Topic: Windows10 very slow boot and hogging memory
View Single Post
  #11  
Old January 26th, 2022, 01:21 AM
Jaytee's Avatar
Jaytee Jaytee is offline
Senior Member
  
Join Date: May 2002
O/S: Linux
Location: Hamilton New Zealand
Age: 76
Posts: 3,620
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2022
Ran by Jill (administrator) on JILLSTOY (Acer E1-510) (26-01-2022 12:41:42)
Running from C:\Users\Jill\Downloads
Loaded Profiles: Jill
Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (All) =================
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(GameHouse Europe B.V. -> RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Technology Access -> Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Intel(R) Technology Access -> Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Lavasoft Software Canada Inc. -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinServ ice.exe
(Lavasoft Software Canada Inc. -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.1 2605.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2 103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21113.36.0 _x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> ) C:\Windows\SystemApps\Microsoft.Windows.StartMenuE xperienceHost_cw5n1h2txyewy\StartMenuExperienceHos t.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\explorer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ctfmon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txy ewy\LockApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Search_cw5 n1h2txyewy\SearchApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_ cw5n1h2txyewy\InputApp\TextInputHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\csrss.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\svchost.exe <82>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\wininit.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <7>
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Jill\AppData\Local\Kingsoft\WPS Office\11.2.0.10463\office6\wpscenter.exe <2>
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Jill\AppData\Local\Kingsoft\WPS Office\11.2.0.10463\office6\wpscloudsvr.exe
Failed to access process -> backgroundTaskHost.exe

==================== Registry (All) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [86016 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [52992 2014-08-06] (Acer Incorporated -> Acer Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [34816 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [28160 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Winlogon: [Shell] C:\Windows\explorer.exe [4971808 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [4357664 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Run: [AcerCloud] => "C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe" startup (No File)
HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [96160 2011-02-17] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-12] (Dean Herbert -> )
HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Run: [OneDrive] => C:\Users\Jill\AppData\Local\Microsoft\OneDrive\One Drive.exe [2586472 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9250224 2021-11-19] (Lavasoft Software Canada Inc. -> Lavasoft)
HKU\S-1-5-21-1674777451-104060087-3308858430-1012\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [30870320 2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1674777451-104060087-3308858430-1012\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: C:\Windows\system32\inetpp.dll [184320 2021-10-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\Windows\system32\win32spl.dll [923136 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\winprint: C:\Windows\System32\spool\prtprocs\x64\winprint.dl l [46080 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Appmon: C:\Windows\system32\AppMon.dll [114688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Local Port: C:\Windows\system32\localspl.dll [1273856 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: C:\Windows\system32\FXSMON.DLL [49152 2021-02-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Standard TCP/IP Port: C:\Windows\system32\tcpmon.dll [225280 2020-09-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\USB Monitor: C:\Windows\system32\usbmon.dll [931328 2021-06-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\WSD Port: C:\Windows\system32\APMon.dll [1487360 2021-06-09] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\setuphost. exe: [{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb] -> Windows Setup Remediations (x64) (KB4023057)
HKLM\Software\...\AppCompatFlags\Custom\setupprep. exe: [{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb] -> Windows Setup Remediations (x64) (KB4023057)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{553 4e02f-0f5d-40dd-ba92-bea38d22384d}: [DatabasePath] -> C:\WINDOWS\AppPatch\Custom\Custom64\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\system32\unregmp2.exe [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> C:\Windows\system32\themeui.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\unregmp2.exe [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> C:\Windows\system32\shell32.dll [2022-01-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4383}] -> C:\Windows\System32\ie4uinit.exe [2021-11-10] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\mscories.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\Insta ller\chrmstp.exe [2022-01-26] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.69\Inst aller\setup.exe [2022-01-25] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\SysWOW64\unregmp2.exe [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\SysWOW64\unregmp2.exe [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\mscories.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{01A30791-40AE-4653-AB2E-FD210019AE88}] -> C:\WINDOWS\system32\mgmtrefreshcredprov.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{1b283861-754f-4022-ad47-a5eaaa618894}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{1ee7337f-85ac-45e2-a23c-37c753209769}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{2135f72a-90b5-4ed3-a7f1-8bb705ac276a}] -> C:\WINDOWS\system32\credprovslegacy.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{25CBB996-92ED-457e-B28C-4774084BD562}] -> C:\WINDOWS\system32\credprovs.dll [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}] -> C:\WINDOWS\system32\TrustedSignalCredProv.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{2D8B3101-E025-480D-917C-835522C7F628}] ->
HKLM\Software\...\Authentication\Credential Providers: [{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}] -> C:\WINDOWS\system32\credprovs.dll [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{48B4E58D-2791-456C-9091-D524C6C706F2}] -> C:\Windows\System32\devicengccredprov.dll [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{600e7adb-da3e-41a4-9225-3c0399e88c0c}] -> C:\WINDOWS\system32\cngcredui.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}] -> C:\WINDOWS\system32\credprovs.dll [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\System32\FaceCredentialProvider.dll [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{8FD7E19C-3BF7-489B-A72C-846AB3678C96}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{94596c7e-3744-41ce-893e-bbf09122f76a}] -> C:\WINDOWS\system32\SmartcardCredentialProvider.dl l [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{A910D941-9DA9-4656-8933-AA1EAE01F76E}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-07] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{BEC09223-B018-416D-A0AC-523971B639F5}] -> C:\WINDOWS\System32\BioCredProv.dll [2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C5D7540A-CD51-453B-B22B-05305BA03F07}] -> C:\Windows\System32\cxcredprov.dll [2021-04-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\System32\FaceCredentialProvider.dll [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{cb82ea12-9f71-446d-89e1-8d0924e1256e}] -> C:\WINDOWS\system32\credprovslegacy.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{D6886603-9D2F-4EB2-B667-1971041FA96B}] -> C:\Windows\System32\ngccredprov.dll [2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}] -> C:\WINDOWS\system32\certCredProvider.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\WINDOWS\system32\wlidcredprov.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{F8A1793B-7873-4046-B2A7-1F318747F427}] -> C:\WINDOWS\system32\fidocredprov.dll [2021-03-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2013-09-07] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}] -> C:\WINDOWS\system32\credprovs.dll [2021-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\PLAP Providers: [{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}] -> C:\WINDOWS\system32\rasplap.dll [2021-03-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] -> C:\Windows\system32\wlgpclnt.dll [2020-09-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{16be69fa-4209-4250-88cb-716cf41954e0}] -> C:\Windows\system32\auditcse.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{25537BA6-77A8-11D2-9B6C-0000F8080861}] -> C:\Windows\system32\fdeploy.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{35378EAC-683F-11D2-A89A-00C04FBBCFA2}] ->
HKLM\Software\...\Winlogon\GPExtensions: [{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] -> C:\WINDOWS\System32\dskquota.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] -> C:\Windows\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4bcd6cde-777b-48b6-9804-43568e23545d}] -> C:\WINDOWS\System32\TsUsbRedirectionGroupPolicyExt ension.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] -> C:\Windows\System32\iedkcs32.dll [2021-11-10] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}] -> C:\Windows\System32\tsworkspace.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4d968b55-cac2-4ff5-983f-0a54603781a3}] -> C:\Windows\system32\WorkFoldersGPExt.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7909AD9E-09EE-4247-BAB9-7029D5F0A278}] -> C:\Windows\system32\dmenrollengine.dll [2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7933F41E-56F8-41d6-A31C-4148A711EE93}] -> C:\WINDOWS\System32\srchadmin.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7B849a69-220F-451E-B3FE-2CB811AF94AE}] -> C:\Windows\System32\iedkcs32.dll [2021-11-10] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] -> C:\Windows\system32\scecli.dll [2021-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{8A28E2C5-8D06-49A4-A08C-632DAA493E17}] -> C:\WINDOWS\system32\gpprnext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] -> C:\Windows\system32\dot3gpclnt.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}] -> C:\Windows\system32\pwlauncher.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C34B2751-1CF4-44F5-9262-C3FC39666591}] -> C:\Windows\system32\pwlauncher.dll [2021-01-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] -> C:\Windows\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] -> C:\Windows\System32\iedkcs32.dll [2021-11-10] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}] -> C:\WINDOWS\system32\domgmt.dll [2021-10-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{e437bc1c-aa7d-11d2-a382-00c04f991e27}] -> C:\WINDOWS\System32\polstore.dll [2021-05-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{f3ccc681-b74c-4060-9f26-cd84525dca2a}] -> C:\Windows\system32\auditcse.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{FB2CA36D-0B40-4307-821B-A13B252DE56C}] -> C:\Windows\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] -> C:\Windows\system32\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
BootExecute: autocheck autochk *
AlternateShell: cmd.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AEDE6F-7E53-4CBE-B695-27CA6C265E2E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [5306408 2013-07-05] (Acer Incorporated -> Acer Incorporated)
Task: {06C749F5-F390-47ED-A9F4-567A2D5A32D1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0E1B169C-24AD-417D-B80F-F4DBFB402DC7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {14F85C21-B3B6-474F-A329-70427BE38BB0} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1738504 2015-09-04] (Intel(R) Software -> Intel Corporation)
Task: {15DCB1AD-667F-4A13-BD9A-F0D90C4E581B} - System32\Tasks\{7DBD5D9D-B46E-487A-8C4B-5AC1F26EC433} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {1EBD3074-9F59-4AA3-813B-EE9E525CB6F8} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe $(Arg0) (No File)
Task: {1F43FCC2-FE3D-42FD-BE12-BAE5F30C43BC} - System32\Tasks\WpsExternal_Jill_20220126092554 => C:\Users\Jill\AppData\Local\Kingsoft\WPS Office\11.2.0.10463\office6\wpscloudsvr.exe [1060552 2022-01-26] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {29619E57-65F3-47AC-91F4-28E2573EDEF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2D22B159-7CC4-4092-8424-A3D9F03AC835} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {412901A3-E641-4DFF-B845-96ACF8904E85} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4320606C-2C23-4526-924B-C6CBD245905C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {48BB0DD4-40EE-42F7-B60A-DDA9C3DA0260} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4904698F-B774-49C9-A0B5-27689618B190} - System32\Tasks\WpsUpdateTask_Jill => C:\Users\Jill\AppData\Local\Kingsoft\WPS Office\11.2.0.10463\office6\wpsupdate.exe [168648 2022-01-26] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {49C5A980-0155-4DF7-88EC-5D7608B68BF0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {4DF0BA89-391C-4EF7-B3D2-D6D8DB0AD2F6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafet yUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {54941C50-84C7-4AA2-B585-D55B0F299961} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {551DEED5-DE2E-43D4-BB83-45B3E365A17E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {57F2F003-5E04-47C4-89A2-13706E877BA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CD193FA-43CC-42ED-A43C-55F52B7A8DE0} - \WPD\SqmUpload_S-1-5-21-1674777451-104060087-3308858430-1001 -> No File <==== ATTENTION
Task: {6C405BED-4247-405E-A205-E905EB3ECAFC} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {6C5388D1-B336-482A-AD42-D2E6A4EF2CDC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {77E346EC-8040-4E39-8CDD-97FF5F0E8ED9} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {7A9AB7DB-4895-49D8-8D95-4897602F2E9C} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {8076261B-47A3-4D23-A264-91779DF02A57} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {865A272F-BF65-4F0D-AE2C-EB30BE839396} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump :5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\ba ckgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {91E1DA78-2E37-4A12-96C8-B68A9592505B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {96D24BE4-CF73-4849-9CAD-19742140D2F3} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [4150312 2013-07-09] (Acer Incorporated -> )
Task: {9CA690DA-0BC8-4C76-B35A-29FAEC0032E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C25DD8C7-C3EE-4893-A58A-F7689535C990} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\Backgro undConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CEAD830B-B3DD-4611-B7A9-367DF41603EF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D09E295C-A59B-4D10-92AE-1F16F5F4B944} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D194CF0A-1921-44E6-88A0-DC71672B4864} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D1C4FF04-0B7C-4BC6-96E1-1F7ED96435A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {DD2C952B-6BD3-43AA-B136-B5BC50724FC3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F32DEAF2-A66F-4FBD-AD22-DC9B5691ADE3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [40008 2013-01-23] (Acer Incorporated -> )
Task: {F861364F-FE2E-439C-BD55-CE9B2747E22C} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [437288 2013-08-02] (Acer Incorporated -> Acer Incorporate)
Task: {FE743BA9-6233-459D-A62F-BF3B67949D88} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe

==================== Internet (All) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\NLAapi.dll [71168 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\winrnr.dll [34304 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [324416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [70144 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [89088 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [89088 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\wshbth.dll [64000 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\system32\NLAapi.dll [97280 2021-08-11] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\System32\winrnr.dll [49152 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 13 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Winsock: Catalog9-x64 14 C:\Windows\system32\mswsock.dll [418416 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3fe48445-0898-421c-a97c-6f41d0267531}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4101d45e-0b8f-4eaa-8052-b75be5f143bc}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jill\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-25]
Edge HomePage: Default -> hxxps://?
Edge StartupUrls: Default -> "hxxps://?"
Edge DefaultSearchURL: Default -> hxxps://af.xdock.co?keyword={searchTerms}&pid=490&subid=49 02
Edge DefaultSearchKeyword: Default -> yahoo search
Edge DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}
StartMenuInternet: Microsoft Edge - "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

FireFox:
========
FF DefaultProfile: c5z23n9s.default
FF ProfilePath: C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Prof iles\c5z23n9s.default [2022-01-26]
FF Homepage: Mozilla\Firefox\Profiles\c5z23n9s.default -> hxxps://mynewtab.co?pId=BT170603&searchEngine=bing&iDate=2 021-11-15 11:29:19
FF NewTab: Mozilla\Firefox\Profiles\c5z23n9s.default -> hxxps://mynewtab.co?pId=BT170603&searchEngine=bing&iDate=2 021-11-15 11:29:19
FF Notifications: Mozilla\Firefox\Profiles\c5z23n9s.default -> hxxps://www.cruisecritic.com.au; hxxps://www.slotomania.com
FF HomepageOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: _b7Members_@free.mytransitguide.com
FF HomepageOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: avg@safeguard
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: _b7Members_@free.mytransitguide.com
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Disabled: avg@safeguard
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Enabled: @contain-facebook
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Enabled: ddg@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Enabled: wikipedia@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Enabled: google@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Enabled: bing@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\c5z23n9s.default -> Enabled: amazondotcom@search.mozilla.org
FF Extension: (Facebook Container) - C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Prof iles\c5z23n9s.default\Extensions\@contain-facebook.xpi [2021-08-05]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Prof iles\c5z23n9s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-25]
FF Extension: (Add-ons Search Detection) - C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Prof iles\c5z23n9s.default\features\{122c1021-55b2-487b-a76a-b90c987bd5be}\addons-search-detection@mozilla.com.xpi [2021-11-06]
FF Extension: (Reset Search Defaults) - C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Prof iles\c5z23n9s.default\features\{122c1021-55b2-487b-a76a-b90c987bd5be}\reset-search-defaults@mozilla.com.xpi [2021-11-06]
FF SearchPlugin: C:\Users\Jill\AppData\Roaming\Mozilla\Firefox\Prof iles\c5z23n9s.default\searchplugins\Yahoo Search.xml [2022-01-25]
FF Extension: (DoH Roll-Out) - C:\Program Files (x86)\Mozilla Firefox\browser\features\doh-rollout@mozilla.org.xpi [2020-08-28] [not signed]
FF Extension: (Form Autofill) - C:\Program Files (x86)\Mozilla Firefox\browser\features\formautofill@mozilla.org. xpi [2021-11-03] [not signed]
FF Extension: (Picture-In-Picture) - C:\Program Files (x86)\Mozilla Firefox\browser\features\pictureinpicture@mozilla. org.xpi [2021-06-05] [not signed]
FF Extension: (Proxy Failover) - C:\Program Files (x86)\Mozilla Firefox\browser\features\proxy-failover@mozilla.com.xpi [2021-11-03] [not signed]
FF Extension: (Firefox Screenshots) - C:\Program Files (x86)\Mozilla Firefox\browser\features\screenshots@mozilla.org.x pi [2022-01-13] [not signed]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2021-06-05] [not signed]
FF Extension: (Web Compatibility Interventions) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi [2022-01-13] [not signed]
FF HKLM\...\Mozilla Firefox 96.0.2\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => not found
FF HKLM\...\Mozilla Firefox 96.0.2\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins => not found
FF HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Mozilla Firefox 96.0.2\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => not found
FF HKU\S-1-5-21-1674777451-104060087-3308858430-1001\...\Mozilla Firefox 96.0.2\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp .dll [2015-04-03] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-25] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\channel-prefs.js [2015-05-14]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default [2022-01-26]
CHR Notifications: Default -> hxxps://hov-prd-apps.productmadness.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://?
CHR StartupUrls: Default -> "hxxps://?"
CHR DefaultSearchURL: Default -> hxxps://find.fnavigate-now.com/results.aspx?q={searchTerms}&gd=SY1004294&searchso urce=58&d=2021-11-15 11:29:19&n=9998
CHR DefaultSearchKeyword: Default -> yahoo search
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}
CHR Extension: (Safe Torrent Scanner) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnal hlkkjb [2022-01-25]
CHR Extension: (Docs) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-12-27]
CHR Extension: (YouTube) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2022-01-25]
CHR Extension: (Google Search) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-30]
CHR Extension: (Tampermonkey) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmp obfkfo [2021-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2022-01-25]
CHR Extension: (True Key™ by McAfee) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghf pinncn [2020-12-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-12-27]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

==================== Services (All) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Reply With Quote