Tech Support Forum banner
Status
Not open for further replies.
1 - 17 of 17 Posts

·
Registered
Joined
·
335 Posts
Discussion Starter · #1 ·
Laptop is getting real slow. Lots of issues left and right, windows not opening, not closing, taking forever to open or close. Windows app not working correctly.
I have very few programs at startup and have run windows utilities. It won't let me post FRST, I keep getting an error message that "we ran into a problem". I tried all day from 2 browsers, rebooted twice and logged off the site twice and logged back on.

Thanks and sorry

Pat
 

Attachments

·
Moderator , Security Team
Joined
·
2,066 Posts
Looking over your logs. Dependant on how much I need to research this may or may not take a while. Back as soon as I've finished.
 

·
Moderator , Security Team
Joined
·
2,066 Posts
OK, first thing you should do is uninstall the following programs ....

Avira Security
WebAdvisor by McAfee


... and rely on Windows Security for your protection. There is absolutely no need these days for a 3rd party AV, they are resource hungry, and will almost certainly be one of the causes of your machine slowing down.

Once you've done that, reboot your computer (this is important) then run a new scan with FRST and attach a new set of logs in your next reply.

There are other things that need doing, but it's better if we get these unecessary programs out of the way first, since it will make dealing with the other things easier.
 

·
Registered
Joined
·
335 Posts
Discussion Starter · #6 ·
Both uninstalled and rebooted. Am I currently protected without Avira?

Thanks


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2022
Ran by vaind (24-05-2022 03:40:10)
Running from C:\Users\vaind.DESKTOP-NEA4LBS\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) (2020-10-05 14:51:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3189469036-2919242049-717735451-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3189469036-2919242049-717735451-503 - Limited - Disabled)
Guest (S-1-5-21-3189469036-2919242049-717735451-501 - Limited - Disabled)
vaind (S-1-5-21-3189469036-2919242049-717735451-1001 - Administrator - Enabled) => C:\Users\vaind.DESKTOP-NEA4LBS
WDAGUtilityAccount (S-1-5-21-3189469036-2919242049-717735451-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-4ca7de82-0cba-46f5-baa8-65f1a6b0a65a) (Version: 3.0.2.118 - WildTangent) Hidden
5KPlayer 4.2 (HKLM-x32\...\5KPlayer_is1) (Version: - DearMob, Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.07.2004 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM-x32\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{4335EAF1-21F1-43D3-8F6F-D7E481E6959A}) (Version: 3.3.19180.60 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM-x32\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3030 - Acer Incorporated)
Acer UEIP Framework (HKLM-x32\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3009 - Acer Incorporated)
AnyTrans for Cloud (HKLM-x32\...\AnyTrans for Cloud) (Version: - iMobie Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\Host App Service) (Version: 0.273.4.447 - SweetLabs) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM-x32\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 2.4.0.1962 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM-x32\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG3200 series MP Drivers (HKLM-x32\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.02 - Canon Inc.)
CDisplayEx 1.10.29 (HKLM-x32\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Chromium (HKLM-x32\...\{ADE44524-FD64-94A4-4CE4-E4249C6437A4}) (Version: - )
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
Dolby Audio X2 Windows API SDK (HKLM-x32\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM-x32\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.6.3.48 - Dolby Laboratories, Inc.)
DriverSetupUtility (HKLM-x32\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
eBay Weblink (HKLM-x32\...\{7F3596EF-B661-43EE-A321-AD3C3EB9B525}) (Version: 1.16.0726 - Acer)
Free Blu-ray Player version 1.7 (HKLM-x32\...\Free Blu-ray Player_is1) (Version: 1.7 - Amazing Studio)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 101.0.4951.67 - Google LLC)
Home Makeover (HKLM-x32\...\WTA-38147f6e-f65c-45d8-96a3-556591410347) (Version: 3.0.2.59 - WildTangent) Hidden
iCloud (HKLM-x32\...\{01B1B2F2-22F4-4D1F-9303-8515A7ADD966}) (Version: 7.20.0.17 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{8E1338CD-2B65-47CB-94F1-8092443EC46B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{E04E7192-DD1D-4266-80F3-D5C94E264B9D}) (Version: 11.5.0.1015 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4475 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{B66F70B4-34E5-429A-9F55-7129E0833A45}) (Version: 14.8.0.1042 - Intel Corporation) Hidden
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM-x32\...\{3973721B-C2ED-4505-98B6-752897ECF2F1}) (Version: 1.42.680.1 - Intel Corporation) Hidden
Jewel Match 3 (HKLM-x32\...\WTA-f7df60dc-940f-4beb-ac18-4d39d3ac8fbd) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-cf256b7d-1f0d-43ee-8c52-5b3c2bea1b85) (Version: 3.0.2.118 - WildTangent) Hidden
Kingsoft Office 2013 (9.1.0.4550) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.)
Magic Academy (HKLM-x32\...\WTA-35f34fdf-2f7d-455d-a034-161b3439986a) (Version: 2.2.0.97 - WildTangent) Hidden
MediaPlayerLite 0.5.4.0 (HKLM-x32\...\MediaPlayerLite) (Version: 0.5.4.0 - MediaPlayerLite)
Microsoft OneDrive (HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\OneDriveSetup.exe) (Version: 22.089.0426.0003 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM-x32\...\Mozilla Firefox 100.0.2 (x64 en-US)) (Version: 100.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla)
MTG Arena (HKLM-x32\...\{C99A35F3-4EC8-400A-9AE9-00A3B82C4E5C}) (Version: 0.1.3923 - Wizards of the Coast)
Munbyn Printer Driver Setup version 2.4.6 (HKLM-x32\...\{2B148502-6201-41DA-94B9-9F56F07BB58F}_is1) (Version: 2.4.6 - Munbyn)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15128.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM-x32\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM-x32\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 86.0.4363.59 (HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\Opera 86.0.4363.59) (Version: 86.0.4363.59 - Opera Software)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
PlayStation™Now (HKLM-x32\...\{EF97D349-B946-4379-BF2F-8946B0C387D5}) (Version: 11.2.3 - Sony Interactive Entertainment Network America LLC)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-5f7e46cb-1a4e-46f1-9370-3aaec4cb83ff) (Version: 3.0.2.59 - WildTangent) Hidden
Priceline.com Weblink (HKLM-x32\...\{4A9B758D-CBDA-43EA-A5AF-EE25206E3507}) (Version: 1.16.0726 - Acer)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10260 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM-x32\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.217 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7874 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-65091581-14d9-497f-b4b3-af17655ed43e) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-9ab50db8-d6b3-4dff-8bae-b85702d47151) (Version: 3.0.2.126 - WildTangent) Hidden
Spotify Weblink (HKLM-x32\...\{8CADF0CB-E834-4019-9B11-B84E051F2A8E}) (Version: 1.16.1210 - Acer)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM-x32\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM-x32\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
USBFast (HKLM-x32\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.30 - Prolific Technology Inc.)
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
WD Desktop App 2.1.0.322 (HKLM-x32\...\{9478cae3-730b-4ffe-b22b-ae8b7787f5d5}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.322 (x64) (HKLM-x32\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.336 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
Web Companion (HKLM-x32\...\{5673d968-230e-4437-a77a-5fa51cf569bf}) (Version: 7.0.2367.4198 - Lavasoft)
wgaiperStateIS (HKLM-x32\...\{B38E1DF3-6E8B-4A40-883F-25351E8D291F}) (Version: 021.000.0106 - Intuit Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.1.1.12 - WildTangent) Hidden
WinRAR 6.00 beta 2 (64-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.00.2 - win.rar GmbH)
WPS Office (11.2.0.11130) (HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\Kingsoft Office) (Version: 11.2.0.11130 - Kingsoft Corp.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2022-04-19] (Amazon.com)
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.4.12.0_x86__ffd303wmbhcjt [2022-05-06] (BreeZip) [MS Ad]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.80.6.0_x64__kgqvnymyfvs32 [2022-05-12] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.218.300.0_x64__kgqvnymyfvs32 [2022-05-21] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-01-18] (Canon Inc.)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.4.14.0_x86__xcg28tkrsnqww [2021-10-07] (Cool File Viewer)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.81.2.0_x64__kgqvnymyfvs32 [2022-05-21] (king.com)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.40.5.0_x64__ypmq2qh89vmny [2022-01-24] (Turnipsoft)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-28] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa [2022-05-21] (Apple Inc.) [Startup Task]
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2016-12-25] (AMZN Mobile LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.5120.0_x64__8wekyb3d8bbwe [2022-05-21] (Microsoft Studios) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-12] (MAGIX)
MyeBooks -> C:\Program Files\WindowsApps\DigiBooks4AlleBookStoreSa.MyeBooks_3.0.0.2_x64__93n446smwwfqc [2022-01-24] (DIGIBOOKS4ALL S.A.)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-18] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3189469036-2919242049-717735451-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3189469036-2919242049-717735451-1001_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Kingsoft\WPS Office\11.2.0.11130\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
SSODL: WDFSMountNotificator-wdfsconnect2017 - {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-06-26] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-07-24] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-06-26] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3189469036-2919242049-717735451-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll [2022-05-06] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-3189469036-2919242049-717735451-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll [2022-05-06] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-01-13 03:42 - 2022-03-03 22:23 - 126965248 _ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2021-01-13 03:42 - 2021-11-17 07:38 - 000384000 _ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2021-01-13 03:42 - 2021-11-17 07:38 - 008006656 _ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2022-01-14 18:47 - 2022-01-14 18:47 - 001987072 _ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\ffmpeg.dll
2022-01-14 18:47 - 2022-01-14 18:47 - 000117248 _ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libegl.dll
2022-01-14 18:47 - 2022-01-14 18:47 - 002250240 _ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libglesv2.dll
2021-07-26 03:54 - 2021-07-26 03:54 - 002637985 _ () [File not signed] C:\Program Files\WD Desktop App\libfusewdfs.dll
2022-01-18 21:12 - 2012-06-14 18:18 - 000359936 _ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2021-01-13 03:43 - 2022-03-03 22:23 - 000983552 _ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3189469036-2919242049-717735451-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0}' -> No File
BHO-x32: No Name -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0}' -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2020-01-15 22:07 - 000002103 _ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

2021-12-11 13:54 - 2022-01-03 10:45 - 000000445 _ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vaind.DESKTOP-NEA4LBS\Desktop\Buddybeast.gif
DNS Servers: 192.168.254.254 - 207.91.5.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "5KPlayer.exe"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{14BDE21B-32D6-4DB7-A7FE-443947090DAF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6105D1F-B8AB-461D-B19F-C29278E927B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3221BA93-476D-459E-B7F6-3406935675E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{182673C2-C84D-4573-9FE5-7457678E8063}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{049EF3DC-5BA6-4A57-A34D-92B23081AC09}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{99975363-34C1-4849-9C44-535B92DC9735}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C9FECC3F-4BCA-488C-9C3D-54C04168B10E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{45F5549D-87FB-4892-B56C-6689D7F34A6E}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{A267B1E9-2F0E-46FA-A879-5D7B62708029}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{8E177DA8-22A6-4069-85E4-66C7943F4805}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{57B79DAC-09B4-437E-BF78-C7EC4820CE7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{D437FA89-1AF7-47C8-885A-ABC742B85FD4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{8C60C4D8-50E0-4910-9214-E54636283D0A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [TCP Query User{F8998569-F9AF-4356-9950-90CC99CE543E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> )
FirewallRules: [UDP Query User{0C49878E-ABC2-4DC0-A024-8A8F7C46E79A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> )
FirewallRules: [{AC73D2EF-09A7-4D97-8BF2-A796B903F6F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C645C3E4-276B-4CFF-AFBB-4744DA12586F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{55C48762-522A-4675-BAA9-749F19DB4976}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EBE1C070-876F-4E20-A39F-776B73CD7CAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe () [File not signed]
FirewallRules: [{F98C827B-4295-4F2C-86BA-300635E1AAAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe () [File not signed]
FirewallRules: [{4F133B99-41DA-4687-869E-9EF986834C8C}] => (Allow) C:\Users\vaind\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{202621A9-1B57-4500-9301-95608B248782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KFIncursion\Incursion.exe () [File not signed]
FirewallRules: [{FE5FC342-1B65-457F-8A6A-DCADBCA40206}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KFIncursion\Incursion.exe () [File not signed]
FirewallRules: [TCP Query User{3A46394C-D172-42D5-9670-D03332CA657D}C:\program files (x86)\steam\steamapps\common\kfincursion\incursion\binaries\win64\incursion-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kfincursion\incursion\binaries\win64\incursion-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{DFD53629-26A4-4270-8E9E-5C3C7931F3A6}C:\program files (x86)\steam\steamapps\common\kfincursion\incursion\binaries\win64\incursion-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kfincursion\incursion\binaries\win64\incursion-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{1053D644-6452-4B1E-949D-CEDDF20271C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadows Awakening\shadows.exe () [File not signed]
FirewallRules: [{3986B10D-6191-4265-B028-1E2A32EE6C6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadows Awakening\shadows.exe () [File not signed]
FirewallRules: [{BDD1688B-A388-4CD1-B7FD-39178444FB83}] => (Allow) C:\Program Files (x86)\PlayStationNow\psnowlauncher.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment Network America LLC)
FirewallRules: [{7F0FBC27-3652-47E0-AB3B-A2A75FA4B3B1}] => (Allow) C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Gaikai\CrashReports\dumpupload.exe (Sony Interactive Entertainment LLC -> )
FirewallRules: [{E8A492E1-4FF0-439E-ADA2-17A5AAF2A9AA}] => (Allow) C:\Program Files (x86)\PlayStationNow\unidater.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment)
FirewallRules: [TCP Query User{236FB207-45F8-412B-B34E-8E4EBE240A98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{CB0B1FC5-449C-46E4-8F4F-77E5BAE02719}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D924C5CF-5124-4CBB-9F40-EBECA639FDC8}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{9FC6F587-AACF-4265-9FE7-E91CD6706DAF}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{DA5B57E4-8216-49B0-81BF-7D1F67B387D8}] => (Block) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{3EA93F30-108A-4BE3-9F27-0B2C2234609B}] => (Block) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{F4CEA6BC-EBF2-47F8-BB90-4AB60923B401}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C57592E2-8131-41CD-8666-106FEB410CAC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{DFAA32CA-DE96-43B5-B0E9-6BC5AD894C3D}C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe] => (Allow) C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [UDP Query User{C578205D-349F-492B-BFC0-0851B7BB4458}C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe] => (Allow) C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D3D50D60-8864-4BF1-B1C6-878BC182F006}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{3A4D4C4E-9E5A-4CCC-946C-C5483F2D4028}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CB7303AC-D73E-4C41-9F09-7F4380E398B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{7E00B1BC-9F96-4BED-8B83-BC230B685626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{31C8EBBF-3EFF-4FFD-ACC2-FB3F2E943EB3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36EC94A2-5DB9-4A5F-9CCE-DC7322A69A9A}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2021\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{17A11D78-54DC-4036-B136-2B7A32795C6B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{3F13F5BF-13E2-45A3-8023-4A45D3E2AE57}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{957B5295-3DFD-41B2-84FC-EBA2720845DA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{FD1ABA25-30BE-4B8F-9F77-8138F989F596}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F7C5E320-364E-418E-A1F1-9E3A2D361571}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F86CED53-FC08-4992-92A9-6E913164A347}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8FC9B426-6655-4943-8016-7B59C4941B9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C1E1F06D-8BE4-406A-98AC-815538B6BD16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E47E332A-2126-4B9D-8F23-5160FA2F2B01}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C7B53A67-17FE-4224-8479-839B822661E2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6190C9EC-C751-4310-A1B6-D47AF94F788B}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{A34BAAAC-9F4A-4E32-B9FB-BF11E9FA2FAF}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{AAB1DD96-AB2D-4FC0-BF99-3B1FE5B64FE2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5CD07AD1-147A-4B57-9052-5A32645C5D39}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{73BA2DF7-1F90-4A87-A4D7-4524C56DB9D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6817D49A-E23B-4B5C-8958-A72DA44A0D33}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5603C2D8-C6E4-440B-BB7B-3A39537E47B0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7494BC6-7276-4250-97A4-1BB9C7A308C7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB4AF91F-C116-4971-B72E-77D252EA05ED}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CEBB2868-849B-49F3-92C3-BC2588363895}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{450432A0-A85E-4623-9B61-485AA8F0A047}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6B21DD28-3FA2-47B5-9B36-B5AD8B845C14}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\101.0.1210.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

03-05-2022 20:01:44 Scheduled Checkpoint
11-05-2022 13:56:07 Windows Modules Installer
13-05-2022 09:50:34 Windows Modules Installer
23-05-2022 13:40:18 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/24/2022 03:12:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: kdd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
at System.Diagnostics.Process.GetProcessById(Int32, System.String)
at System.Diagnostics.Process.GetProcessById(Int32)
at wdc.DesktopApp.ServiceWrapper.KDDProcess.Start()
at wdc.DesktopApp.ServiceWrapper.KDDProcess.Kdd_Exited(System.Object, System.EventArgs)
at System.Diagnostics.Process.OnExited()
at System.Diagnostics.Process.RaiseOnExited()
at System.Diagnostics.Process.CompletionCallback(System.Object, Boolean)
at System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context(System.Object, Boolean)
at System.Threading._ThreadPoolWaitOrTimerCallback.WaitOrTimerCallback_Context_f(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Error: (05/23/2022 06:51:32 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (05/23/2022 02:33:11 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Acer (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/23/2022 02:15:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2021.21090.10008.0, time stamp: 0x616f6f86
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1706, time stamp: 0x458acb5b
Exception code: 0xc000027b
Fault offset: 0x000000000010fa32
Faulting process id: 0x2120
Faulting application start time: 0x01d86eb12da21677
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 637a1f06-1ef7-4c72-9d28-c52922c57ba4
Faulting package full name: Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (05/23/2022 11:35:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-NEA4LBS.local already in use; will try DESKTOP-NEA4LBS-2.local instead

Error: (05/23/2022 11:35:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-NEA4LBS.local. Addr 192.168.254.74

Error: (05/23/2022 11:35:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.254.74:5353 16 DESKTOP-NEA4LBS.local. AAAA 2604:CB00:091B:6B00:88FA:16A8:8614:2D7A

Error: (05/23/2022 11:35:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-NEA4LBS.local. AAAA FE80:0000:0000:0000:88FA:16A8:8614:2D7A


System errors:
=============
Error: (05/24/2022 03:23:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (05/24/2022 03:20:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (05/24/2022 03:14:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee WebAdvisor service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/24/2022 03:14:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/24/2022 02:55:44 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NEA4LBS)
Description: The server 4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8!Netflix.App.AppX5pc7brg014reh5jmy9aek351wvkx5hkm.wwa did not register with DCOM within the required timeout.

Error: (05/23/2022 07:42:33 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Error: (05/23/2022 07:15:27 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Error: (05/23/2022 02:35:27 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly. Please restart your computer to reset the TPM hardware. For further assistance on this hardware issue, please contact the computer manufacturer for more information.


Windows Defender:
================Event[0]:

Date: 2022-05-24 03:15:16
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-05-22 18:38:12
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-05-21 19:24:09
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-05-21 10:26:45
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-05-21 10:20:20
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

CodeIntegrity:
===============
Date: 2022-05-24 03:08:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.05 07/28/2016
Motherboard: Acer Megatron_SK
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 8060.13 MB
Available physical RAM: 4341.32 MB
Total Virtual: 9660.13 MB
Available Virtual: 5950.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:448.48 GB) (Model: WDC WD10SPCX-24HWST1) NTFS
Drive d: () (Removable) (Total:119.05 GB) (Free:95.8 GB) exFAT

\\?\Volume{062da98a-9d45-4518-8aec-ac0d83ae337a}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{a720952a-d559-4b0c-900b-b526d62a5220}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6916E299)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 119.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

Attachments

·
Moderator , Security Team
Joined
·
2,066 Posts
Please uninstall the following program ....

Avira Privacy Pal

Next ...


  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include Code: ) be careful to get it all, you'll probably need to scroll down the code window to do so .....
Code:
services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\Run: [utweb] => "C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {336273DD-BA9C-4508-B5B8-CD5E0AFB99CA} - \Opera scheduled assistant Autoupdate 1577051075 -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
FF Homepage: Mozilla\Firefox\Profiles\c6o2qnsk.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2020-11-26 07:50:52&bName=
FF NewTab: Mozilla\Firefox\Profiles\c6o2qnsk.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2020-11-26 07:50:52&bName=
FF SearchPlugin: C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\Mozilla\Firefox\Profiles\c6o2qnsk.default\searchplugins\Search Now.xml [2020-11-26]
FF Homepage: Mozilla\Firefox\Profiles\ro1tmtlw.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2020-11-26 07:50:52&bName=
FF NewTab: Mozilla\Firefox\Profiles\ro1tmtlw.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2020-11-26 07:50:52&bName=
FF Notifications: Mozilla\Firefox\Profiles\ro1tmtlw.default-release -> hxxps://anglingtimes.os.tc; hxxps://www95.elbaestes.pro; hxxps://www.france24.com
FF SearchPlugin: C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\Mozilla\Firefox\Profiles\ro1tmtlw.default-release\searchplugins\Search Now.xml [2020-11-26]
CHR Notifications: Default -> hxxps://ocsnext.ebay.com; hxxps://www.carnalor.com; hxxps://www.overstockbait.com; hxxps://www68.elbaestes.pro; hxxps://www79.elbaestes.pro
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3000608 2022-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
C:\Program Files (x86)\Avira
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
C:\Program Files\McAfee
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3189469036-2919242049-717735451-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
BHO: No Name -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0}' -> No File
BHO-x32: No Name -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0}' -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\webcompanion.com -> hxxp://webcompanion.com
Hosts:
EmptyTemp:
Cmd: ipconfig /flushdns
Reboot:
  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

It is not clear whether Windows Defender is enabled on your machine. Normally it will automatically activate if Windows does not detect the presence of a 3rd party AV program on your machine, however sometimes if a AV has not uninstalled completely this does not happen.

So, first thing to do is see whether you can activate Windows Security manually ...

Select Start > Settings > Update & Security > Windows Security and then Virus & threat protection > Manage settings

... check all protections are enabled, if not enable them.

Only if you're unable to enable Windows Security please do the following ...

  • Double click Frst64.exe to launch it.
  • FRSTwill start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
  • Searchall: Avira
    • Press the Search Files button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.
 

·
Registered
Joined
·
335 Posts
Discussion Starter · #8 ·
About windows security, I got lost here:

Select Start > Settings > Update & Security > Windows Security and then Virus & threat protection > Manage settings

I could not find "Managed settings" on the page.I join you a pic. But everything seems to be protected.



Fix result of Farbar Recovery Scan Tool (x64) Version: 23-05-2022
Ran by vaind (24-05-2022 21:00:12) Run:1
Running from C:\Users\vaind.DESKTOP-NEA4LBS\Desktop\New folder
Loaded Profiles: vaind
Boot Mode: Normal
==============================================

fixlist content:
*
services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\Run: [utweb] => "C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {336273DD-BA9C-4508-B5B8-CD5E0AFB99CA} - \Opera scheduled assistant Autoupdate 1577051075 -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
FF Homepage: Mozilla\Firefox\Profiles\c6o2qnsk.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2020-11-26 07:50:52&bName=
FF NewTab: Mozilla\Firefox\Profiles\c6o2qnsk.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2020-11-26 07:50:52&bName=
FF SearchPlugin: C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\Mozilla\Firefox\Profiles\c6o2qnsk.default\searchplugins\Search Now.xml [2020-11-26]
FF Homepage: Mozilla\Firefox\Profiles\ro1tmtlw.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2020-11-26 07:50:52&bName=
FF NewTab: Mozilla\Firefox\Profiles\ro1tmtlw.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2020-11-26 07:50:52&bName=
FF Notifications: Mozilla\Firefox\Profiles\ro1tmtlw.default-release -> hxxps://anglingtimes.os.tc; hxxps://www95.elbaestes.pro; hxxps://www.france24.com
FF SearchPlugin: C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\Mozilla\Firefox\Profiles\ro1tmtlw.default-release\searchplugins\Search Now.xml [2020-11-26]
CHR Notifications: Default -> hxxps://ocsnext.ebay.com; hxxps://www.carnalor.com; hxxps://www.overstockbait.com; hxxps://www68.elbaestes.pro; hxxps://www79.elbaestes.pro
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3000608 2022-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
C:\Program Files (x86)\Avira
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
C:\Program Files\McAfee
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {1351AA41-0024-48C4-B408-B050FBA40A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEtByEzytD0FtCtCyB0DtBtA0D0FzyzytN0D0Tzu0StCzytCyBtN1L2XzutAtFtByCtFtBtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0FyD0ByEtA0D0BtGyByCzztAtGyBtByCtAtGtD0Dzz0DtGyCyDtB0DyEtCyD0AyC0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyC0B0EtBtC0AtGzy0B0EtCtGyE0C0F0FtGzyyByC0EtGtCtAzztDyDyDyB0EtB0E0DyE2QtN0A0LzuyE%26cr%3D834699642%26a%3Dwbf_fs_17_13%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3189469036-2919242049-717735451-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL =
BHO: No Name -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0}' -> No File
BHO-x32: No Name -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0}' -> No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\webcompanion.com -> hxxp://webcompanion.com
Hosts:
EmptyTemp:
Cmd: ipconfig /flushdns
Reboot:
*

services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-3189469036-2919242049-717735451-1001\Software\Microsoft\Windows\CurrentVersion\Run\\utweb" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{336273DD-BA9C-4508-B5B8-CD5E0AFB99CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336273DD-BA9C-4508-B5B8-CD5E0AFB99CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1577051075" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => removed successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\Mozilla\Firefox\Profiles\c6o2qnsk.default\searchplugins\Search Now.xml => moved successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
"FF Notifications:" => removed successfully
C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\Mozilla\Firefox\Profiles\ro1tmtlw.default-release\searchplugins\Search Now.xml => moved successfully
"Chrome Notifications" => removed successfully
AviraOptimizerHost => service not found.
C:\Program Files (x86)\Avira => moved successfully
HKLM\System\CurrentControlSet\Services\McAfee WebAdvisor => removed successfully
McAfee WebAdvisor => service removed successfully
"C:\Program Files\McAfee" => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1351AA41-0024-48C4-B408-B050FBA40A2E} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1351AA41-0024-48C4-B408-B050FBA40A2E} => removed successfully
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F423EA1-5D7D-44A7-9E62-BE78A24F86C0}' => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F423EA1-5D7D-44A7-9E62-BE78A24F86C0}' => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\dssrequest => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => removed successfully
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20904910 B
Java, Discord, Steam htmlcache => 17795479 B
Windows/system/drivers => 8761748 B
Edge => 1368879 B
Chrome => 862250186 B
Firefox => 1311566398 B
Opera => 14821998 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 307314 B
NetworkService => 3513924 B
vaind.DESKTOP-NEA4LBS => 530042970 B

RecycleBin => 3061074714 B
EmptyTemp: => 5.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-05-2022 21:26:22)

C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Hosts restored successfully.

==== End of Fixlog 21:26:23 ====
 

Attachments

·
Moderator , Security Team
Joined
·
2,066 Posts
The Manage Settings is on the left hand side (in blue) under the Virus & threat protection settings section title

As it also says No action needed then we can assume that Windows Security is enabled.

So, what I need you to do now is as follows ...

  • Download ... ADWCleaner
  • Follow these ... Instructions ... for how to use it.
    • Do not select any of your pre-installed programs for removal
  • Please post me a copy of the logfile produced.
    • Click on the Log Files tab
    • Double click on the logfile listed and it will open in Notepad
    • Copy/paste it in your next reply

Next ...

Please run a new scan with FRST, and attach your new Frst.txt and Addition.txt logs.
 

·
Registered
Joined
·
335 Posts
Discussion Starter · #10 ·
The Manage Settings is on the left hand side (in blue) under the Virus & threat protection settings section title

As it also says No action needed then we can assume that Windows Security is enabled.

So, what I need you to do now is as follows ...

  • Download ... ADWCleaner
  • Follow these ... Instructions... for how to use it.
    • Do not select any of your pre-installed programs for removal
  • Please post me a copy of the logfile produced.
    • Click on the Log Files tab
    • Double click on the logfile listed and it will open in Notepad
    • Copy/paste it in your next reply

Next ...

Please run a new scan with FRST, and attach your new Frst.txt and Addition.txt logs.
 

·
Registered
Joined
·
335 Posts
Discussion Starter · #11 ·
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-25-2022
# Duration: 00:00:44
# OS: Windows 10 Home
# Scanned: 32040
# Detected: 114


* [ Services ] *

PUP.Optional.Legacy WCAssistantService

* [ Folders ] *

Adware.pokki C:\Users\Default\AppData\Local\Host App Service
Adware.pokki C:\Users\Public\App Explorer
Adware.pokki C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Host App Service
Adware.pokki C:\Users\vaind\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
PUP.Optional.WebCompanion C:\Program Files (x86)\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WebCompanion C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
PUP.Optional.WebCompanion C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\Lavasoft\Web Companion

* [ Files ] *

Adware.pokki C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\eBay.lnk
PUP.Optional.Legacy C:\Users\vaind\AppData\Roaming\Mozilla\Firefox\Profiles\xoha433w.default\searchplugins\yahoo! powered search.xml

* [ DLL ] *

No malicious DLLs found.

* [ WMI ] *

No malicious WMI found.

* [ Shortcuts ] *

No malicious shortcuts found.

* [ Tasks ] *

Adware.pokki C:\Windows\System32\Tasks\APP EXPLORER

* [ Registry ] *

Adware.pokki HKCU\Software\App Host Service
Adware.pokki HKCU\Software\Host App Service
Adware.pokki HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AED22C52-A342-4783-8EEB-09DDED45C527}
Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5673d968-230e-4437-a77a-5fa51cf569bf}|DisplayIcon
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5673d968-230e-4437-a77a-5fa51cf569bf}|DisplayName
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5673d968-230e-4437-a77a-5fa51cf569bf}|UninstallString
PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

* [ Chromium (and derivatives) ] *

No malicious Chromium entries found.

* [ Chromium URLs ] *

Adware.SearchDimension Search Dimension
Adware.SearchDimension Search Dimension

* [ Firefox (and derivatives) ] *

No malicious Firefox entries found.

* [ Firefox URLs ] *

No malicious Firefox URLs found.

* [ Hosts File Entries ] *

No malicious hosts file entries found.

* [ Preinstalled Software ] *

Preinstalled.ACERAOPFramework Folder C:\Program Files (x86)\ACER\AOP FRAMEWORK
Preinstalled.ACERAOPFramework Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4A37A114-702F-4055-A4B6-16571D4A5353}
Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2592A86-7691-4BEF-BB5D-43AC02A5DE17}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C51F00C-199B-4BB9-87CB-2EF5EDA129CE}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2592A86-7691-4BEF-BB5D-43AC02A5DE17}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719}
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Preinstalled.AcerConfigurationManager Folder C:\Program Files (x86)\ACER\AMUNDSEN\2.1.16258
Preinstalled.AcerConfigurationManager Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{362DF267-5593-4CC1-A7A2-E6022C14165B}
Preinstalled.AcerConfigurationManager Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCMUpdateTask2.1.16258
Preinstalled.AcerConfigurationManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{414D554E-4453-454E-0201-000000016258}
Preinstalled.AcerConfigurationManager Task C:\Windows\System32\Tasks\ACERCMUPDATETASK2.1.16258
Preinstalled.AcerJumpstart Folder C:\Program Files (x86)\ACER\ACER JUMPSTART
Preinstalled.AcerPortal Folder C:\Program Files (x86)\ACER\ACER PORTAL
Preinstalled.AcerPortal Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89BFAA90-D54C-448A-8F1B-D30826EBA7A5}
Preinstalled.AcerPortal Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCloud
Preinstalled.AcerPortal Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}
Preinstalled.AcerPortal Task C:\Windows\System32\Tasks\ACERCLOUD
Preinstalled.AcerQuickAccess Folder C:\Program Files\ACER\ACER QUICK ACCESS
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DF22536-4844-4972-8416-0A7DF43058D6}
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Preinstalled.AcerQuickAccess Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}
Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\QUICK ACCESS
Preinstalled.AcerUEIPFramework Folder C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\FRAMEWORK
Preinstalled.AcerUEIPFramework Folder C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\PLUGIN\APPMONITOR
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F36EE68-1A8A-4291-A6F3-35DE2D2C6855}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.AcerabBox Registry HKLM\Software\Classes\CLSID\{5CCE71FA-9F61-4F24-9CD1-98D819B40D68}
Preinstalled.AcerabBox Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{5CCE71FA-9F61-4F24-9CD1-98D819B40D68}
Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8
Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer_For_P2G8
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLVirtualDrive
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPowerDVD Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{148AAD1C-466F-4FA1-8912-FA5F1AE4FD83}
Preinstalled.LenovoPowerDVD Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PDVDServ12 Task
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Task C:\Windows\System32\Tasks\PDVDSERV12 TASK
Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\12 LABOURS OF HERCULES III GIRL POWER
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\HOME MAKEOVER
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\JEWEL MATCH 3
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\JEWEL MATCH SNOWSCAPES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\MAGIC ACADEMY
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\POLAR BOWLER 1ST FRAME
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\RUNEFALL
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-acer-vegasworld
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-acer-villagersandheroes
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-acer-genres
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-acer-main
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer
Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-05-2022
Ran by vaind (25-05-2022 21:13:24)
Running from C:\Users\vaind.DESKTOP-NEA4LBS\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1706 (X64) (2020-10-05 14:51:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3189469036-2919242049-717735451-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3189469036-2919242049-717735451-503 - Limited - Disabled)
Guest (S-1-5-21-3189469036-2919242049-717735451-501 - Limited - Disabled)
vaind (S-1-5-21-3189469036-2919242049-717735451-1001 - Administrator - Enabled) => C:\Users\vaind.DESKTOP-NEA4LBS
WDAGUtilityAccount (S-1-5-21-3189469036-2919242049-717735451-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-4ca7de82-0cba-46f5-baa8-65f1a6b0a65a) (Version: 3.0.2.118 - WildTangent) Hidden
5KPlayer 4.2 (HKLM-x32\...\5KPlayer_is1) (Version: - DearMob, Inc.)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.07.2004 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM-x32\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{4335EAF1-21F1-43D3-8F6F-D7E481E6959A}) (Version: 3.3.19180.60 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM-x32\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3030 - Acer Incorporated)
Acer UEIP Framework (HKLM-x32\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3009 - Acer Incorporated)
AnyTrans for Cloud (HKLM-x32\...\AnyTrans for Cloud) (Version: - iMobie Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\Host App Service) (Version: 0.273.4.447 - SweetLabs) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM-x32\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM-x32\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG3200 series MP Drivers (HKLM-x32\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.02 - Canon Inc.)
CDisplayEx 1.10.29 (HKLM-x32\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Chromium (HKLM-x32\...\{ADE44524-FD64-94A4-4CE4-E4249C6437A4}) (Version: - )
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
Dolby Audio X2 Windows API SDK (HKLM-x32\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM-x32\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.6.3.48 - Dolby Laboratories, Inc.)
DriverSetupUtility (HKLM-x32\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
eBay Weblink (HKLM-x32\...\{7F3596EF-B661-43EE-A321-AD3C3EB9B525}) (Version: 1.16.0726 - Acer)
Free Blu-ray Player version 1.7 (HKLM-x32\...\Free Blu-ray Player_is1) (Version: 1.7 - Amazing Studio)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 101.0.4951.67 - Google LLC)
Home Makeover (HKLM-x32\...\WTA-38147f6e-f65c-45d8-96a3-556591410347) (Version: 3.0.2.59 - WildTangent) Hidden
iCloud (HKLM-x32\...\{01B1B2F2-22F4-4D1F-9303-8515A7ADD966}) (Version: 7.20.0.17 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{8E1338CD-2B65-47CB-94F1-8092443EC46B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{E04E7192-DD1D-4266-80F3-D5C94E264B9D}) (Version: 11.5.0.1015 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4475 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{B66F70B4-34E5-429A-9F55-7129E0833A45}) (Version: 14.8.0.1042 - Intel Corporation) Hidden
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM-x32\...\{3973721B-C2ED-4505-98B6-752897ECF2F1}) (Version: 1.42.680.1 - Intel Corporation) Hidden
Jewel Match 3 (HKLM-x32\...\WTA-f7df60dc-940f-4beb-ac18-4d39d3ac8fbd) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-cf256b7d-1f0d-43ee-8c52-5b3c2bea1b85) (Version: 3.0.2.118 - WildTangent) Hidden
Kingsoft Office 2013 (9.1.0.4550) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.)
Magic Academy (HKLM-x32\...\WTA-35f34fdf-2f7d-455d-a034-161b3439986a) (Version: 2.2.0.97 - WildTangent) Hidden
MediaPlayerLite 0.5.4.0 (HKLM-x32\...\MediaPlayerLite) (Version: 0.5.4.0 - MediaPlayerLite)
Microsoft OneDrive (HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\OneDriveSetup.exe) (Version: 22.089.0426.0003 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM-x32\...\Mozilla Firefox 100.0.2 (x64 en-US)) (Version: 100.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla)
MTG Arena (HKLM-x32\...\{C99A35F3-4EC8-400A-9AE9-00A3B82C4E5C}) (Version: 0.1.3923 - Wizards of the Coast)
Munbyn Printer Driver Setup version 2.4.6 (HKLM-x32\...\{2B148502-6201-41DA-94B9-9F56F07BB58F}_is1) (Version: 2.4.6 - Munbyn)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15128.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM-x32\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM-x32\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 86.0.4363.59 (HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\Opera 86.0.4363.59) (Version: 86.0.4363.59 - Opera Software)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
PlayStation™Now (HKLM-x32\...\{EF97D349-B946-4379-BF2F-8946B0C387D5}) (Version: 11.2.3 - Sony Interactive Entertainment Network America LLC)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-5f7e46cb-1a4e-46f1-9370-3aaec4cb83ff) (Version: 3.0.2.59 - WildTangent) Hidden
Priceline.com Weblink (HKLM-x32\...\{4A9B758D-CBDA-43EA-A5AF-EE25206E3507}) (Version: 1.16.0726 - Acer)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10260 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM-x32\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.217 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7874 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-65091581-14d9-497f-b4b3-af17655ed43e) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-9ab50db8-d6b3-4dff-8bae-b85702d47151) (Version: 3.0.2.126 - WildTangent) Hidden
Spotify Weblink (HKLM-x32\...\{8CADF0CB-E834-4019-9B11-B84E051F2A8E}) (Version: 1.16.1210 - Acer)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM-x32\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM-x32\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
USBFast (HKLM-x32\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.30 - Prolific Technology Inc.)
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
WD Desktop App 2.1.0.322 (HKLM-x32\...\{9478cae3-730b-4ffe-b22b-ae8b7787f5d5}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.322 (x64) (HKLM-x32\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.336 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
Web Companion (HKLM-x32\...\{5673d968-230e-4437-a77a-5fa51cf569bf}) (Version: 7.0.2367.4198 - Lavasoft)
wgaiperStateIS (HKLM-x32\...\{B38E1DF3-6E8B-4A40-883F-25351E8D291F}) (Version: 021.000.0106 - Intuit Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.1.1.12 - WildTangent) Hidden
WinRAR 6.00 beta 2 (64-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.00.2 - win.rar GmbH)
WPS Office (11.2.0.11130) (HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\Kingsoft Office) (Version: 11.2.0.11130 - Kingsoft Corp.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2022-04-19] (Amazon.com)
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.4.12.0_x86__ffd303wmbhcjt [2022-05-06] (BreeZip) [MS Ad]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.80.6.0_x64__kgqvnymyfvs32 [2022-05-12] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.218.400.0_x64__kgqvnymyfvs32 [2022-05-24] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-01-18] (Canon Inc.)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.4.14.0_x86__xcg28tkrsnqww [2021-10-07] (Cool File Viewer)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.81.2.0_x64__kgqvnymyfvs32 [2022-05-21] (king.com)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.40.5.0_x64__ypmq2qh89vmny [2022-01-24] (Turnipsoft)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-28] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa [2022-05-21] (Apple Inc.) [Startup Task]
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2016-12-25] (AMZN Mobile LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.5120.0_x64__8wekyb3d8bbwe [2022-05-21] (Microsoft Studios) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-12] (MAGIX)
MyeBooks -> C:\Program Files\WindowsApps\DigiBooks4AlleBookStoreSa.MyeBooks_3.0.0.2_x64__93n446smwwfqc [2022-01-24] (DIGIBOOKS4ALL S.A.)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-18] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3189469036-2919242049-717735451-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3189469036-2919242049-717735451-1001_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Kingsoft\WPS Office\11.2.0.11130\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
SSODL: WDFSMountNotificator-wdfsconnect2017 - {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {9F423EA1-5D7D-44A7-9E62-BE78A24F86C0} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated -> Acer Incorporated)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-06-26] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-07-24] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-06-26] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-06-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3189469036-2919242049-717735451-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll [2022-05-06] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-3189469036-2919242049-717735451-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Kingsoft\WPS Office\11.2.0.11130\office6\kwpsmenushellext64.dll [2022-05-06] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-01-13 03:42 - 2022-03-03 22:23 - 126965248 _ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2021-01-13 03:42 - 2021-11-17 07:38 - 000384000 _ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2021-01-13 03:42 - 2021-11-17 07:38 - 008006656 _ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2022-01-14 18:47 - 2022-01-14 18:47 - 001987072 _ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\ffmpeg.dll
2022-01-14 18:47 - 2022-01-14 18:47 - 000117248 _ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libegl.dll
2022-01-14 18:47 - 2022-01-14 18:47 - 002250240 _ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libglesv2.dll
2021-07-26 03:54 - 2021-07-26 03:54 - 002637985 _ () [File not signed] C:\Program Files\WD Desktop App\libfusewdfs.dll
2022-01-18 21:12 - 2012-06-14 18:18 - 000359936 _ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2020-04-19 11:23 - 2020-04-19 11:23 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 11:23 - 2020-04-19 11:23 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2021-01-13 03:43 - 2022-03-03 22:23 - 000983552 _ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-24 21:26 - 2022-05-24 21:26 - 000000027 _ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2021-12-11 13:54 - 2022-01-03 10:45 - 000000445 _ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vaind.DESKTOP-NEA4LBS\Desktop\Buddybeast.gif
DNS Servers: 192.168.254.254 - 207.91.5.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "5KPlayer.exe"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-3189469036-2919242049-717735451-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{14BDE21B-32D6-4DB7-A7FE-443947090DAF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6105D1F-B8AB-461D-B19F-C29278E927B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3221BA93-476D-459E-B7F6-3406935675E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{182673C2-C84D-4573-9FE5-7457678E8063}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{049EF3DC-5BA6-4A57-A34D-92B23081AC09}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{99975363-34C1-4849-9C44-535B92DC9735}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C9FECC3F-4BCA-488C-9C3D-54C04168B10E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{45F5549D-87FB-4892-B56C-6689D7F34A6E}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{A267B1E9-2F0E-46FA-A879-5D7B62708029}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{8E177DA8-22A6-4069-85E4-66C7943F4805}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{57B79DAC-09B4-437E-BF78-C7EC4820CE7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{D437FA89-1AF7-47C8-885A-ABC742B85FD4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{8C60C4D8-50E0-4910-9214-E54636283D0A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [TCP Query User{F8998569-F9AF-4356-9950-90CC99CE543E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> )
FirewallRules: [UDP Query User{0C49878E-ABC2-4DC0-A024-8A8F7C46E79A}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe (Digiarty, Inc. -> )
FirewallRules: [{AC73D2EF-09A7-4D97-8BF2-A796B903F6F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C645C3E4-276B-4CFF-AFBB-4744DA12586F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{55C48762-522A-4675-BAA9-749F19DB4976}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EBE1C070-876F-4E20-A39F-776B73CD7CAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe () [File not signed]
FirewallRules: [{F98C827B-4295-4F2C-86BA-300635E1AAAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe () [File not signed]
FirewallRules: [{4F133B99-41DA-4687-869E-9EF986834C8C}] => (Allow) C:\Users\vaind\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{202621A9-1B57-4500-9301-95608B248782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KFIncursion\Incursion.exe () [File not signed]
FirewallRules: [{FE5FC342-1B65-457F-8A6A-DCADBCA40206}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KFIncursion\Incursion.exe () [File not signed]
FirewallRules: [TCP Query User{3A46394C-D172-42D5-9670-D03332CA657D}C:\program files (x86)\steam\steamapps\common\kfincursion\incursion\binaries\win64\incursion-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kfincursion\incursion\binaries\win64\incursion-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{DFD53629-26A4-4270-8E9E-5C3C7931F3A6}C:\program files (x86)\steam\steamapps\common\kfincursion\incursion\binaries\win64\incursion-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kfincursion\incursion\binaries\win64\incursion-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{1053D644-6452-4B1E-949D-CEDDF20271C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadows Awakening\shadows.exe () [File not signed]
FirewallRules: [{3986B10D-6191-4265-B028-1E2A32EE6C6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadows Awakening\shadows.exe () [File not signed]
FirewallRules: [{BDD1688B-A388-4CD1-B7FD-39178444FB83}] => (Allow) C:\Program Files (x86)\PlayStationNow\psnowlauncher.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment Network America LLC)
FirewallRules: [{7F0FBC27-3652-47E0-AB3B-A2A75FA4B3B1}] => (Allow) C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Gaikai\CrashReports\dumpupload.exe (Sony Interactive Entertainment LLC -> )
FirewallRules: [{E8A492E1-4FF0-439E-ADA2-17A5AAF2A9AA}] => (Allow) C:\Program Files (x86)\PlayStationNow\unidater.exe (Sony Interactive Entertainment LLC -> Sony Interactive Entertainment)
FirewallRules: [TCP Query User{236FB207-45F8-412B-B34E-8E4EBE240A98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{CB0B1FC5-449C-46E4-8F4F-77E5BAE02719}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D924C5CF-5124-4CBB-9F40-EBECA639FDC8}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{9FC6F587-AACF-4265-9FE7-E91CD6706DAF}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{DA5B57E4-8216-49B0-81BF-7D1F67B387D8}] => (Block) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{3EA93F30-108A-4BE3-9F27-0B2C2234609B}] => (Block) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{F4CEA6BC-EBF2-47F8-BB90-4AB60923B401}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C57592E2-8131-41CD-8666-106FEB410CAC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{DFAA32CA-DE96-43B5-B0E9-6BC5AD894C3D}C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe] => (Allow) C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [UDP Query User{C578205D-349F-492B-BFC0-0851B7BB4458}C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe] => (Allow) C:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D3D50D60-8864-4BF1-B1C6-878BC182F006}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{3A4D4C4E-9E5A-4CCC-946C-C5483F2D4028}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CB7303AC-D73E-4C41-9F09-7F4380E398B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{7E00B1BC-9F96-4BED-8B83-BC230B685626}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{31C8EBBF-3EFF-4FFD-ACC2-FB3F2E943EB3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36EC94A2-5DB9-4A5F-9CCE-DC7322A69A9A}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2021\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{17A11D78-54DC-4036-B136-2B7A32795C6B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{3F13F5BF-13E2-45A3-8023-4A45D3E2AE57}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{957B5295-3DFD-41B2-84FC-EBA2720845DA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{FD1ABA25-30BE-4B8F-9F77-8138F989F596}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F7C5E320-364E-418E-A1F1-9E3A2D361571}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F86CED53-FC08-4992-92A9-6E913164A347}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8FC9B426-6655-4943-8016-7B59C4941B9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C1E1F06D-8BE4-406A-98AC-815538B6BD16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E47E332A-2126-4B9D-8F23-5160FA2F2B01}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C7B53A67-17FE-4224-8479-839B822661E2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6190C9EC-C751-4310-A1B6-D47AF94F788B}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{A34BAAAC-9F4A-4E32-B9FB-BF11E9FA2FAF}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{AAB1DD96-AB2D-4FC0-BF99-3B1FE5B64FE2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5CD07AD1-147A-4B57-9052-5A32645C5D39}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{73BA2DF7-1F90-4A87-A4D7-4524C56DB9D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6817D49A-E23B-4B5C-8958-A72DA44A0D33}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5603C2D8-C6E4-440B-BB7B-3A39537E47B0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7494BC6-7276-4250-97A4-1BB9C7A308C7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB4AF91F-C116-4971-B72E-77D252EA05ED}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CEBB2868-849B-49F3-92C3-BC2588363895}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{450432A0-A85E-4623-9B61-485AA8F0A047}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6B21DD28-3FA2-47B5-9B36-B5AD8B845C14}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\101.0.1210.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

03-05-2022 20:01:44 Scheduled Checkpoint
11-05-2022 13:56:07 Windows Modules Installer
13-05-2022 09:50:34 Windows Modules Installer
23-05-2022 13:40:18 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/25/2022 05:50:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-NEA4LBS.local already in use; will try DESKTOP-NEA4LBS-2.local instead

Error: (05/25/2022 05:50:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-NEA4LBS.local. Addr 192.168.254.67

Error: (05/25/2022 05:50:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.254.67:5353 16 DESKTOP-NEA4LBS.local. AAAA 2604:CB00:096E:3400:88FA:16A8:8614:2D7A

Error: (05/25/2022 05:50:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-NEA4LBS.local. AAAA FE80:0000:0000:0000:88FA:16A8:8614:2D7A

Error: (05/25/2022 05:50:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.254.67:5353 16 DESKTOP-NEA4LBS.local. AAAA 2604:CB00:096E:3400:88FA:16A8:8614:2D7A

Error: (05/25/2022 05:50:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 DESKTOP-NEA4LBS.local. Addr 192.168.254.67

Error: (05/25/2022 05:50:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.254.67:5353 16 DESKTOP-NEA4LBS.local. AAAA 2604:CB00:096E:3400:88FA:16A8:8614:2D7A

Error: (05/24/2022 09:18:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (05/25/2022 03:12:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NEA4LBS)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (05/25/2022 05:00:50 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NEA4LBS)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (05/25/2022 05:00:01 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NEA4LBS)
Description: The server 4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8!Netflix.App.AppX5pc7brg014reh5jmy9aek351wvkx5hkm.wwa did not register with DCOM within the required timeout.

Error: (05/24/2022 09:19:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2022 09:19:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/24/2022 09:19:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (05/24/2022 03:23:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (05/24/2022 03:20:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.


Windows Defender:
================Event[0]:

Date: 2022-05-24 21:00:30
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2022-05-24 03:15:16
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-05-22 18:38:12
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-05-21 19:24:09
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

Date: 2022-05-21 10:26:45
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest security intelligence updates in order to enable real-time protection.

CodeIntegrity:
===============
Date: 2022-05-25 20:44:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-25 07:55:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-05-24 03:08:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.05 07/28/2016
Motherboard: Acer Megatron_SK
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 63%
Total physical RAM: 8060.13 MB
Available physical RAM: 2921.25 MB
Total Virtual: 9660.13 MB
Available Virtual: 2371.62 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:449.95 GB) (Model: WDC WD10SPCX-24HWST1) NTFS
Drive d: () (Removable) (Total:119.05 GB) (Free:95.8 GB) exFAT

\\?\Volume{062da98a-9d45-4518-8aec-ac0d83ae337a}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{a720952a-d559-4b0c-900b-b526d62a5220}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6916E299)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 119.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
 

·
Moderator , Security Team
Joined
·
2,066 Posts
Doesn't look like you asked ADWCleaner to Quarantine the malware it found.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
    • When the scan has finished a Scan Results window will open.
    • Please check the following boxes and then click Quarantine
* [ Services ] *

PUP.Optional.Legacy WCAssistantService

* [ Folders ] *

Adware.pokki C:\Users\Default\AppData\Local\Host App Service
Adware.pokki C:\Users\Public\App Explorer
Adware.pokki C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Host App Service
Adware.pokki C:\Users\vaind\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
PUP.Optional.WebCompanion C:\Program Files (x86)\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WebCompanion C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
PUP.Optional.WebCompanion C:\Users\vaind.DESKTOP-NEA4LBS\AppData\Roaming\Lavasoft\Web Companion

* [ Files ] *

Adware.pokki C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\eBay.lnk
PUP.Optional.Legacy C:\Users\vaind\AppData\Roaming\Mozilla\Firefox\Profiles\xoha433w.default\searchplugins\yahoo! powered search.xml

[ Tasks ] *

Adware.pokki C:\Windows\System32\Tasks\APP EXPLORER

* [ Registry ] *

Adware.pokki HKCU\Software\App Host Service
Adware.pokki HKCU\Software\Host App Service
Adware.pokki HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AED22C52-A342-4783-8EEB-09DDED45C527}
Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5673d968-230e-4437-a77a-5fa51cf569bf}|DisplayIcon
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5673d968-230e-4437-a77a-5fa51cf569bf}|DisplayName
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5673d968-230e-4437-a77a-5fa51cf569bf}|UninstallString
PUP.Optional.Conduit HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

* [ Chromium URLs ] *

Adware.SearchDimension Search Dimension
Adware.SearchDimension Search Dimension
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start ADWCleaner ...
    • Click the Log Filestab ...
      • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the removal.
      • Please post the contents of the file in your next reply.
 

·
Registered
Joined
·
335 Posts
Discussion Starter · #14 ·
Gary

I m going to reinstall windows. It is getting real bad, it took me 90mn last nightjust to run your scan and send both logs. It is pretty much a paper weight at this time
Do you have the link to download W10? Any tips on reinstalling are appreciated.
I m sure i will need you during the process. Thanks Gary

Pat
 
1 - 17 of 17 Posts
Status
Not open for further replies.
Top