)
Task: {AFC47425-9E73-4F83-BF8B-C3E3C0F269F2} - System32\Tasks\{608911EE-8E32-4222-A756-6741AEC8B509} => C:\Unified_Android_Toolkit\ToolKit.exe [382464 2018-01-04] (SkipSoft Ltd -> SkipSoft Ltd) [File not signed]
Task: {C7D7EDE9-4137-4BE4-8316-B120E587CB5D} - System32\Tasks\{AA1C8DCC-9D49-447C-BF55-638D8F43490E} => C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32Pro.exe [791752 2019-02-22] (Intuit, Inc. -> Intuit Inc.)
Task: {C906ADDC-CED4-48F5-BE68-7FC205E37EB2} - System32\Tasks\{199D6C26-4AA8-4C24-BC3E-2206554D5800} => C:\Unified_Android_Toolkit\ToolKit.exe [382464 2018-01-04] (SkipSoft Ltd -> SkipSoft Ltd) [File not signed]
Task: {D318C434-644C-4BFC-8318-B631F74F846B} - System32\Tasks\CCleanerSkipUAC - Bill => C:\Program Files\CCleaner\CCleaner.exe [29764224 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DCA7A2CE-2FFC-483C-B6A8-2CEB8B5A8477} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3984136 2022-01-17] (Easeware Technology Limited -> Easeware)
Task: {E13CB2C7-5C3A-4C8F-A000-F8A7FF835E2C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {E351E4A9-9869-46A7-B3F6-C995BF6E8CFD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1778456 2022-02-10] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{74FA6359-E6FE-4606-8733-CF412093A669}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CA6723CF-4502-44B2-BA46-EEF1E1E35062}: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{D50CDFAA-879D-4F62-8B34-003DCAD5A57C}: [DhcpNameServer] 192.168.42.129

Edge:
=======
Edge Profile: C:\Users\Bill\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-04]

FireFox:
========
FF DefaultProfile: 74j3dfas.default
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\74j3dfas.default [2020-11-09]
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268 [2022-03-04]
FF Homepage: Mozilla\Firefox\Profiles\dfnhqdrp.default-release-1609205945268 -> hxxps://duckduckgo.com/
FF Extension: (Facebook Container) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@contain-facebook.xpi [2021-08-03]
FF Extension: (Google Container) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@contain-google.xpi [2021-03-04]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\@testpilot-containers.xpi [2022-02-15]
FF Extension: (HTTPS Everywhere) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\https-everywhere@eff.org.xpi [2021-07-14]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-02-01]
FF Extension: (Open in PDF Reader) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{0d3afca0-aedf-491f-b0f9-9ffc22113ea8}.xpi [2021-07-12]
FF Extension: (open-in-pdf) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{2582ab30-4fca-475f-88d0-c1a9b9ed978f}.xpi [2021-07-12]
FF Extension: (NoScript) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-03-02]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\dfnhqdrp.default-release-1609205945268\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-23]
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1 .dll [2022-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default [2022-03-04]
CHR DefaultSearchURL: Default -> hxxps://www.saferbrowsing-search.com/search/?category=web&vert=private&s=w1pr&q={searchTerms}
CHR DefaultSearchKeyword: Default -> privacy
CHR DefaultSuggestURL: Default -> hxxps://sug.saferbrowsing-search.com/v1/sug/?s=w1pr&vert=tracking&q={searchTerms}
CHR Extension: (Slides) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2020-11-09]
CHR Extension: (Docs) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2020-11-09]
CHR Extension: (Google Drive) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-11-09]
CHR Extension: (Online Privacy) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbnbdniloknhbmabbbaiodiocm gfdheo [2021-06-25]
CHR Extension: (YouTube) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2020-11-09]
CHR Extension: (Sheets) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2020-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2021-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-06-25]
CHR Extension: (Gmail) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-11-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [335416 2021-01-17] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8482384 2022-02-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [563992 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [563992 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
S3 clr_optimization_v2.0.50727_64; C:\windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [39352 2021-12-08] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [177080 2021-12-08] (Intel Corporation -> Intel)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-02-18] (Malwarebytes Inc -> Malwarebytes)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [11848496 2021-12-16] (HP Inc. -> )
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [65536 2019-02-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2019-02-22] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [35720 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [226328 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [368664 2022-02-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [251928 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [99352 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [41352 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [267904 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\windows\System32\drivers\aswNetHub.sys [545784 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [38152 2022-02-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [108888 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [82912 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [854272 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [550376 2022-03-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [215920 2022-02-10] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [317696 2022-02-16] (Avast Software s.r.o. -> AVAST Software)
S3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [47816 2014-02-26] (Qualcomm Atheros -> Atheros)
S1 ccSet_NGC; C:\windows\System32\drivers\NGCx64\1614050.028\ccS etx64.sys [192248 2020-08-01] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [160176 2021-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 int0800; C:\windows\System32\DRIVERS\flashud.sys [51712 2009-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [221096 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [194480 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [69040 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248992 2021-11-14] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [147920 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 SymEFASI; C:\windows\System32\drivers\NGCx64\1614050.028\SYM EFASI64.SYS [1964384 2020-08-01] (Symantec Corporation -> Symantec Corporation)
U1 aswbdisk; no ImagePath
S3 RSP2STOR; system32\DRIVERS\RtsP2Stor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-04 19:27 - 2022-03-04 19:27 - 002312192 _____ (Farbar) C:\Users\Bill\Downloads\FRST64(1).exe
2022-03-04 19:08 - 2022-03-04 19:08 - 000000000 ____D C:\windows\LastGood
2022-03-04 19:08 - 2014-06-21 13:56 - 000053624 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\tosrfec.sys
2022-03-03 18:18 - 2022-03-03 18:18 - 000050952 _____ C:\Users\Bill\Documents\Camolot St Finished rot repair..pdf
2022-02-25 18:40 - 2022-02-25 18:40 - 000154444 _____ C:\Users\Bill\Documents\all work hrs 8.pdf
2022-02-25 18:39 - 2022-02-25 18:39 - 000154793 _____ C:\Users\Bill\Documents\all work hrs 7.pdf
2022-02-25 18:38 - 2022-02-25 18:38 - 000155598 _____ C:\Users\Bill\Documents\all work hrs 6.pdf
2022-02-25 18:37 - 2022-02-25 18:37 - 000155953 _____ C:\Users\Bill\Documents\all work hrs 5.pdf
2022-02-25 18:36 - 2022-02-25 18:36 - 000155347 _____ C:\Users\Bill\Documents\all work hrs 4.pdf
2022-02-25 18:35 - 2022-02-25 18:35 - 000153338 _____ C:\Users\Bill\Documents\all work hrs 3.pdf
2022-02-25 18:21 - 2022-02-25 18:21 - 000228435 _____ C:\Users\Bill\Documents\All work hrs 2.pdf
2022-02-25 18:09 - 2022-02-25 18:09 - 051410120 _____ C:\Users\Bill\Downloads\EN6400e_2150D.exe
2022-02-25 18:03 - 2022-02-25 18:03 - 000165239 _____ C:\Users\Bill\Documents\All Work Hrs Dec 16 to Feb 17.pdf
2022-02-22 21:02 - 2022-02-22 21:02 - 000024576 _____ C:\windows\system32\config\security.rhk
2022-02-21 20:58 - 2022-02-21 20:58 - 000003756 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-02-21 20:58 - 2022-02-21 20:58 - 000003316 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onTime
2022-02-21 19:23 - 2022-03-03 18:25 - 000001209 _____ C:\Users\Bill\Desktop\ESET Online Scanner.lnk
2022-02-21 19:22 - 2022-02-21 19:22 - 015274968 _____ (ESET) C:\Users\Bill\Downloads\esetonlinescanner.exe
2022-02-21 19:22 - 2022-02-21 19:22 - 000000000 ____D C:\Users\Bill\AppData\Local\ESET
2022-02-21 19:20 - 2022-02-21 19:20 - 000000000 ____D C:\Qoobox
2022-02-21 19:11 - 2009-04-19 23:56 - 000060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2022-02-18 23:38 - 2022-02-19 19:11 - 000000404 _____ C:\windows\Tasks\Driver Easy Scheduled Scan.job
2022-02-18 23:38 - 2022-02-18 23:38 - 000003808 _____ C:\windows\system32\Tasks\Driver Easy Scheduled Scan
2022-02-18 23:38 - 2022-02-18 23:38 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Easeware
2022-02-18 23:38 - 2022-02-18 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2022-02-18 23:38 - 2022-02-18 23:38 - 000000000 ____D C:\Program Files\Easeware
2022-02-18 23:37 - 2022-02-18 23:38 - 005241536 _____ (Easeware ) C:\Users\Bill\Downloads\DriverEasy_Setup.exe
2022-02-18 23:30 - 2022-02-19 19:13 - 000000000 ____D C:\windows\system32\FxsTmp
2022-02-18 23:30 - 2022-02-18 23:30 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2022-02-18 23:30 - 2022-02-18 23:30 - 000000000 ____D C:\windows\SysWOW64\FxsTmp
2022-02-18 23:30 - 2022-02-18 23:30 - 000000000 ____D C:\windows\addins
2022-02-18 22:56 - 2022-02-28 18:56 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Wise Registry Cleaner
2022-02-18 22:56 - 2022-02-18 22:56 - 006150816 _____ (WiseCleaner.com ) C:\Users\Bill\Downloads\WRCFree_10.7.1.698.exe
2022-02-18 22:56 - 2022-02-18 22:56 - 000001202 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2022-02-18 22:56 - 2022-02-18 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2022-02-18 22:56 - 2022-02-18 22:56 - 000000000 ____D C:\Program Files (x86)\Wise
2022-02-18 22:46 - 2022-02-21 19:19 - 005660510 _____ (Swearware) C:\Users\Bill\Downloads\ComboFix.exe
2022-02-18 22:26 - 2022-02-18 22:26 - 000221096 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2022-02-18 22:26 - 2022-02-18 22:26 - 000194480 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2022-02-18 22:26 - 2022-02-18 22:26 - 000147920 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2022-02-18 22:26 - 2022-02-18 22:26 - 000069040 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2022-02-18 22:20 - 2022-02-18 22:20 - 002412728 _____ (Malwarebytes) C:\Users\Bill\Downloads\MBSetup-10789.10789-consumer.exe
2022-02-18 21:16 - 2022-02-18 21:16 - 000000000 ____H C:\Users\Bill\Documents\Default.rdp
2022-02-18 19:10 - 2022-02-18 19:10 - 001311960 _____ C:\Users\Bill\Downloads\SPPL 212.xlsx
2022-02-18 12:32 - 2022-03-04 19:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-02-18 12:31 - 2022-02-18 12:31 - 000051601 _____ C:\Users\Bill\Documents\SN040D rot fix part paymnt..pdf
2022-02-13 10:57 - 2022-02-13 11:01 - 1106400131 _____ C:\Users\Bill\Downloads\BootleggersROM-Pie4blueline.4.0-Stable-Shishufied-20190121(2).zip
2022-02-13 10:47 - 2022-02-13 10:50 - 856810080 _____ C:\Users\Bill\Downloads\lineage-18.1-20220208-nightly-blueline-signed.zip
2022-02-13 10:23 - 2022-02-13 10:23 - 000051738 _____ C:\Users\Bill\Documents\Rain Gutter airport rd..pdf
2022-02-10 21:04 - 2022-02-10 21:04 - 008682039 _____ C:\Users\Bill\Downloads\usb_driver_r13-windows.zip
2022-02-10 21:04 - 2022-02-10 21:04 - 000000000 ____D C:\Users\Bill\Downloads\usb_driver_r13-windows
2022-02-10 20:20 - 2022-02-10 20:20 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-10 19:49 - 2022-02-10 19:49 - 000002090 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2022-02-10 19:49 - 2022-02-10 19:49 - 000000000 ____D C:\Users\Bill\AppData\Roaming\Avast Software
2022-02-10 19:49 - 2022-02-10 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2022-02-10 19:47 - 2022-03-04 16:06 - 000004168 _____ C:\windows\system32\Tasks\Avast Emergency Update
2022-02-10 19:47 - 2022-03-03 18:00 - 000550376 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2022-02-10 19:47 - 2022-02-16 17:05 - 000368664 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2022-02-10 19:47 - 2022-02-16 17:05 - 000317696 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2022-02-10 19:47 - 2022-02-10 19:47 - 000000000 ____D C:\windows\system32\Tasks\Avast Software
2022-02-10 19:47 - 2022-02-10 19:46 - 000854272 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000545784 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetHub.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000340760 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2022-02-10 19:47 - 2022-02-10 19:46 - 000267904 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000251928 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000226328 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000215920 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000108888 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000099352 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000082912 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000041352 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000038152 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetNd6.sys
2022-02-10 19:47 - 2022-02-10 19:46 - 000035720 _____ (AVAST Software) C:\windows\system32\Drivers\aswArDisk.sys
2022-02-10 19:46 - 2022-02-10 19:46 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-02-10 19:45 - 2022-02-10 19:45 - 000000000 ____D C:\Program Files\Avast Software
2022-02-10 18:05 - 2022-02-10 18:05 - 000290917 _____ C:\Users\Bill\Documents\DLL Finance Feb 2022.pdf
2022-02-08 19:50 - 2022-02-08 19:50 - 000051394 _____ C:\Users\Bill\Documents\Work on Dump Trailer..pdf
2022-02-03 18:08 - 2022-02-03 18:08 - 000052016 _____ C:\Users\Bill\Documents\Stan White South Office Blg 2nd Fl Door..pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-04 19:30 - 2020-12-31 16:37 - 000024202 _____ C:\Users\Bill\Downloads\FRST.txt
2022-03-04 19:29 - 2020-12-31 16:36 - 000000000 ____D C:\FRST
2022-03-04 19:28 - 2020-11-09 17:35 - 000000000 ____D C:\Users\Bill\AppData\LocalLow\Mozilla
2022-03-04 19:18 - 2021-02-16 20:34 - 000000000 ____D C:\Users\Bill\AppData\Local\CrashDumps
2022-03-04 19:17 - 2020-11-24 22:36 - 000000000 ____D C:\Program Files\CCleaner
2022-03-04 19:13 - 2020-11-10 20:44 - 000000000 ____D C:\Unified_Android_Toolkit
2022-03-04 19:07 - 2020-11-09 18:01 - 000000000 ____D C:\ProgramData\Avast Software
2022-03-04 19:07 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2022-03-04 18:37 - 2021-05-24 17:45 - 000000000 ____D C:\Users\Bill\AppData\Local\Avast Software
2022-03-04 16:13 - 2020-11-10 19:58 - 023465984 ____R C:\Wiliam M Baum 2007 3-3-14.QBW
2022-03-04 16:13 - 2020-11-10 19:58 - 017367040 ____R C:\Wiliam M Baum 2007 3-3-14.QBW.TLG
2022-03-04 16:13 - 2020-11-10 19:58 - 000000334 _____ C:\Wiliam M Baum 2007 3-3-14.QBW.ND
2022-02-26 22:00 - 2009-07-13 22:20 - 000000000 ____D C:\windows\rescache
2022-02-25 18:11 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2022-02-22 21:02 - 2009-07-13 21:34 - 078381056 _____ C:\windows\system32\config\software.bak
2022-02-22 21:02 - 2009-07-13 21:34 - 006815744 _____ C:\windows\system32\config\default.bak
2022-02-22 21:02 - 2009-07-13 21:34 - 000262144 _____ C:\windows\system32\config\sam.bak
2022-02-21 19:19 - 2020-11-11 20:29 - 000000000 ____D C:\windows\erdnt
2022-02-18 23:51 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\NDF
2022-02-18 23:30 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\Setup
2022-02-18 22:53 - 2021-03-15 17:49 - 000000000 ____D C:\Program Files (x86)\Auslogics
2022-02-18 22:53 - 2020-11-10 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2022-02-18 22:26 - 2021-01-01 17:36 - 000001971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-18 22:26 - 2021-01-01 17:36 - 000001959 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-18 22:25 - 2021-01-01 17:34 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-18 22:25 - 2020-11-24 21:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-18 22:17 - 2020-12-28 19:37 - 000000000 ____D C:\Users\Bill\Downloads\backups
2022-02-18 20:30 - 2020-11-26 16:34 - 000003870 _____ C:\windows\system32\Tasks\CCleaner Update
2022-02-18 17:58 - 2020-11-09 17:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-02-13 18:05 - 2020-11-09 17:43 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-11 19:31 - 2020-11-08 23:24 - 000000000 ____D C:\Users\Bill
2022-02-11 19:30 - 2020-11-09 01:48 - 000000000 ____D C:\Program Files (x86)\Atheros
2022-02-11 19:30 - 2014-05-20 10:30 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-02-11 19:30 - 2010-11-21 02:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2022-02-11 19:30 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2022-02-11 18:11 - 2021-07-23 17:42 - 000000000 ____D C:\windows\pss
2022-02-10 20:08 - 2020-11-09 01:43 - 000000000 ____D C:\Program Files (x86)\Realtek
2022-02-08 20:14 - 2021-12-16 20:41 - 000002930 _____ C:\windows\system32\Tasks\{600CE733-A206-49EE-B4C2-F3579F01EB60}
2022-02-08 20:14 - 2021-08-21 15:33 - 000002804 _____ C:\windows\system32\Tasks\CCleanerSkipUAC - Bill
2022-02-08 20:14 - 2020-11-11 18:19 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2022-02-08 20:14 - 2020-11-09 01:44 - 000003166 _____ C:\windows\system32\Tasks\RTKCPL

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-02-26 21:52
==================== End of FRST.txt ========================

Jintan March 5th, 2022 03:00 PM

Where are the new connections located and what are they titled?

Jintan March 5th, 2022 07:28 PM

It is my understanding that the HomeGroupUser$ default account can become corrupted, creating new logins.

bot96 March 10th, 2022 02:58 AM

yes, the home group may be the problem.

bot96 March 10th, 2022 02:59 AM

they showed up one day. changed homegroup settings.

Jintan March 13th, 2022 11:28 PM

Sorry I'm late bot96. Five days in the hospital with atrial fibrillation. Much better now.


In the Start/Search type cmd.exe When cmd.exe shows at the top of the display right click it, and click - Run as administrator.

In the open command box, type at the cursor:

net user HomeGroupUser$ /active:no

Then press Enter and click X to close the command box, and restart the computer. Post back an update please.

bot96 January 6th, 2024 06:00 PM

Happy New Year !!!. sorry for the delay in doing this. it completed successfully. what else do we need to do?.


All times are GMT +1. The time now is 02:05 PM.

Copyright © Cyber Tech Help. All rights reserved. All other trademarks are the property of their respective owners.