Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

CPU always at 100% or close to it with fan on.

Started by crunkkcar , Sep 06 2023 02:38 PM

  • Please log in to reply
16 replies to this topic

#1 crunkkcar

crunkkcar

  • Avatar image
  • Members
  • 107 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:06:24 PM

Posted 06 September 2023 - 02:38 PM

For some reason my computer is always clicking on its fan and the CPU is always maxing out or close to it, just from browsing the internet. I'm not even streaming anything, just emails and trying to set up my software to stream online, but never can because my computer is freezing up from CPU being so high. Also, nothing really works unless I keep Task Manager open? I also have A LOT of svchost.exe processes/applications running. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2023
Ran by ashle (administrator) on MINIPC (06-09-2023 12:11:50)
Running from C:\Users\ashle\Downloads\FRST64.exe
Loaded Profiles: ashle
Platform: Microsoft Windows 11 Home Version 23H2 22631.2265 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Speedify\SpeedifyLauncher.exe ->) (Connectify (Connectify, Inc.) -> Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <2>
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Connectify (Connectify, Inc.) -> Connectify) C:\Program Files (x86)\Speedify\SpeedifyLauncher.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\80.0.1.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (ShineModel) [File not signed] C:\Program Files\ShineModel\Shine Browser\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Connectify (Connectify, Inc.) -> Connectify) C:\Program Files (x86)\Speedify\speedify.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (Verizon Data Services LLC -> Verizon) C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Speedify] => C:\Program Files (x86)\Speedify\SpeedifyLauncher.exe [2336352 2023-05-17] (Connectify (Connectify, Inc.) -> Connectify)
HKLM\...\Run: [YouCam Service10] => C:\Program Files\CyberLink\YouCam365\YouCamService10.exe [425000 2023-03-17] (CyberLink Corp. -> CyberLink Corp.)
HKLM\...\Run: [YouCam10] => C:\Program Files\CyberLink\YouCam365\YouCam10.exe [593960 2023-03-17] (CyberLink Corp. -> CyberLink Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-08-28] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-08-28] (Adobe Inc. -> )
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [MicrosoftEdgeAutoLaunch_BD38D0ABA733A398B07153441A9B2009] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108328 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [com.verizon.verizoncloud] => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8883536 2023-06-01] (Verizon Data Services LLC -> Verizon)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [152025856 2023-06-22] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7660504 2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-06] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2023-08-18] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.142\Installer\chrmstp.exe [2023-09-06] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\Users\ashle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shine Browser.lnk [2023-06-09]
ShortcutTarget: Shine Browser.lnk -> C:\Program Files\ShineModel\Shine Browser\chrome.exe (ShineModel) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {6EA8206B-287D-4DF3-A58E-5A860D99C857} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {962B100D-A5AB-4FF9-8578-6AA1511C948F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {225F0F4C-60C2-4749-BE46-C56463AF64F7} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B1667716-5AD5-4136-BD89-A6C97F767421} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2023-03-17] (CyberLink Corp. -> )
Task: {DA8D7E96-0223-4D23-B89A-3504C68899CC} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2023-03-17] (CyberLink Corp. -> )
Task: {4F68FDFC-7781-41F1-8AB5-BAC23BABFE17} - System32\Tasks\GoogleUpdateTaskMachineCore{C2A92A51-C5B5-4278-A602-1F7CAF3C58B0} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-09] (Google LLC -> Google LLC)
Task: {A52AE4A2-943C-429F-A3FC-31D03B4F6BD7} - System32\Tasks\GoogleUpdateTaskMachineUA{2FBFA2D9-4C2D-4F00-B7F0-84D2DE28682D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-09] (Google LLC -> Google LLC)
Task: {576DE3E5-D6A1-44DA-80D3-4C78B95CE489} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
Task: {97ED0629-8130-4771-966D-A3629E4875DC} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-08-26] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {ECF89F18-848F-4C96-9F0E-1378034DC6CE} - System32\Tasks\Microsoft\Windows\WaaSMedic\DeferredWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {750E463E-DD4B-4BD5-9C5F-37A96666B95F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4B2587CC-F80F-48B6-B806-FD540D7BB0F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EFCDF4ED-5635-4BBF-9403-D5AF7AE506AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {62D6258F-6221-4360-BA74-28DC392B8D71} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A237CBD9-D53C-4260-AA08-4E67522E4899} - System32\Tasks\Mozilla\Firefox Background Update 2DD52B0D46DA102A => C:\Users\ashle\AppData\Local\Mozilla Firefox\firefox.exe [687008 2023-08-28] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\2DD52B0D46DA102A\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {62E9730C-B462-44D9-AB5B-6B1CF53979C9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 2DD52B0D46DA102A => C:\Users\ashle\AppData\Local\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {5297D10B-7A7D-4E2C-8742-C05FFC5E2FC0} - System32\Tasks\VerizonCloud\APMPublisherTask => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8883536 2023-06-01] (Verizon Data Services LLC -> Verizon)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0b0ac826-5eae-459f-b7d6-6ade6ed845b2}: [DhcpNameServer] 172.20.48.1
Tcpip\..\Interfaces\{bdc299e1-8a49-4775-af48-7a0e4fb922f2}: [NameServer] 10.202.0.1
Tcpip\..\Interfaces\{be9b291a-2ec0-40e5-b42b-5680f19fb868}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f8bb5c7c-338f-463d-bfc3-e9b460a92f52}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge Profile: C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-02]
Edge HomePage: Default -> hxxp://google.com/
Edge DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms}
Edge DefaultSearchKeyword: Default -> Search With Incognito
Edge DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms}
Edge Extension: (Search With Incognito) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aegpbigghghmkomaolphakjjppnebdhb [2023-06-09]
Edge Extension: (Pinterest Save Button) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkgoflemacdadndiohhdnphcmdhacabg [2023-06-09]
Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-08-30]
Edge Extension: (MetaMask) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2023-08-30]
Edge Extension: (Microsoft 365) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gggmmkjegpiggikcnhidnjjhmicpibll [2023-08-30]
Edge Extension: (Google Docs Offline) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-28]
Edge Extension: (TronLink) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec [2023-08-28]
Edge Extension: (Surfshark VPN) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jkhapebnlgocjncbbfccgiepjlghehmj [2023-06-09]
Edge Extension: (Edge relevant text changes) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-30]
Edge Extension: (OneNote Web Clipper) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oogbnpmeihfgnccdnmmlgicknopghhma [2023-06-22]
 
FireFox:
========
FF DefaultProfile: 3gpjte4g.default
FF ProfilePath: C:\Users\ashle\AppData\Roaming\Mozilla\Firefox\Profiles\3gpjte4g.default [2023-06-09]
FF ProfilePath: C:\Users\ashle\AppData\Roaming\Mozilla\Firefox\Profiles\zd8q8icy.default-release [2023-09-06]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-08-28] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-08-28] (Adobe Inc. -> Adobe Systems)
StartMenuInternet: Firefox-2DD52B0D46DA102A - C:\Users\ashle\AppData\Local\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default [2023-09-06]
CHR Notifications: Default -> hxxps://www.fotor.com; hxxps://www.lovense.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search With Incognito
CHR DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms}
CHR Extension: (Search With Incognito) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegpbigghghmkomaolphakjjppnebdhb [2023-06-09]
CHR Extension: (Google Tips) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2023-06-09]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-06]
CHR Extension: (OneNote Web Clipper) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2023-06-09]
CHR Extension: (Pinterest Save Button) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2023-06-09]
CHR Extension: (Kindle Cloud Reader) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2023-06-09]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-08-30]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-09-02]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-28]
CHR Extension: (My Study Life) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2023-06-09]
CHR Extension: (Microsoft 365) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2023-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-09]
CHR Profile: C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-06-30]
CHR Extension: (Google Docs Offline) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-30]
CHR HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-08-28] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1204224 2023-09-02] (Microsoft Windows -> Microsoft Corporation)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10195200 2023-06-22] (Logitech Inc -> Logitech, Inc.)
R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [497568 2021-10-24] (Logitech Inc -> Logitech)
R2 Speedify; C:\Program Files (x86)\Speedify\Speedify.exe [5779040 2023-05-17] (Connectify (Connectify, Inc.) -> Connectify)
R2 VCUpdateSvc; C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe [54096 2023-06-01] (Verizon Data Services LLC -> Verizon)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [532480 2022-09-24] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [184320 2022-09-24] (Microsoft Corporation) [File not signed]
R3 clwvd10; C:\Windows\System32\drivers\clwvd10.sys [61104 2022-06-12] (CyberLink Corp. -> CyberLink Corporation)
R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-08-28] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2023-06-22] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2023-06-22] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2023-06-22] (Logitech Inc -> Logitech)
R3 MpKsl812ce067; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97E5A1C7-BA71-4789-9B72-D4058CEF3873}\MpKslDrv.sys [222464 2023-09-06] (Microsoft Windows -> Microsoft Corporation)
R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_x64.sys [42760 2018-05-30] (WDKTestCert Nuvoton,131559881844569629 -> )
R3 tap0901cn; C:\Windows\System32\drivers\tap0901cn.sys [47448 2023-03-22] (Connectify (Connectify, Inc.) -> The OpenVPN Project)
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-08-26] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-06 12:11 - 2023-09-06 12:12 - 000026339 _____ C:\Users\ashle\Downloads\FRST.txt
2023-09-06 12:10 - 2023-09-06 12:12 - 000000000 ____D C:\FRST
2023-09-06 12:10 - 2023-09-06 12:10 - 002382336 _____ (Farbar) C:\Users\ashle\Downloads\FRST64.exe
2023-09-06 10:06 - 2023-09-06 10:06 - 000001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop (Beta).lnk
2023-09-06 09:53 - 2023-09-06 10:06 - 000000000 ___HD C:\adobeTemp
2023-09-06 09:50 - 2023-09-06 09:50 - 000003840 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2023-09-06 09:43 - 2023-09-06 09:43 - 008114208 _____ C:\Users\ashle\Downloads\RY0386.bio
2023-09-06 09:38 - 2023-09-06 09:38 - 000000258 __RSH C:\ProgramData\ntuser.pol
2023-09-02 09:08 - 2023-09-02 09:09 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2023-09-02 06:47 - 2023-09-02 06:48 - 000000000 ____D C:\Users\ashle\AppData\Roaming\lovense-obs-studio
2023-09-02 06:44 - 2023-09-02 06:44 - 000016239 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-09-02 06:24 - 2023-09-02 06:25 - 128439704 _____ C:\Users\ashle\Downloads\Unconfirmed 674603.crdownload
2023-09-02 06:08 - 2023-09-02 06:09 - 128439704 _____ C:\Users\ashle\Downloads\Lovense_OBS_Toolset_x64 (1).exe
2023-09-02 05:25 - 2023-09-06 09:22 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2023-09-02 05:25 - 2023-09-06 09:21 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-08-28 11:51 - 2023-08-28 11:52 - 000000000 ____D C:\Users\ashle\AppData\LocalLow\Adobe
2023-08-28 11:51 - 2023-08-28 11:51 - 000000000 ____D C:\Users\ashle\AppData\Local\SolidDocuments
2023-08-28 11:51 - 2023-08-28 11:51 - 000000000 ____D C:\Users\ashle\.ms-ad
2023-08-28 11:50 - 2023-08-28 11:50 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-08-28 11:50 - 2023-08-28 11:50 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2023-08-28 11:50 - 2023-08-28 11:50 - 000002096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-08-28 11:50 - 2023-08-28 11:50 - 000002084 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-08-28 11:08 - 2023-09-06 10:36 - 000000000 ___RD C:\Users\ashle\Creative Cloud Files
2023-08-28 11:00 - 2023-08-30 09:11 - 000000000 ____D C:\ProgramData\Adobe
2023-08-28 11:00 - 2023-08-28 11:00 - 000001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2023-08-28 10:58 - 2023-09-06 09:57 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-08-28 10:58 - 2023-08-30 09:03 - 000000000 ____D C:\Program Files\Adobe
2023-08-28 10:58 - 2023-08-28 11:01 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-08-28 10:50 - 2023-09-02 09:22 - 000000000 ____D C:\Users\ashle\AppData\Local\Adobe
2023-08-28 10:50 - 2023-08-28 11:51 - 000000000 ____D C:\Users\ashle\AppData\Roaming\com.adobe.dunamis
2023-08-28 10:49 - 2023-09-06 10:04 - 000002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-08-28 10:19 - 2023-08-30 09:45 - 000000000 ____D C:\Users\ashle\AppData\Local\Mozilla Firefox
2023-08-26 20:25 - 2023-08-26 20:25 - 000060462 _____ C:\Windows\SysWOW64\ctac.json
2023-08-26 20:24 - 2023-08-26 20:24 - 000060462 _____ C:\Windows\system32\ctac.json
2023-08-26 20:20 - 2023-08-26 20:20 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2023-08-26 20:08 - 2023-08-26 20:08 - 000000000 ____D C:\Users\ashle\AppData\Local\Backup
2023-08-18 22:52 - 2023-08-18 22:52 - 000203936 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2023-08-18 22:52 - 2023-08-18 22:52 - 000146592 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-06 12:13 - 2023-06-11 10:08 - 000000000 ____D C:\ProgramData\Speedify
2023-09-06 12:07 - 2023-06-09 09:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-06 12:07 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-06 12:06 - 2023-06-12 06:06 - 000000000 ____D C:\Users\ashle\AppData\Local\VerizonCloud-Data
2023-09-06 12:00 - 2023-06-09 06:58 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-06 12:00 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemTemp
2023-09-06 11:43 - 2023-04-29 04:14 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-06 11:38 - 2023-04-29 04:27 - 000000000 ___SD C:\Users\ashle\AppData\Roaming\Microsoft\Credentials
2023-09-06 10:49 - 2023-04-29 04:17 - 000000000 ____D C:\ProgramData\Packages
2023-09-06 10:49 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-06 10:49 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\AppReadiness
2023-09-06 10:39 - 2023-04-29 04:22 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-06 10:39 - 2022-05-06 22:22 - 000000000 ____D C:\Windows\INF
2023-09-06 10:34 - 2023-04-29 04:33 - 000000000 ___RD C:\Users\ashle\OneDrive
2023-09-06 10:33 - 2023-04-29 04:31 - 000000000 __SHD C:\Users\ashle\IntelGraphicsProfiles
2023-09-06 10:33 - 2023-04-29 04:24 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-09-06 10:33 - 2023-04-29 04:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-06 10:33 - 2023-04-29 02:40 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-06 10:31 - 2022-05-06 22:17 - 000524288 _____ C:\Windows\system32\config\BBI
2023-09-06 10:05 - 2023-06-09 07:00 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-06 10:05 - 2023-06-09 07:00 - 000002229 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-06 09:46 - 2023-04-29 04:27 - 000000000 ____D C:\Users\ashle
2023-09-06 09:15 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-06 09:12 - 2023-04-29 04:14 - 000295408 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-06 09:10 - 2023-04-29 04:31 - 000000000 ____D C:\Users\ashle\AppData\Roaming\Adobe
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\UUS
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemResources
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\oobe
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\bcastdvr
2023-09-02 06:53 - 2022-05-06 22:17 - 000000000 ____D C:\Windows\CbsTemp
2023-09-02 06:48 - 2023-06-09 09:51 - 000000015 _____ C:\Users\ashle\AppData\Roaming\obs-virtualcam.txt
2023-09-02 06:47 - 2023-06-09 09:48 - 000000000 ____D C:\Program Files\Lovense
2023-09-02 06:45 - 2023-04-29 04:16 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-02 06:25 - 2023-06-22 06:12 - 000000000 ____D C:\Users\ashle\AppData\Local\CrashDumps
2023-09-02 06:25 - 2023-06-09 09:25 - 000000000 ____D C:\Users\ashle\AppData\Roaming\obs-studio
2023-09-02 06:11 - 2023-06-09 09:46 - 000000000 ____D C:\ProgramData\obs-studio
2023-09-02 05:40 - 2023-04-29 04:33 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1203791635-3504870970-2511861142-1001
2023-09-02 05:40 - 2023-04-29 04:33 - 000003362 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1203791635-3504870970-2511861142-1001
2023-09-02 05:40 - 2023-04-29 04:33 - 000002406 _____ C:\Users\ashle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-02 05:35 - 2023-06-09 09:50 - 000001432 _____ C:\Users\Public\Desktop\Stream Master.lnk
2023-09-02 05:33 - 2023-06-09 09:46 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-09-02 05:05 - 2023-04-29 04:15 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-02 05:05 - 2023-04-29 04:15 - 000002299 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-30 09:45 - 2023-06-09 09:11 - 000001300 _____ C:\Users\ashle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-30 09:29 - 2023-04-29 04:31 - 000000000 ____D C:\Users\ashle\AppData\Local\Packages
2023-08-30 09:00 - 2023-04-29 04:14 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-29 09:53 - 2023-06-09 08:55 - 000000000 ____D C:\Users\ashle\AppData\Local\D3DSCache
2023-08-28 10:59 - 2023-06-09 09:24 - 000000000 ____D C:\ProgramData\Package Cache
2023-08-28 10:49 - 2023-06-09 07:00 - 000000000 ____D C:\Program Files\Google
2023-08-28 10:49 - 2023-06-09 06:58 - 000000000 ____D C:\Users\ashle\AppData\Local\Google
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\gl-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\eu-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\ca-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\vi-VN
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\Sgrm
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\migwiz
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\lv-LV
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\lt-LT
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\id-ID
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\gl-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\eu-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\et-EE
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\es-MX
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\Dism
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\ca-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ShellComponents
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\Provisioning
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-08-26 20:17 - 2023-05-25 10:27 - 000000000 ____D C:\Windows\system32\MRT
2023-08-26 20:14 - 2023-05-25 10:27 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-26 19:55 - 2023-06-09 06:58 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{2FBFA2D9-4C2D-4F00-B7F0-84D2DE28682D}
2023-08-26 19:55 - 2023-06-09 06:58 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{C2A92A51-C5B5-4278-A602-1F7CAF3C58B0}
 
==================== Files in the root of some directories ========
 
2023-06-09 09:51 - 2023-09-02 06:48 - 000000015 _____ () C:\Users\ashle\AppData\Roaming\obs-virtualcam.txt
2023-07-01 00:32 - 2023-07-01 00:32 - 000002542 _____ () C:\Users\ashle\AppData\Local\2371-03248-CLCSIWriter.txt
2023-07-01 00:35 - 2023-07-01 00:35 - 000001526 _____ () C:\Users\ashle\AppData\Local\2371-03527-CLCSIWriter.txt
2023-07-27 05:29 - 2023-07-27 05:29 - 000001526 _____ () C:\Users\ashle\AppData\Local\23727-52939-CLCSIWriter.txt
2023-07-27 06:23 - 2023-07-27 06:23 - 000001526 _____ () C:\Users\ashle\AppData\Local\23727-62339-CLCSIWriter.txt
2023-07-27 06:27 - 2023-07-27 06:27 - 000001526 _____ () C:\Users\ashle\AppData\Local\23727-62716-CLCSIWriter.txt
2023-09-02 09:21 - 2023-09-02 09:21 - 000000000 _____ () C:\Users\ashle\AppData\Local\oobelibMkey.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023
Ran by ashle (06-09-2023 12:19:00)
Running from C:\Users\ashle\Downloads
Microsoft Windows 11 Home Version 23H2 22631.2265 (X64) (2023-04-29 11:17:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1203791635-3504870970-2511861142-500 - Administrator - Disabled)
ashle (S-1-5-21-1203791635-3504870970-2511861142-1001 - Administrator - Enabled) => C:\Users\ashle
DefaultAccount (S-1-5-21-1203791635-3504870970-2511861142-503 - Limited - Disabled)
defaultuser100001 (S-1-5-21-1203791635-3504870970-2511861142-1007 - Limited - Enabled)
Guest (S-1-5-21-1203791635-3504870970-2511861142-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1203791635-3504870970-2511861142-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 23.003.20284 - Adobe)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.11.0.522.1 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)
Adobe Photoshop (Beta) (HKLM-x32\...\PHSPBETA_25_1) (Version: 25.1.0.2308 - Adobe Inc.)
CyberLink YouCam 365 (HKLM-x32\...\{55E2BD10-A3E1-4064-B149-E1DDF02C8F51}) (Version: 10.1.2717.0 - CyberLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.142 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 80.0.1.0 - Google LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Logitech Capture (HKLM\...\Capture) (Version: 2.08.11 - Logitech)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.4.407679 - Logitech)
Lovense OBS Toolset (HKLM\...\Lovense OBS Toolset) (Version:  - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.69 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\OneDriveSetup.exe) (Version: 23.180.0828.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 114.0.2 (x64 en-US)) (Version: 114.0.2 - Mozilla)
Mozilla Firefox (x64 en-US) (HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Mozilla Firefox 116.0.3 (x64 en-US)) (Version: 116.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 114.0.2 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Shine Browser (HKLM\...\{D6C430F0-FBA0-4B9B-A747-1E9C0E1E5541}) (Version: 102.0.5005.89 - ShineModel)
Speedify (HKLM\...\Speedify) (Version: 13.3.1.11015 - Connectify)
Stream Master (HKLM-x32\...\Stream Master) (Version: 1.3.5 - Lovense Project)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
Verizon Cloud (HKLM\...\{AADB5619-7DF5-40ED-8D5A-FA18D53EAC91}) (Version: 23.6.0.14 - Verizon Wireless)
Windows Driver Package - Nordic Semiconductor ASA (libusbK) Nordic Semiconductor DFU  (11/17/2017 1.0.0.0) (HKLM\...\9E604C253CF23E22559521E18F5477442849274E) (Version: 11/17/2017 1.0.0.0 - Nordic Semiconductor ASA)
Windows Driver Package - Nordic Semiconductor ASA (usbser) Ports  (05/11/2018 1.0.1.0) (HKLM\...\8BE37708EC0B1921B47CD432537BB725532CEF79) (Version: 05/11/2018 1.0.1.0 - Nordic Semiconductor ASA)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2023-08-28] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2023-08-28] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-08-28] (Adobe Systems Incorporated)
AdobeSystemsIncorporated.AdobePhotoshopExpress -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.12.1.0_x64__mtcwf2zmmt10c [2023-08-30] (Adobe Inc.)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-26] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-06-11] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-02] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-28] (Microsoft Studios) [MS Ad]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-02] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.906.1823.197_neutral__8wekyb3d8bbwe [2023-09-06] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D184F9FACDF8} -> [Creative Cloud Files] => C:\Users\ashle\Creative Cloud Files [2023-08-28 11:08]
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{84ff2f8e-2440-1caf-3148-f3d0fdd19ec8}\localserver32 -> C:\Program Files\Verizon Cloud\Verizon Cloud.exe (Verizon Data Services LLC -> Verizon)
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ SncrOverlays (Cloud)] -> {DC39D95E-101B-4B3B-BF18-D1B4D6584A79} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-06-01] (Verizon Data Services LLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-06-01] (Verizon Data Services LLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Paused)] -> {DC20B35F-DF4A-4783-B48E-7EB2496E5858} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-06-01] (Verizon Data Services LLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-06-01] (Verizon Data Services LLC -> Synchronoss Technologies Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-06-03 05:05 - 2022-06-03 05:05 - 000441344 _____ () [File not signed] C:\Program Files\ShineModel\Shine Browser\102.0.5005.89\libegl.dll
2022-06-03 05:05 - 2022-06-03 05:05 - 006425600 _____ () [File not signed] C:\Program Files\ShineModel\Shine Browser\102.0.5005.89\libglesv2.dll
2022-06-03 05:05 - 2022-06-03 05:05 - 004058112 _____ () [File not signed] C:\Program Files\ShineModel\Shine Browser\102.0.5005.89\vk_swiftshader.dll
2022-06-03 05:05 - 2022-06-03 05:05 - 171961856 _____ (ShineModel) [File not signed] C:\Program Files\ShineModel\Shine Browser\102.0.5005.89\chrome.dll
2022-06-03 05:05 - 2022-06-03 05:05 - 001104384 _____ (ShineModel) [File not signed] C:\Program Files\ShineModel\Shine Browser\102.0.5005.89\chrome_elf.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 22:24 - 2022-05-06 22:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ashle\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\119982308997358249\133377305088449642
DNS Servers: 10.202.0.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "YouCam10"
HKLM\...\StartupApproved\Run: => "YouCam Service10"
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BD38D0ABA733A398B07153441A9B2009"
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\StartupApproved\Run: => "com.verizon.verizoncloud"
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\StartupApproved\Run: => "LGHUB"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7CE224C6-4911-4C83-AFCE-5321E13416AF}] => (Allow) C:\Users\ashle\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{310C878F-7039-4FA9-8E0E-87F0B9113FF4}] => (Allow) C:\Users\ashle\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6333B25E-35A4-4725-861D-63D9DB598CC1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1612F69E-9591-4357-9693-198F8BBA91A5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4E3D3BC0-18EF-4192-8012-5FB8C1D38F0E}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.)
FirewallRules: [UDP Query User{EF26F142-AF90-4563-80AF-FA23A27D043C}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.)
FirewallRules: [{C98C8B24-8562-4542-B026-DA933A8D7D0F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4AA2AAC3-3D56-45BF-A41F-4C96B080B9E7}] => (Allow) C:\Program Files\Lovense\Stream Master\LovenseOBS\bin\64bit\lvs_obs64.exe (Shenzhen Love Sense Technology Co., Ltd. -> Lovense OBS)
FirewallRules: [{0D226399-16F3-4BA2-84BC-CB250BD5D79C}] => (Allow) C:\Program Files\Lovense\Stream Master\LovenseOBS\bin\64bit\lvs_obs64.exe (Shenzhen Love Sense Technology Co., Ltd. -> Lovense OBS)
FirewallRules: [{6888DD77-79C1-4F20-8927-FA9B9E7C1ECB}] => (Allow) C:\Program Files\Lovense\Stream Master\LovenseBrowser\Browser\chrome.exe (Shenzhen Love Sense Technology Co., Ltd. -> The Chromium Authors)
FirewallRules: [{A73A3F21-CB9A-4E59-A1B2-3C08DB92B482}] => (Allow) C:\Program Files\Lovense\Stream Master\LovenseBrowser\Browser\chrome.exe (Shenzhen Love Sense Technology Co., Ltd. -> The Chromium Authors)
FirewallRules: [{EE1C282E-C7C5-44FC-B048-AC3AE2FE70E3}] => (Allow) C:\Program Files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{F9227566-AEF6-4D7B-93C9-6DAB973AC999}] => (Allow) C:\Program Files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{01549071-D572-45F6-9C16-1C36FC6DECD1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
28-08-2023 10:59:33 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664
02-09-2023 06:36:26 Windows Update
02-09-2023 06:36:47 Windows Update
06-09-2023 09:28:48 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/06/2023 09:13:03 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: lghub_updater.exe, version: 2023.4.7679.0, time stamp: 0x6465211a
Faulting module name: lghub_updater.exe, version: 2023.4.7679.0, time stamp: 0x6465211a
Exception code: 0xc0000005
Fault offset: 0x00000000005ec6b0
Faulting process id: 0x0xe94
Faulting application start time: 0x0x1d9e0dcff57786a
Faulting application path: C:\Program Files\LGHUB\lghub_updater.exe
Faulting module path: C:\Program Files\LGHUB\lghub_updater.exe
Report Id: 8b86b87a-aa3c-49c6-8cec-350a13ff8915
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/02/2023 06:25:34 AM) (Source: Application Error) (EventID: 1000) (User: MINIPC)
Description: Faulting application name: obs64.exe, version: 29.1.3.0, time stamp: 0x894f06bf
Faulting module name: ucrtbase.dll, version: 10.0.22621.436, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x2fb4
Faulting application start time: 0x0x1d9dd9efcbf0813
Faulting application path: C:\Program Files\obs-studio\bin\64bit\obs64.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 40a3cd09-01ca-4aa4-a416-ff11a7098ef8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/02/2023 05:52:41 AM) (Source: Application Error) (EventID: 1000) (User: MINIPC)
Description: Faulting application name: obs64.exe, version: 29.1.3.0, time stamp: 0x894f06bf
Faulting module name: ucrtbase.dll, version: 10.0.22621.436, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0xca8
Faulting application start time: 0x0x1d9dd9a0b71d2a8
Faulting application path: C:\Program Files\obs-studio\bin\64bit\obs64.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 8b31ad3b-39a0-45df-9544-f11d675fdd39
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/02/2023 05:33:50 AM) (Source: Application Error) (EventID: 1000) (User: MINIPC)
Description: Faulting application name: obs64.exe, version: 29.1.2.0, time stamp: 0x908e3816
Faulting module name: ucrtbase.dll, version: 10.0.22621.436, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x1318
Faulting application start time: 0x0x1d9dd99aa09f362
Faulting application path: C:\Program Files\obs-studio\bin\64bit\obs64.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 8f5db4a5-e9f8-41e3-9413-e8c3df060df5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/02/2023 05:02:18 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: lghub_updater.exe, version: 2023.4.7679.0, time stamp: 0x6465211a
Faulting module name: ntdll.dll, version: 10.0.22621.2191, time stamp: 0xae80fa61
Exception code: 0xc0000374
Fault offset: 0x000000000010c329
Faulting process id: 0x0xed4
Faulting application start time: 0x0x1d9dd954d8f1375
Faulting application path: C:\Program Files\LGHUB\lghub_updater.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: dd4dd3c7-d4bb-4552-a205-704a45dad447
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/30/2023 09:22:44 AM) (Source: Application Error) (EventID: 1000) (User: MINIPC)
Description: Faulting application name: Taskmgr.exe, version: 10.0.22621.2262, time stamp: 0x6bc08e47
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.22621.2262, time stamp: 0xc4f6ca3e
Exception code: 0xc000027b
Fault offset: 0x00000000005392c3
Faulting process id: 0x0x2ec8
Faulting application start time: 0x0x1d9d9da21aa0bb5
Faulting application path: C:\Windows\System32\Taskmgr.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 251652a6-d9dc-4425-80c0-5f5939b5489e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/28/2023 11:24:51 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program chrome.exe version 116.0.5845.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (08/28/2023 11:24:14 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program Creative Cloud.exe version 5.11.0.522 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
 
System errors:
=============
Error: (09/06/2023 12:19:46 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is FileCoAuth (PID: 10748).
 
Error: (09/06/2023 12:19:46 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is FileCoAuth (PID: 10748).
 
Error: (09/06/2023 12:19:23 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is FileCoAuth (PID: 14620).
 
Error: (09/06/2023 12:19:23 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is FileCoAuth (PID: 14620).
 
Error: (09/06/2023 12:17:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is FileCoAuth (PID: 6132).
 
Error: (09/06/2023 12:17:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is FileCoAuth (PID: 6132).
 
Error: (09/06/2023 12:16:22 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)
 
Error: (09/06/2023 12:16:22 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)
 
 
Windows Defender:
================
Date: 2023-09-06 10:50:38
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-02 06:44:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-08-29 09:53:09
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-08-28 10:42:16
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-08-26 20:29:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
CodeIntegrity:
===============
Date: 2023-09-02 06:27:53
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive File Stream\79.0.2.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements. 
 
Date: 2023-07-27 05:50:20
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system. 
 
 
==================== Memory info =========================== 
 
BIOS: Intel Corporation RYBDWi35.86A.0386.2022.0705.1602 07/05/2022
Motherboard: Intel Corporation NUC5i7RYB
Processor: Intel® Core™ i7-5557U CPU @ 3.10GHz
Percentage of memory in use: 34%
Total physical RAM: 16267.77 MB
Available physical RAM: 10727.05 MB
Total Virtual: 18699.77 MB
Available Virtual: 12618.88 MB
 
==================== Drives ================================
 
Drive c: (CCCOMA_X64FRE_EN-US_DV9) (Fixed) (Total:465.38 GB) (Free:387.03 GB) (Model: WD Blue SN570 500GB) NTFS
Drive g: (Google Drive) (Fixed) (Total:465.38 GB) (Free:367.68 GB) (Model: WD Blue SN570 500GB) FAT32
 
\\?\Volume{15ebb3fb-0097-4855-8f06-f3662564622d}\ () (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 63867945)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 07 September 2023 - 07:50 AM

Greetings and :welcome: back to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 07 September 2023 - 01:01 PM

Greetings.

Can you tell me if you recognize:

Shine Browser
Verizon Cloud
Edge Extension: (TronLink)
Lovense

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe
File: C:\Program Files\ShineModel\Shine Browser\chrome.exe
File: C:\Windows\system32\UCPDMgr.exe
Zip: C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-09-06 09:53 - 2023-09-06 10:06 - 000000000 ___HD C:\adobeTemp
2023-09-02 06:24 - 2023-09-02 06:25 - 128439704 _____ C:\Users\ashle\Downloads\Unconfirmed 674603.crdownload 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder on your Desktop with today's date, example: 06.20.2023_13.24.50.zip. Upload the file here
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Recognize items?
  • Fixlog
  • Uploaded zip file

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#4 crunkkcar

crunkkcar
  • Topic Starter

  • Avatar image
  • Members
  • 107 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:06:24 PM

Posted 08 September 2023 - 07:39 PM

Can you tell me if you recognize:

Shine Browser- YES
Verizon Cloud- YES (not using anymore)
Edge Extension: (TronLink)- NO
Lovense- YES

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023

Ran by ashle (08-09-2023 17:14:05) Run:1
Running from C:\Users\ashle\OneDrive\Desktop
Loaded Profiles: ashle
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe
File: C:\Program Files\ShineModel\Shine Browser\chrome.exe
File: C:\Windows\system32\UCPDMgr.exe
Zip: C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-09-06 09:53 - 2023-09-06 10:06 - 000000000 ___HD C:\adobeTemp
2023-09-02 06:24 - 2023-09-02 06:25 - 128439704 _____ C:\Users\ashle\Downloads\Unconfirmed 674603.crdownload 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe ========================
 
C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe
File is digitally signed
MD5: 9B80AB004BACF9D73095E11A5FB8A36D
Creation and modification date: 2023-06-01 16:03 - 2023-06-01 16:03
Size: 000054096
Attributes: ----A
Company Name: Verizon Data Services LLC -> Verizon
Internal Name: VerizonCloudUpdater.exe
Original Name: VerizonCloudUpdater.exe
Product: Verizon Cloud
Description:  
File Version: 23.6.0.14
Product Version: 23.6.0.14
Copyright: Copyright © 2023, Verizon
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\Program Files\ShineModel\Shine Browser\chrome.exe ========================
 
C:\Program Files\ShineModel\Shine Browser\chrome.exe
File not signed
MD5: B0DBE5E2E01B843E20DA6E77D885211C
Creation and modification date: 2022-06-03 05:05 - 2022-06-03 05:05
Size: 002268160
Attributes: ----A
Company Name: ShineModel
Internal Name: chrome_exe
Original Name: chrome.exe
Product: Shine Browser
Description: Shine Browser
File Version: 102.0.5005.89
Product Version: 102.0.5005.89
Copyright: Copyright 2022 ShineModel
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\Windows\system32\UCPDMgr.exe ========================
 
C:\Windows\system32\UCPDMgr.exe
Catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-User-Choice-Protection-Package~31bf3856ad364e35~amd64~~10.0.22621.2199.cat
File is digitally signed
MD5: 11A14745D5B6E86B120E47978832CCF0
Creation and modification date: 2023-08-26 20:24 - 2023-08-26 20:24
Size: 000058880
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: UCPDMgr.exe
Original Name: UCPDMgr.exe
Product: Microsoft® Windows® Operating System
Description: User Choice Protection Manager
File Version: 1.0.0.383513
Product Version: 1.0.0.383513+fb084f89
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0
 
====== End of File: ======
 
================== Zip: ===================
C:\Windows\system32\IntegratedServicesRegionPolicySet.json -> copied successfully to C:\Users\ashle\OneDrive\Desktop\08.09.2023_17.14.16.zip
=========== Zip: End ===========
 
"C:\adobeTemp" folder move:
 
Could not move "C:\adobeTemp" => Scheduled to move on reboot.
 
C:\Users\ashle\Downloads\Unconfirmed 674603.crdownload => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset resetlog.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.1
 
Image Version: 10.0.22631.2271
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44677399 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 3832976 B
Edge => 0 B
Chrome => 457658028 B
Firefox => 63465365 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 24224 B
ashle => 2290756076 B
 
RecycleBin => 0 B
EmptyTemp: => 2.7 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-09-2023 17:23:58)
 
C:\adobeTemp => Is moved successfully
 
==== End of Fixlog 17:23:58 ====

#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 08 September 2023 - 09:07 PM

Thank you.

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it to your Desktop
  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan now
  • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
  • When completed click View Scan Log File
  • Copy and paste the contents in your reply
  • Click Skip Basic Repair if it appears then close the program
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

Note: You can expect this process to take a long time, up to several hours or more.
  • Download ESET Free Online Scanner and save it to your Desktop
  • Right click on esetonlinescanner_enu.exe and select Run as administrator
  • NOTE: If the program immediately crashes rename esetonlinescanner_enu.exe to ESET.exe and attempt it again
  • Click Computer Scan
  • Click Full scan
  • Select Enable ESET to detect and quarantine potentially unwanted applications
  • Click Start scan
  • Once completed click Save scan log and save it to your Desktop as ESETScan.txt
  • Click Continue then finally click Close
  • Copy and paste the ESETScan.txt file contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Adwcleaner
  • Fixlog
  • ESET report
  • How is the computer rinning?

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#6 crunkkcar

crunkkcar
  • Topic Starter

  • Avatar image
  • Members
  • 107 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:06:24 PM

Posted 09 September 2023 - 03:57 PM

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-09-2023
# Duration: 00:00:08
# OS:       Windows 11 (Build 22631.2271)
# Scanned:  32070
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 09-09-2023
Ran by ashle (09-09-2023 11:50:05) Run:2
Running from C:\Users\ashle\OneDrive\Desktop
Loaded Profiles: ashle
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec
End::
*****************
 
"C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec" => not found
 
==== End of Fixlog 11:50:05 ====
 
9/9/2023 13:56:38 PM
Files scanned: 310388
Detected files: 4
Cleaned files: 4
Total scan time 01:53:55
Scan status: Finished
C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences JS/Myprivacykeeper.A potentially unwanted application cleaned by deleting
 
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences JS/Myprivacykeeper.A potentially unwanted application cleaned by deleting
 
C:\Windows.old\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aegpbigghghmkomaolphakjjppnebdhb\3.0.1_0\manifest.json JS/Myprivacykeeper.A potentially unwanted application cleaned by deleting
 
C:\Windows.old\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences JS/Myprivacykeeper.A potentially unwanted application cleaned by deleting
 
 
 

#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 09 September 2023 - 05:06 PM

Thank you.

Please do this.

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: ibnejdfjmmkpcnlpebklmnkoeoihofec
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the report contents in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Search.txt

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#8 crunkkcar

crunkkcar
  • Topic Starter

  • Avatar image
  • Members
  • 107 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:06:24 PM

Posted 09 September 2023 - 07:14 PM

Farbar Recovery Scan Tool (x64) Version: 09-09-2023
Ran by ashle (09-09-2023 17:10:09)
Running from C:\Users\ashle\OneDrive\Desktop
Boot Mode: Normal
 
================== Search Files: "SearchAll: ibnejdfjmmkpcnlpebklmnkoeoihofec" =============
 
File:
========
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ibnejdfjmmkpcnlpebklmnkoeoihofec_1.dd326b55a089fa9d937c759fd1a318067a932c4d844723981a8b68e88b009486
[2023-08-28 10:24][2023-08-28 10:24] 013238337 _____ () B9DED547ABA2E346029451B707441CCA [File not signed]
 
 
folder:
========
2022-11-29 05:30 - 2022-11-29 05:30 ____A C:\Windows.old\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec
2023-09-09 14:45 - 2023-09-09 14:45 _____ C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec
 
Registry:
========
[HKEY_USERS\S-1-5-21-1203791635-3504870970-2511861142-1001\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings]
"ibnejdfjmmkpcnlpebklmnkoeoihofec"="6CB2D4E14BC3336CB29C84301A3F89ED88947CDA3159FD0BD0B31050D0234BA7"
 
 
====== End of Search ======

#9 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 09 September 2023 - 07:55 PM

Thank you.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ibnejdfjmmkpcnlpebklmnkoeoihofec_1.dd326b55a089fa9d937c759fd1a318067a932c4d844723981a8b68e88b009486
C:\Windows.old\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec
DeleteValue: HKEY_USERS\S-1-5-21-1203791635-3504870970-2511861142-1001\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings|ibnejdfjmmkpcnlpebklmnkoeoihofec
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#10 crunkkcar

crunkkcar
  • Topic Starter

  • Avatar image
  • Members
  • 107 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:06:24 PM

Posted 10 September 2023 - 10:48 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-09-2023
Ran by ashle (10-09-2023 08:45:21) Run:3
Running from C:\Users\ashle\OneDrive\Desktop
Loaded Profiles: ashle
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ibnejdfjmmkpcnlpebklmnkoeoihofec_1.dd326b55a089fa9d937c759fd1a318067a932c4d844723981a8b68e88b009486
C:\Windows.old\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec
DeleteValue: HKEY_USERS\S-1-5-21-1203791635-3504870970-2511861142-1001\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings|ibnejdfjmmkpcnlpebklmnkoeoihofec
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ibnejdfjmmkpcnlpebklmnkoeoihofec_1.dd326b55a089fa9d937c759fd1a318067a932c4d844723981a8b68e88b009486 => moved successfully
 
"C:\Windows.old\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec" folder move:
 
Could not move "C:\Windows.old\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec" => Scheduled to move on reboot.
 
 
"C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec" folder move:
 
Could not move "C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec" => Scheduled to move on reboot.
 
"HKEY_USERS\S-1-5-21-1203791635-3504870970-2511861142-1001\Software\Microsoft\Edge\PreferenceMACs\Default\extensions.settings\\ibnejdfjmmkpcnlpebklmnkoeoihofec" => removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-09-2023 08:47:12)
 
C:\Windows.old\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec => Is moved successfully
C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ibnejdfjmmkpcnlpebklmnkoeoihofec => Is moved successfully
 
==== End of Fixlog 08:47:12 ====

#11 crunkkcar

crunkkcar
  • Topic Starter

  • Avatar image
  • Members
  • 107 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:06:24 PM

Posted 10 September 2023 - 10:51 AM

"Node.js javascript runtime" and "system interrupts" are at the top of my 100% cpu right now after reboot. 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 10 September 2023 - 02:13 PM

Thank you for the report and especially the update.

Please run a new FRST Scan and copy/paste both reports in your reply.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#13 crunkkcar

crunkkcar
  • Topic Starter

  • Avatar image
  • Members
  • 107 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:06:24 PM

Posted 10 September 2023 - 07:23 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-09-2023
Ran by ashle (administrator) on MINIPC (10-09-2023 17:19:25)
Running from C:\Users\ashle\OneDrive\Desktop\FRST64.exe
Loaded Profiles: ashle
Platform: Microsoft Windows 11 Home Version 23H2 22631.2271 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Speedify\SpeedifyLauncher.exe ->) (Connectify (Connectify, Inc.) -> Connectify) C:\Program Files (x86)\Speedify\SpeedifyUI.exe
(C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe ->) (Adobe Inc. -> Adobe Systems Incorporated.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrodist.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <2>
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Connectify (Connectify, Inc.) -> Connectify) C:\Program Files (x86)\Speedify\SpeedifyLauncher.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\80.0.1.0\crashpad_handler.exe <3>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <35>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Connectify (Connectify, Inc.) -> Connectify) C:\Program Files (x86)\Speedify\speedify.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (Verizon Data Services LLC -> Verizon) C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteamsupdate.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.24200.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Speedify] => C:\Program Files (x86)\Speedify\SpeedifyLauncher.exe [2336352 2023-05-17] (Connectify (Connectify, Inc.) -> Connectify)
HKLM\...\Run: [YouCam Service10] => C:\Program Files\CyberLink\YouCam365\YouCamService10.exe [425000 2023-03-17] (CyberLink Corp. -> CyberLink Corp.)
HKLM\...\Run: [YouCam10] => C:\Program Files\CyberLink\YouCam365\YouCam10.exe [593960 2023-03-17] (CyberLink Corp. -> CyberLink Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-08-28] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-08-28] (Adobe Inc. -> )
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2405296 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [MicrosoftEdgeAutoLaunch_BD38D0ABA733A398B07153441A9B2009] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108344 2023-09-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [com.verizon.verizoncloud] => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8883536 2023-06-01] (Verizon Data Services LLC -> Verizon)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [152025856 2023-06-22] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7660504 2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe [55747872 2023-09-06] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2023-08-18] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.180\Installer\chrmstp.exe [2023-09-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\Users\ashle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shine Browser.lnk [2023-06-09]
ShortcutTarget: Shine Browser.lnk -> C:\Program Files\ShineModel\Shine Browser\chrome.exe (ShineModel) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {898CEB4D-2BF1-4080-B432-317F8CC68966} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.)
Task: {962B100D-A5AB-4FF9-8578-6AA1511C948F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {225F0F4C-60C2-4749-BE46-C56463AF64F7} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B1667716-5AD5-4136-BD89-A6C97F767421} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2023-03-17] (CyberLink Corp. -> )
Task: {DA8D7E96-0223-4D23-B89A-3504C68899CC} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2023-03-17] (CyberLink Corp. -> )
Task: {9EE993B5-2FF9-46FF-AAB7-F0776A0B7C40} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ashle\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-09-07] (ESET, spol. s r.o. -> ESET)
Task: {883D3BF6-A826-42CD-BE63-17DB9EC2EF5D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ashle\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-09-07] (ESET, spol. s r.o. -> ESET)
Task: {4F68FDFC-7781-41F1-8AB5-BAC23BABFE17} - System32\Tasks\GoogleUpdateTaskMachineCore{C2A92A51-C5B5-4278-A602-1F7CAF3C58B0} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-09] (Google LLC -> Google LLC)
Task: {A52AE4A2-943C-429F-A3FC-31D03B4F6BD7} - System32\Tasks\GoogleUpdateTaskMachineUA{2FBFA2D9-4C2D-4F00-B7F0-84D2DE28682D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-09] (Google LLC -> Google LLC)
Task: {576DE3E5-D6A1-44DA-80D3-4C78B95CE489} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
Task: {A3912277-5A2D-4272-9956-51DA159608B4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F8569741-FF58-4E76-9BE8-A2A9840DBAAA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFB549F9-9085-4998-AF5B-098B76DEB557} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {B7094B66-2D77-4F46-B48A-B43401B69BC9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B92CBD7-8C1A-4B61-92F2-027F54B5ED07} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {97ED0629-8130-4771-966D-A3629E4875DC} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-08-26] (Microsoft Windows -> Microsoft Corporation)
Task: {ECF89F18-848F-4C96-9F0E-1378034DC6CE} - System32\Tasks\Microsoft\Windows\WaaSMedic\DeferredWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {750E463E-DD4B-4BD5-9C5F-37A96666B95F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4B2587CC-F80F-48B6-B806-FD540D7BB0F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EFCDF4ED-5635-4BBF-9403-D5AF7AE506AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {62D6258F-6221-4360-BA74-28DC392B8D71} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A237CBD9-D53C-4260-AA08-4E67522E4899} - System32\Tasks\Mozilla\Firefox Background Update 2DD52B0D46DA102A => C:\Users\ashle\AppData\Local\Mozilla Firefox\firefox.exe [675232 2023-09-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\2DD52B0D46DA102A\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {62E9730C-B462-44D9-AB5B-6B1CF53979C9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 2DD52B0D46DA102A => C:\Users\ashle\AppData\Local\Mozilla Firefox\default-browser-agent.exe [722336 2023-09-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {D44EC5FA-D110-4D0C-A0DD-628D22D687C5} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3165576 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {159A8D1D-5D49-4204-A639-72BB73A9FD9A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1203791635-3504870970-2511861142-1001 => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3165576 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {5297D10B-7A7D-4E2C-8742-C05FFC5E2FC0} - System32\Tasks\VerizonCloud\APMPublisherTask => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8883536 2023-06-01] (Verizon Data Services LLC -> Verizon)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{0b0ac826-5eae-459f-b7d6-6ade6ed845b2}: [DhcpNameServer] 172.20.48.1
Tcpip\..\Interfaces\{bdc299e1-8a49-4775-af48-7a0e4fb922f2}: [NameServer] 10.202.0.1
Tcpip\..\Interfaces\{be9b291a-2ec0-40e5-b42b-5680f19fb868}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{f8bb5c7c-338f-463d-bfc3-e9b460a92f52}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
Edge Profile: C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-10]
Edge HomePage: Default -> hxxp://google.com/
Edge DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms}
Edge DefaultSearchKeyword: Default -> Search With Incognito
Edge DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms}
Edge Extension: (Search With Incognito) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aegpbigghghmkomaolphakjjppnebdhb [2023-09-09]
Edge Extension: (Pinterest Save Button) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkgoflemacdadndiohhdnphcmdhacabg [2023-09-09]
Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-09-09]
Edge Extension: (MetaMask) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2023-09-09]
Edge Extension: (Microsoft 365) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gggmmkjegpiggikcnhidnjjhmicpibll [2023-09-09]
Edge Extension: (Google Docs Offline) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-09]
Edge Extension: (Surfshark VPN) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jkhapebnlgocjncbbfccgiepjlghehmj [2023-09-09]
Edge Extension: (Edge relevant text changes) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-09]
Edge Extension: (OneNote Web Clipper) - C:\Users\ashle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oogbnpmeihfgnccdnmmlgicknopghhma [2023-09-09]
 
FireFox:
========
FF DefaultProfile: 3gpjte4g.default
FF ProfilePath: C:\Users\ashle\AppData\Roaming\Mozilla\Firefox\Profiles\3gpjte4g.default [2023-09-08]
FF ProfilePath: C:\Users\ashle\AppData\Roaming\Mozilla\Firefox\Profiles\zd8q8icy.default-release [2023-09-08]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-08-28] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-08-28] (Adobe Inc. -> Adobe Systems)
StartMenuInternet: Firefox-2DD52B0D46DA102A - C:\Users\ashle\AppData\Local\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default [2023-09-10]
CHR Notifications: Default -> hxxps://www.fotor.com; hxxps://www.lovense.com; hxxps://www.superslots.ag
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-09]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-09]
CHR Profile: C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ashle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-30]
CHR HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-08-28] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817440 2023-08-19] (Microsoft Corporation -> Microsoft Corporation)
S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1208320 2023-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\FileSyncHelper.exe [2576264 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10195200 2023-06-22] (Logitech Inc -> Logitech, Inc.)
R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [497568 2021-10-24] (Logitech Inc -> Logitech)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\OneDriveUpdaterService.exe [2883976 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
R2 Speedify; C:\Program Files (x86)\Speedify\Speedify.exe [5779040 2023-05-17] (Connectify (Connectify, Inc.) -> Connectify)
R2 VCUpdateSvc; C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe [54096 2023-06-01] (Verizon Data Services LLC -> Verizon)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 clwvd10; C:\Windows\System32\drivers\clwvd10.sys [61104 2022-06-12] (CyberLink Corp. -> CyberLink Corporation)
R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-08-28] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2023-06-22] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2023-06-22] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2023-06-22] (Logitech Inc -> Logitech)
R3 MpKslbdfba390; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E392F460-5421-47F0-B974-D52680F65FAE}\MpKslDrv.sys [222464 2023-09-10] (Microsoft Windows -> Microsoft Corporation)
R3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_x64.sys [42760 2018-05-30] (WDKTestCert Nuvoton,131559881844569629 -> )
R3 tap0901cn; C:\Windows\System32\drivers\tap0901cn.sys [47448 2023-03-22] (Connectify (Connectify, Inc.) -> The OpenVPN Project)
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-08-26] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-09 15:29 - 2023-09-10 08:48 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2023-09-09 15:29 - 2023-09-09 15:29 - 000003206 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-09 15:29 - 2023-09-09 15:29 - 000002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-09 15:29 - 2023-09-09 15:29 - 000000000 ___RD C:\Users\Default\OneDrive
2023-09-09 15:28 - 2023-09-09 15:28 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-09-09 15:25 - 2023-09-09 15:25 - 000002474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-09-09 15:25 - 2023-09-09 15:25 - 000002473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-09-09 15:25 - 2023-09-09 15:25 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-09-09 15:25 - 2023-09-09 15:25 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-09-09 15:25 - 2023-09-09 15:25 - 000002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-09-09 15:25 - 2023-09-09 15:25 - 000002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-09-09 15:25 - 2023-09-09 15:25 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-09-09 15:25 - 2023-09-09 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-09-09 15:23 - 2023-09-09 15:26 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-09 15:23 - 2023-09-09 15:23 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-09-09 14:45 - 2023-09-09 14:45 - 000000000 ____D C:\Users\ashle\AppData\Local\Mozilla Firefox
2023-09-09 11:45 - 2023-09-09 11:48 - 000000000 ____D C:\AdwCleaner
2023-09-08 04:29 - 2023-09-08 04:29 - 000001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop (Beta).lnk
2023-09-07 04:43 - 2023-09-07 04:43 - 000003840 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2023-09-07 04:43 - 2023-09-07 04:43 - 000003398 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2023-09-07 04:25 - 2023-09-09 11:51 - 000001405 _____ C:\Users\ashle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-09-07 04:25 - 2023-09-07 04:25 - 000000000 ____D C:\Users\ashle\AppData\Local\ESET
2023-09-06 23:21 - 2023-09-06 23:21 - 000000174 _____ C:\Users\ashle\Downloads\R24jQMpQ.txt
2023-09-06 22:59 - 2023-09-06 22:59 - 000001068 _____ C:\Users\ashle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor Browser.lnk
2023-09-06 22:58 - 2023-09-06 22:59 - 096190968 _____ C:\Users\ashle\Downloads\torbrowser-install-win64-12.5.3_ALL.exe
2023-09-06 16:21 - 2023-09-06 16:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2023-09-06 12:19 - 2023-09-06 12:20 - 000033675 _____ C:\Users\ashle\Downloads\Addition.txt
2023-09-06 12:11 - 2023-09-06 12:20 - 000039404 _____ C:\Users\ashle\Downloads\FRST.txt
2023-09-06 12:10 - 2023-09-10 17:19 - 000000000 ____D C:\FRST
2023-09-06 09:50 - 2023-09-06 09:50 - 000003840 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2023-09-06 09:43 - 2023-09-06 09:43 - 008114208 _____ C:\Users\ashle\Downloads\RY0386.bio
2023-09-06 09:38 - 2023-09-06 09:38 - 000000258 __RSH C:\ProgramData\ntuser.pol
2023-09-02 09:08 - 2023-09-02 09:09 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2023-09-02 06:47 - 2023-09-09 14:38 - 000000000 ____D C:\Users\ashle\AppData\Roaming\lovense-obs-studio
2023-09-02 06:44 - 2023-09-02 06:44 - 000016239 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-09-02 06:08 - 2023-09-02 06:09 - 128439704 _____ C:\Users\ashle\Downloads\Lovense_OBS_Toolset_x64 (1).exe
2023-09-02 05:25 - 2023-09-06 09:22 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2023-09-02 05:25 - 2023-09-06 09:21 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-08-28 11:51 - 2023-08-28 11:52 - 000000000 ____D C:\Users\ashle\AppData\LocalLow\Adobe
2023-08-28 11:51 - 2023-08-28 11:51 - 000000000 ____D C:\Users\ashle\AppData\Local\SolidDocuments
2023-08-28 11:51 - 2023-08-28 11:51 - 000000000 ____D C:\Users\ashle\.ms-ad
2023-08-28 11:50 - 2023-09-09 11:45 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-08-28 11:50 - 2023-08-28 11:50 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2023-08-28 11:50 - 2023-08-28 11:50 - 000002096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-08-28 11:50 - 2023-08-28 11:50 - 000002084 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-08-28 11:08 - 2023-09-10 08:49 - 000000000 ___RD C:\Users\ashle\Creative Cloud Files
2023-08-28 11:00 - 2023-08-30 09:11 - 000000000 ____D C:\ProgramData\Adobe
2023-08-28 11:00 - 2023-08-28 11:00 - 000001409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2023-08-28 10:58 - 2023-09-10 08:50 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-08-28 10:58 - 2023-08-30 09:03 - 000000000 ____D C:\Program Files\Adobe
2023-08-28 10:58 - 2023-08-28 11:01 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-08-28 10:50 - 2023-09-02 09:22 - 000000000 ____D C:\Users\ashle\AppData\Local\Adobe
2023-08-28 10:50 - 2023-08-28 11:51 - 000000000 ____D C:\Users\ashle\AppData\Roaming\com.adobe.dunamis
2023-08-28 10:49 - 2023-09-06 10:04 - 000002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-08-26 20:25 - 2023-08-26 20:25 - 000060462 _____ C:\Windows\SysWOW64\ctac.json
2023-08-26 20:24 - 2023-08-26 20:24 - 000060462 _____ C:\Windows\system32\ctac.json
2023-08-26 20:20 - 2023-08-26 20:20 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2023-08-26 20:08 - 2023-08-26 20:08 - 000000000 ____D C:\Users\ashle\AppData\Local\Backup
2023-08-18 22:52 - 2023-08-18 22:52 - 000203936 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2023-08-18 22:52 - 2023-08-18 22:52 - 000146592 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-10 17:20 - 2023-06-11 10:08 - 000000000 ____D C:\ProgramData\Speedify
2023-09-10 17:00 - 2023-06-09 06:58 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-10 17:00 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemTemp
2023-09-10 17:00 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-10 16:27 - 2023-04-29 04:27 - 000000000 ___SD C:\Users\ashle\AppData\Roaming\Microsoft\Credentials
2023-09-10 14:13 - 2023-04-29 04:14 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-10 13:31 - 2023-06-12 06:06 - 000000000 ____D C:\Users\ashle\AppData\Local\VerizonCloud-Data
2023-09-10 08:55 - 2023-06-09 09:11 - 000001300 _____ C:\Users\ashle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-10 08:54 - 2023-04-29 04:22 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-10 08:54 - 2022-05-06 22:22 - 000000000 ____D C:\Windows\INF
2023-09-10 08:50 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-10 08:50 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\AppReadiness
2023-09-10 08:49 - 2023-06-22 06:12 - 000000000 ____D C:\Users\ashle\AppData\Local\CrashDumps
2023-09-10 08:48 - 2023-04-29 04:33 - 000000000 ___RD C:\Users\ashle\OneDrive
2023-09-10 08:47 - 2023-04-29 04:31 - 000000000 __SHD C:\Users\ashle\IntelGraphicsProfiles
2023-09-10 08:47 - 2023-04-29 04:24 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-09-10 08:46 - 2023-04-29 04:14 - 000474968 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-10 08:46 - 2023-04-29 04:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-10 08:46 - 2023-04-29 02:40 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-10 08:46 - 2022-05-06 22:17 - 000524288 _____ C:\Windows\system32\config\BBI
2023-09-09 15:29 - 2023-04-29 04:33 - 000003608 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1203791635-3504870970-2511861142-1001
2023-09-09 15:29 - 2023-04-29 04:31 - 000000000 ____D C:\Users\ashle\AppData\Local\Packages
2023-09-09 15:29 - 2023-04-29 04:17 - 000000000 ____D C:\ProgramData\Packages
2023-09-09 15:28 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-09 13:59 - 2023-06-09 09:51 - 000000015 _____ C:\Users\ashle\AppData\Roaming\obs-virtualcam.txt
2023-09-09 13:59 - 2023-06-09 09:46 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-09-09 11:45 - 2023-04-29 04:15 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-09 11:45 - 2023-04-29 04:15 - 000002299 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-09-08 17:27 - 2023-06-09 09:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-08 04:27 - 2023-06-09 07:00 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-08 04:27 - 2023-06-09 07:00 - 000002229 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-07 04:46 - 2022-05-06 22:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-07 04:46 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\UUS
2023-09-07 04:46 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-07 04:46 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-07 04:46 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\oobe
2023-09-07 04:46 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-07 04:46 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\bcastdvr
2023-09-07 04:24 - 2023-06-11 09:31 - 000000000 ____D C:\Users\ashle\AppData\LocalLow\Mozilla
2023-09-07 01:26 - 2022-05-06 22:17 - 000000000 ____D C:\Windows\CbsTemp
2023-09-07 01:24 - 2023-04-29 04:16 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-06 09:46 - 2023-04-29 04:27 - 000000000 ____D C:\Users\ashle
2023-09-06 09:15 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-06 09:10 - 2023-04-29 04:31 - 000000000 ____D C:\Users\ashle\AppData\Roaming\Adobe
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemResources
2023-09-02 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-02 06:47 - 2023-06-09 09:48 - 000000000 ____D C:\Program Files\Lovense
2023-09-02 06:25 - 2023-06-09 09:25 - 000000000 ____D C:\Users\ashle\AppData\Roaming\obs-studio
2023-09-02 06:11 - 2023-06-09 09:46 - 000000000 ____D C:\ProgramData\obs-studio
2023-09-02 05:35 - 2023-06-09 09:50 - 000001432 _____ C:\Users\Public\Desktop\Stream Master.lnk
2023-08-30 09:00 - 2023-04-29 04:14 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-29 09:53 - 2023-06-09 08:55 - 000000000 ____D C:\Users\ashle\AppData\Local\D3DSCache
2023-08-28 10:59 - 2023-06-09 09:24 - 000000000 ____D C:\ProgramData\Package Cache
2023-08-28 10:49 - 2023-06-09 07:00 - 000000000 ____D C:\Program Files\Google
2023-08-28 10:49 - 2023-06-09 06:58 - 000000000 ____D C:\Users\ashle\AppData\Local\Google
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\gl-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\eu-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\ca-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\vi-VN
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\Sgrm
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\migwiz
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\lv-LV
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\lt-LT
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\id-ID
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\gl-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\eu-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\et-EE
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\es-MX
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\Dism
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\ca-ES
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ShellComponents
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\Provisioning
2023-08-26 20:38 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-08-26 20:17 - 2023-05-25 10:27 - 000000000 ____D C:\Windows\system32\MRT
2023-08-26 20:14 - 2023-05-25 10:27 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-26 19:55 - 2023-06-09 06:58 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{2FBFA2D9-4C2D-4F00-B7F0-84D2DE28682D}
2023-08-26 19:55 - 2023-06-09 06:58 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{C2A92A51-C5B5-4278-A602-1F7CAF3C58B0}
 
==================== Files in the root of some directories ========
 
2023-06-09 09:51 - 2023-09-09 13:59 - 000000015 _____ () C:\Users\ashle\AppData\Roaming\obs-virtualcam.txt
2023-07-01 00:32 - 2023-07-01 00:32 - 000002542 _____ () C:\Users\ashle\AppData\Local\2371-03248-CLCSIWriter.txt
2023-07-01 00:35 - 2023-07-01 00:35 - 000001526 _____ () C:\Users\ashle\AppData\Local\2371-03527-CLCSIWriter.txt
2023-07-27 05:29 - 2023-07-27 05:29 - 000001526 _____ () C:\Users\ashle\AppData\Local\23727-52939-CLCSIWriter.txt
2023-07-27 06:23 - 2023-07-27 06:23 - 000001526 _____ () C:\Users\ashle\AppData\Local\23727-62339-CLCSIWriter.txt
2023-07-27 06:27 - 2023-07-27 06:27 - 000001526 _____ () C:\Users\ashle\AppData\Local\23727-62716-CLCSIWriter.txt
2023-09-02 09:21 - 2023-09-02 09:21 - 000000000 _____ () C:\Users\ashle\AppData\Local\oobelibMkey.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2023
Ran by ashle (10-09-2023 17:21:12)
Running from C:\Users\ashle\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.2271 (X64) (2023-04-29 11:17:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1203791635-3504870970-2511861142-500 - Administrator - Disabled)
ashle (S-1-5-21-1203791635-3504870970-2511861142-1001 - Administrator - Enabled) => C:\Users\ashle
DefaultAccount (S-1-5-21-1203791635-3504870970-2511861142-503 - Limited - Disabled)
Guest (S-1-5-21-1203791635-3504870970-2511861142-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1203791635-3504870970-2511861142-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 23.003.20284 - Adobe)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.11.0.522.1 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)
Adobe Photoshop (Beta) (HKLM-x32\...\PHSPBETA_25_1) (Version: 25.1.0.2316 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
CyberLink YouCam 365 (HKLM-x32\...\{55E2BD10-A3E1-4064-B149-E1DDF02C8F51}) (Version: 10.1.2717.0 - CyberLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.180 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 80.0.1.0 - Google LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Logitech Capture (HKLM\...\Capture) (Version: 2.08.11 - Logitech)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.4.407679 - Logitech)
Lovense OBS Toolset (HKLM\...\Lovense OBS Toolset) (Version:  - )
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20170 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 23.038.0219.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 114.0.2 (x64 en-US)) (Version: 114.0.2 - Mozilla)
Mozilla Firefox (x64 en-US) (HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\Mozilla Firefox 117.0 (x64 en-US)) (Version: 117.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 114.0.2 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20170 - Microsoft Corporation) Hidden
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Shine Browser (HKLM\...\{D6C430F0-FBA0-4B9B-A747-1E9C0E1E5541}) (Version: 102.0.5005.89 - ShineModel)
Speedify (HKLM\...\Speedify) (Version: 13.3.1.11015 - Connectify)
Stream Master (HKLM-x32\...\Stream Master) (Version: 1.3.5 - Lovense Project)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
Verizon Cloud (HKLM\...\{AADB5619-7DF5-40ED-8D5A-FA18D53EAC91}) (Version: 23.6.0.14 - Verizon Wireless)
Windows Driver Package - Nordic Semiconductor ASA (libusbK) Nordic Semiconductor DFU  (11/17/2017 1.0.0.0) (HKLM\...\9E604C253CF23E22559521E18F5477442849274E) (Version: 11/17/2017 1.0.0.0 - Nordic Semiconductor ASA)
Windows Driver Package - Nordic Semiconductor ASA (usbser) Ports  (05/11/2018 1.0.1.0) (HKLM\...\8BE37708EC0B1921B47CD432537BB725532CEF79) (Version: 05/11/2018 1.0.1.0 - Nordic Semiconductor ASA)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2023-08-28] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2023-08-28] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-08-28] (Adobe Systems Incorporated)
AdobeSystemsIncorporated.AdobePhotoshopExpress -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.12.1.0_x64__mtcwf2zmmt10c [2023-08-30] (Adobe Inc.)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-26] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-06-11] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-07] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-08] (Microsoft Studios) [MS Ad]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-07] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.910.1213.738_neutral__8wekyb3d8bbwe [2023-09-10] (Microsoft Corporation)
XLS Edit -> C:\Program Files\WindowsApps\BallardAppCraftery.XLSEdit_1.1.9.0_x64__epyrqhfctk40t [2023-09-09] (Ballard App Craftery)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D184F9FACDF8} -> [Creative Cloud Files] => C:\Users\ashle\Creative Cloud Files [2023-08-28 11:08]
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{84ff2f8e-2440-1caf-3148-f3d0fdd19ec8}\localserver32 -> C:\Program Files\Verizon Cloud\Verizon Cloud.exe (Verizon Data Services LLC -> Verizon)
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1203791635-3504870970-2511861142-1001_Classes\CLSID\{F37369D9-1C22-40A0-A997-0B4D5F7B6637}\localserver32 -> "C:\Users\ashle\AppData\Local\Microsoft\OneDrive\23.186.0905.0001\FileCoAuth.exe" => No File
ShellIconOverlayIdentifiers: [     OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ SncrOverlays (Cloud)] -> {DC39D95E-101B-4B3B-BF18-D1B4D6584A79} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-06-01] (Verizon Data Services LLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-06-01] (Verizon Data Services LLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Paused)] -> {DC20B35F-DF4A-4783-B48E-7EB2496E5858} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-06-01] (Verizon Data Services LLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-06-01] (Verizon Data Services LLC -> Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\23.038.0219.0001\amd64\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\80.0.1.0\drivefsext.dll [2023-09-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-28] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\ashle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3373c9ebc3a5e445\ShineBrowser.lnk -> C:\Program Files\ShineModel\Shine Browser\chrome.exe (ShineModel) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 22:24 - 2023-09-08 17:14 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ashle\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\13744634077959660569\133386895608188192
DNS Servers: 10.202.0.1 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "YouCam10"
HKLM\...\StartupApproved\Run: => "YouCam Service10"
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BD38D0ABA733A398B07153441A9B2009"
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\StartupApproved\Run: => "com.verizon.verizoncloud"
HKU\S-1-5-21-1203791635-3504870970-2511861142-1001\...\StartupApproved\Run: => "LGHUB"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{B87AADCF-E0F3-469E-A2FF-93906A8CDAE1}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{73F4CEEC-5633-433C-9EC4-C5245E6388CE}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0D6A4990-C2D5-4B1A-AE26-CEF1D1A79638}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D240CE8D-9630-4A7D-872B-818BDFE44104}C:\program files\lovense\stream master\lovenseobs\bin\64bit\lvs_obs64.exe] => (Allow) C:\program files\lovense\stream master\lovenseobs\bin\64bit\lvs_obs64.exe (Shenzhen Love Sense Technology Co., Ltd. -> Lovense OBS)
FirewallRules: [UDP Query User{496531AF-04F0-48BE-97E8-8F5160E19485}C:\program files\lovense\stream master\lovenseobs\bin\64bit\lvs_obs64.exe] => (Allow) C:\program files\lovense\stream master\lovenseobs\bin\64bit\lvs_obs64.exe (Shenzhen Love Sense Technology Co., Ltd. -> Lovense OBS)
FirewallRules: [{33CE7412-F6A9-4FE1-B1C5-3221C45B82A7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
02-09-2023 06:36:26 Windows Update
02-09-2023 06:36:47 Windows Update
06-09-2023 09:28:48 Windows Update
09-09-2023 12:05:30 Windows Update
10-09-2023 08:45:22 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/10/2023 08:49:43 AM) (Source: Application Error) (EventID: 1000) (User: MINIPC)
Description: Faulting application name: AdobeNotificationHelper.exe, version: 5.2.0.1, time stamp: 0x620f3a12
Faulting module name: AdobeNotificationHelper.exe, version: 5.2.0.1, time stamp: 0x620f3a12
Exception code: 0xc0000005
Fault offset: 0x0002c76e
Faulting process id: 0x0x3494
Faulting application start time: 0x0x1d9e3fe42bae007
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeNotificationManager\AdobeNotificationHelper.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\AdobeNotificationManager\AdobeNotificationHelper.exe
Report Id: 6bf7dce7-9630-4987-bfa5-c6696c917e3a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2023 02:38:58 PM) (Source: Application Error) (EventID: 1000) (User: MINIPC)
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x0x7ec
Faulting application start time: 0x0x1d9e360855a926a
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 09081dd9-8097-4e0a-9a50-0df1b2ed2314
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/09/2023 11:51:00 AM) (Source: Application Error) (EventID: 1000) (User: MINIPC)
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004000
Faulting process id: 0x0x10b0
Faulting application start time: 0x0x1d9e34e9063750a
Faulting application path: C:\Users\ashle\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: unknown
Report Id: d367a7e7-9d60-4ff2-8145-cc1c6b9f74bb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2023 05:26:03 PM) (Source: Application Error) (EventID: 1000) (User: MINIPC)
Description: Faulting application name: AdobeNotificationHelper.exe, version: 5.2.0.1, time stamp: 0x620f3a12
Faulting module name: AdobeNotificationHelper.exe, version: 5.2.0.1, time stamp: 0x620f3a12
Exception code: 0xc0000005
Fault offset: 0x0002c76e
Faulting process id: 0x0xd8c
Faulting application start time: 0x0x1d9e2b4104a0b95
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeNotificationManager\AdobeNotificationHelper.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\AdobeNotificationManager\AdobeNotificationHelper.exe
Report Id: 67fd133c-2397-4967-a132-5e3c831ec5ed
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2023 05:14:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (09/08/2023 05:14:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c9b9f356-aa1e-4481-9acc-9f37d3464a6f}
 
Error: (09/08/2023 04:20:19 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: lghub_updater.exe, version: 2023.4.7679.0, time stamp: 0x6465211a
Faulting module name: ntdll.dll, version: 10.0.22621.2271, time stamp: 0x3c76b1b4
Exception code: 0xc0000374
Fault offset: 0x000000000010c829
Faulting process id: 0x0x1104
Faulting application start time: 0x0x1d9e2466f098280
Faulting application path: C:\Program Files\LGHUB\lghub_updater.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 42248fd2-9b22-440a-9b77-94d0a331c7cc
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/06/2023 09:13:03 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: lghub_updater.exe, version: 2023.4.7679.0, time stamp: 0x6465211a
Faulting module name: lghub_updater.exe, version: 2023.4.7679.0, time stamp: 0x6465211a
Exception code: 0xc0000005
Fault offset: 0x00000000005ec6b0
Faulting process id: 0x0xe94
Faulting application start time: 0x0x1d9e0dcff57786a
Faulting application path: C:\Program Files\LGHUB\lghub_updater.exe
Faulting module path: C:\Program Files\LGHUB\lghub_updater.exe
Report Id: 8b86b87a-aa3c-49c6-8cec-350a13ff8915
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (09/10/2023 05:18:59 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is FRST64 (PID: 17764).
 
Error: (09/10/2023 05:18:59 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is FRST64 (PID: 17764).
 
Error: (09/10/2023 05:17:58 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is LogTransport2 (PID: 16524).
 
Error: (09/10/2023 05:17:58 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is LogTransport2 (PID: 16524).
 
Error: (09/10/2023 05:17:55 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is Acrobat (PID: 16120).
 
Error: (09/10/2023 05:17:55 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is Acrobat (PID: 16120).
 
Error: (09/10/2023 05:17:44 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is LogTransport2 (PID: 17356).
 
Error: (09/10/2023 05:17:44 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is LogTransport2 (PID: 17356).
 
 
Windows Defender:
================
Date: 2023-09-09 12:03:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-08 18:23:15
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-07 04:38:28
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Reimage
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ashle\AppData\Local\Google\DriveFS\111538896287090850058\content_cache\d57\d139\1196; file:_G:\My Drive\ReimageRepair.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe
Security intelligence Version: AV: 1.397.528.0, AS: 1.397.528.0, NIS: 1.397.528.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 
 
Date: 2023-09-07 04:38:28
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Reimage
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ashle\AppData\Local\Google\DriveFS\111538896287090850058\content_cache\d57\d139\1196; file:_G:\My Drive\ReimageRepair.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\ashle\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.397.528.0, AS: 1.397.528.0, NIS: 1.397.528.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 
 
Date: 2023-09-07 04:38:28
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Reimage
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ashle\AppData\Local\Google\DriveFS\111538896287090850058\content_cache\d57\d139\1196; file:_G:\My Drive\ReimageRepair.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Google\Drive File Stream\80.0.1.0\GoogleDriveFS.exe
Security intelligence Version: AV: 1.397.528.0, AS: 1.397.528.0, NIS: 1.397.528.0
Engine Version: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 
Event[0]
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
Date: 2023-06-22 04:19:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.1203.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80072f8f
Error description: A security error occurred  
 
CodeIntegrity:
===============
Date: 2023-09-10 09:24:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. 
 
Date: 2023-09-02 06:27:53
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive File Stream\79.0.2.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements. 
 
Date: 2023-07-27 05:50:20
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system. 
 
 
==================== Memory info =========================== 
 
BIOS: Intel Corporation RYBDWi35.86A.0386.2022.0705.1602 07/05/2022
Motherboard: Intel Corporation NUC5i7RYB
Processor: Intel® Core™ i7-5557U CPU @ 3.10GHz
Percentage of memory in use: 41%
Total physical RAM: 16267.77 MB
Available physical RAM: 9543.7 MB
Total Virtual: 18699.77 MB
Available Virtual: 10877.54 MB
 
==================== Drives ================================
 
Drive c: (CCCOMA_X64FRE_EN-US_DV9) (Fixed) (Total:465.38 GB) (Free:377.69 GB) (Model: WD Blue SN570 500GB) NTFS
Drive g: (Google Drive) (Fixed) (Total:465.38 GB) (Free:358.81 GB) (Model: WD Blue SN570 500GB) FAT32
 
\\?\Volume{15ebb3fb-0097-4855-8f06-f3662564622d}\ () (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 63867945)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

#14 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 10 September 2023 - 10:03 PM

Thank you for the reports.

Please do this.

===================================================

Disabling Startup Entries - Windows 11

--------------------
  • Click Start, type taskmgr then select Run as administrator
  • Click on the 3 horizontal line in the upper left hand corner
  • Select Startup Apps
  • Right click on Adobe Creative Cloud Experience (or something similar) and select Disable
  • Close all open windows and reboot your computer
  • Check the CPU usage
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Results?

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 55,541 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 13 September 2023 - 04:00 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary 

“Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.”
Where to Start

Back to Virus, Trojan, Spyware, and Malware Removal Help


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·