Keep getting redirected to security checks, recaptcha, and chrome errors – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

meta image ProxyEgg Keep getting redirected to security checks, recaptcha, and chrome errors - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Hey there, I posted in the windows 10 forum and was asked to post here as I may have a stronger piece of malware on my computer. 

Here is my original post and the FRST.txt log and Addition.txt logs are below this

Hey there, hoping to get some help with my laptop before I throw it out the door. I use it for work and about a month ago something started happening that is causing a huge slow down with me navigating sites for work all day.

I suddenly stopped being able to login most anywhere. Most sites redirect me to a “security check” page that tells me to do a re-captcha to prove I’m a human. For example, see the attached screenshot of me trying to login to clickfunnels.com which worked just fine until about a month ago and now it redirects me to this security page over and over and then finally lets me in after I do like 4 of these. Every single time.

Another thing that started happening is that some sites won’t even let me to the login at all. I’ve had this happen on all sorts of sites from local government sites to Kajabi.com that I use a lot for work (course creator site). See attached screenshot of the err_empty_response I get on these sites that won’t even let me get to the login screen. I’m now having to use another computer to access sites that do this.

I’ve been told by Geeksquad that I could have a browser redirect adware but I’m not getting any adware popups. And I have scanned my computer so many times with Malwarebytes, Kaspersky and Windows Defender without finding anything at all.

I also see that alot of these “security check” pages like the one in the attachment will say something about my IP address being flagged for suspicious activity. So, I’ve reset my home router several times and assigned a new IP address but that hasn’t fixed anything.

 Can you please help me out with suggestions on what this could be??
 

Edition Windows 10 Home
Version 20H2
Installed on ‎6/‎15/‎2020
OS build 19042.867

FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-04-2021
Ran by Jennifer (administrator) on LAPTOP-59SOD92G (HP HP Pavilion Laptop 15t-cs200) (14-04-2021 21:18:37)
Running from C:\Users\Jennifer\Downloads
Loaded Profiles: Jennifer
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(DISQO, INC. -> ) C:\Program Files\SJPulse\app\sj-pulse-proxy-server-app.exe
(DISQO, INC. -> ) C:\Program Files\SJPulse\app\sj-pulse-watchdog.exe
(DISQO, INC. -> ) C:\Program Files\SJPulse\updater\sj-updater-app.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointGpuInfo.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\SysInfoCap.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel® pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a2d86d775f73d911\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a2d86d775f73d911\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_99239023b47c777a\RstMwService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_58e40596c07739dd\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp) C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.3.176.0_x64__dt26b99r8h8gj\HPAudioControl.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-10-27] (HP Inc. -> HP Inc.)
HKLM\…\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\…\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-10-27] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Run: [Spotify] => C:\Users\Jennifer\AppData\Roaming\Spotify\Spotify.exe [24261704 2021-04-12] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Run: [Facebook.MessengerDesktop] => C:\Users\Jennifer\AppData\Local\Programs\Messenger\Messenger.exe [110793432 2021-02-16] (Facebook, Inc. -> Facebook, Inc.)
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Run: [electron.app.Loom] => C:\Users\Jennifer\AppData\Local\Programs\Loom\Loom.exe [123706424 2021-04-07] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [274176 2021-01-18] (TEFINCOM S.A. -> TEFINCOM S.A.)
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q “C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe”
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q “C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe”
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\RunOnce: [Uninstall 21.030.0211.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\21.030.0211.0002\amd64”
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\RunOnce: [Uninstall 21.030.0211.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Jennifer\AppData\Local\Microsoft\OneDrive\21.030.0211.0002”
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-14] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09CD4683-6094-4B44-81BD-1AE673A36AD2} – System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => cmd /c start hpdiags://BHM1
Task: {0AD24713-50AA-4D8E-8E69-0F29108CCDFE} – System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {15328AF1-B706-4D15-9607-7F01CAD31B3B} – System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-27] (HP Inc. -> HP Inc.)
Task: {1839323A-AF61-4742-93E1-0A948F29A00B} – System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => cmd /c start hpdiags://SmartCheckError
Task: {1A68B362-8409-4D56-A2CB-F648F7380409} – System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C271353-2C97-4E7D-86C0-A18DBD55CB74} – System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-04] (Google LLC -> Google LLC)
Task: {1D8F7E89-92E0-4959-8D37-75E1FF92BEF1} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24A349E7-A409-4DDD-A5B0-FA70F6A7E174} – System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {2682608D-4EC6-47DA-BE0B-7F6B6F6EFDFC} – System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877368 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {34AFF50D-DE7E-4CFD-8F63-5E262FBA5A76} – System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => cmd /c start hpdiags://ABO
Task: {359246ED-F3DA-4EFE-83E6-3401DBA804F7} – System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B8862E9-2953-48A8-9110-560B845F2F6A} – System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [591160 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D9571BD-ED7E-4730-AE66-E66C747CDAAA} – System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3729208 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3F791B6F-2050-42CD-A31A-A8212EFE8DBC} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {402687F2-CE3D-4382-9984-77C53C9A9912} – System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877368 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {40A42CF8-5DF7-4074-8E2E-90EFF7A5B1BF} – System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-04] (Google LLC -> Google LLC)
Task: {501F5468-7FCA-43B5-97A8-0A869DF3DF1C} – System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => cmd /c start hpdiags://BatteryStatusError
Task: {58BA39E4-BE4A-4522-9979-2DE2BDBCC9FA} – System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {5F93418A-9616-4B02-94B7-9BF2EE140AA6} – System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {612E12E5-B260-4002-BFC1-AD0D383F8152} – System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {68422CA6-4B0F-4144-8390-4931568741B1} – System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1139032 2021-02-27] (HP Inc. -> HP Inc.)
Task: {7CAABD9E-185E-4F8C-9EFC-070A262BACE9} – System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7EF9E950-0910-4941-BE02-1033D662CE3B} – System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F388167-A268-451C-B221-E4AE9D7C37AF} – System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => cmd /c start hpdiags://LaunchUI
Task: {8205DDE6-FE9D-42FB-A66A-401D4A1AEC41} – System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2021-03-04] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {85AE441C-72B6-4178-B222-76E1CD594DCA} – System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
Task: {86147B6C-7FB0-4675-9E21-4BA723DF291C} – System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => cmd /c start hpdiags://BHM2
Task: {8D8F6443-CE94-419F-B994-4AF872311793} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E2B7FC0-850D-4898-BD0A-CF2963169C3B} – System32\Tasks\RtkAudUService64_BG => C:\windows\system32\RtkAudUService64.exe [868128 2019-04-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {91AC480B-5F3F-4E7A-AA9E-636AED08DBF1} – System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9CD16381-E3FA-4042-881F-9AC951002B95} – System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877368 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A2935CA5-CBBE-4C4E-8076-DAA597946EA1} – System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135000 2020-10-27] (HP Inc. -> HP Inc.)
Task: {A2B3640C-3995-43CD-A280-282FECE21AFD} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AA16A5A5-D632-40DB-8898-CCEA1932DCC1} – System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => cmd /c start hpdiags://BatteryStatusTest
Task: {B0F5911C-F1FF-4229-9333-AB6A271F46A3} – System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => cmd /c start hpdiags:
Task: {BD594879-C505-4469-B1AA-7B7AF06B6D55} – System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877368 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF81E9A0-CA61-4FB5-8FA4-52EB645926BC} – System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849720 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D6514D58-44E0-4A5C-93C3-16A4E2C8CBFE} – System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {D88AB1E7-5F87-45C1-9395-41D7ACAA850A} – System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E797F556-1B7B-4066-B572-CC037EB52370} – System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => cmd /c start hpdiags://SmartCheckTest
Task: {E8A4B8C1-401F-4DD3-A4C8-7538731BB097} – System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849720 2019-05-03] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E9C1F70D-2BF8-4631-AC86-C4957847E39E} – System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {F91D6809-CA46-4555-99CD-47DE75498091} – System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [553304 2020-11-07] (HP Inc. -> HP Inc.)
Task: {FEDC88E8-1EFC-4DFD-8C99-569150B68480} – System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => cmd /c start hpdiags://BCF
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 207.91.5.20
Tcpip\..\Interfaces\{23fe8350-2329-46ac-9066-508aac856db6}: [DhcpNameServer] 40.23.1.12
Tcpip\..\Interfaces\{37d8047b-4e44-46b3-908b-cf84549c3614}: [DhcpNameServer] 192.168.254.254 207.91.5.20
Edge Profile: C:\Users\Jennifer\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-14]
Edge Extension: (Kaspersky Protection) – C:\Users\Jennifer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-03-04]
Edge HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\SOFTWARE\Microsoft\Edge\Extensions\…\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\…\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FF HKLM\…\Firefox\Extensions: [[email protected]] – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\…\Firefox\Extensions: [[email protected]] – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-03-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-03-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2917363170-1330795515-2627479021-1001: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\Jennifer\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2019-07-15] (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
CHR DefaultProfile: Default
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default [2021-04-14]
CHR Notifications: Default -> hxxps://app.asana.com; hxxps://myvpostpay.verizon.com
CHR StartupUrls: Default -> “hxxp://www.google.com/”
CHR Extension: (Slides) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-04]
CHR Extension: (Kaspersky Protection) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-03-04]
CHR Extension: (Privacy Pass) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2021-03-22]
CHR Extension: (Docs) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-04]
CHR Extension: (Google Drive) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-04]
CHR Extension: (YouTube) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-04]
CHR Extension: (Spotify – Music for every moment) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2021-03-05]
CHR Extension: (FLV Player) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2021-03-05]
CHR Extension: (Adobe Acrobat) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-04]
CHR Extension: (Facebook Pixel Helper) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2021-03-05]
CHR Extension: (Sheets) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-04]
CHR Extension: (Google Docs Offline) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-16]
CHR Extension: (LastPass: Free Password Manager) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-04-08]
CHR Extension: (Zoom) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2021-04-14]
CHR Extension: (Eye Dropper) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2021-04-01]
CHR Extension: (Kindle Cloud Reader) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2021-03-05]
CHR Extension: (Malwarebytes Browser Guard) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-14]
CHR Extension: (Google Play) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2021-03-05]
CHR Extension: (Loom for Chrome) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2021-04-08]
CHR Extension: (Google Keep Chrome Extension) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-04-14]
CHR Extension: (Wicked Good Unarchiver) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mljpablpddhocfbnokacjggdbmafjnon [2021-03-05]
CHR Extension: (Chrome Web Store Payments) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-04]
CHR Extension: (Gmail) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-04]
CHR Extension: (Chrome Media Router) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-04]
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-04-01]
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-04-05]
CHR StartupUrls: Profile 1 -> “hxxp://www.google.com/”
CHR DefaultSearchURL: Profile 1 -> hxxps://app-cdn.clickup.com/assets/icons/icon-72×72.png
CHR Extension: (Slides) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-05]
CHR Extension: (Kaspersky Protection) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-03-05]
CHR Extension: (Privacy Pass) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2021-03-12]
CHR Extension: (Docs) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-05]
CHR Extension: (Google Drive) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-05]
CHR Extension: (ColorZilla) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2021-03-05]
CHR Extension: (YouTube) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-05]
CHR Extension: (Honey) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-03-29]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2021-03-05]
CHR Extension: (Spotify – Music for every moment) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2021-03-05]
CHR Extension: (ClickUp) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edcmabgkbicempmpgmniellhbjopafjh [2021-03-05]
CHR Extension: (Adobe Acrobat) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-05]
CHR Extension: (Facebook Pixel Helper) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2021-03-05]
CHR Extension: (Sheets) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-05]
CHR Extension: (Stargazers) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgjgecgjcaoepmcinebllijclpmnoeke [2021-03-07]
CHR Extension: (Google Docs Offline) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-16]
CHR Extension: (LastPass: Free Password Manager) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-03-30]
CHR Extension: (Zoom) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2021-03-29]
CHR Extension: (Kindle Cloud Reader) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2021-03-05]
CHR Extension: (Google Play) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2021-03-05]
CHR Extension: (Loom for Chrome) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2021-03-30]
CHR Extension: (Google Keep Chrome Extension) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-04-05]
CHR Extension: (Wicked Good Unarchiver) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mljpablpddhocfbnokacjggdbmafjnon [2021-03-05]
CHR Extension: (Chrome Web Store Payments) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-05]
CHR Extension: (Gmail) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-05]
CHR Extension: (Chrome Media Router) – C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-05]
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-08]
CHR HKLM\…\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] – hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\…\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] – hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\…\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\…\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe [381928 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\AppHelperCap.exe [729608 2021-03-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\NetworkCap.exe [728568 2021-03-02] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\SysInfoCap.exe [729080 2021-03-02] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe [479504 2021-01-06] (HP Inc. -> HP Inc.)
S3 klvssbridge64_21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\vssbridge64.exe [467352 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-04] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [275200 2021-01-18] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2523448 2020-12-24] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3478336 2020-12-24] (Electronic Arts, Inc. -> Electronic Arts)
R2 sj-app; C:\Program Files\SJPulse\app\sj-pulse-proxy-server-app.exe [3555440 2021-04-06] (DISQO, INC. -> )
R2 sj-updater; C:\Program Files\SJPulse\updater\sj-updater-app.exe [761968 2021-04-06] (DISQO, INC. -> )
R2 sj-watchdog; C:\Program Files\SJPulse\app\sj-pulse-watchdog.exe [312944 2021-04-06] (DISQO, INC. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1592112 2019-09-12] (WildTangent Inc -> )
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_58e40596c07739dd\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_58e40596c07739dd\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [136544 2019-04-22] (Alcorlink Corp. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [251608 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
S3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110392 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [212280 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [127288 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37496 2020-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [523576 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657696 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1400600 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.2\Bases\klids.sys [245304 2021-04-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1025336 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [95544 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [113464 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [113464 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85288 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [97080 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-10-22] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [263888 2021-04-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_arkmon_58F37976; C:\ProgramData\Kaspersky Lab\AVP21.2\Temp\58F379760B519E358F7C46FF4D7FB49E\klupd_klif_arkmon.sys [263888 2021-04-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2021-03-04] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_klark_847736BF; C:\ProgramData\Kaspersky Lab\AVP21.2\Temp\847736BFEA593398A79C498481628EF8\klupd_klif_klark.sys [309104 2021-04-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [115744 2021-04-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_mark_463B1CA9; C:\ProgramData\Kaspersky Lab\AVP21.2\Temp\463B1CA97DAE4D7210CBF5967CF392B7\klupd_klif_mark.sys [224880 2021-04-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [153400 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [250168 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300856 2020-10-22] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-14] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-14] (Malwarebytes Inc -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-02-22] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2021-04-14] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 sj-pulse-win-driver; C:\Program Files\SJPulse\app\sj-pulse-win-driver.sys [47824 2020-05-02] (DISQO, INC. -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-14 21:18 – 2021-04-14 21:19 – 000044039 _____ C:\Users\Jennifer\Downloads\FRST.txt
2021-04-14 21:18 – 2021-04-14 21:19 – 000000000 ____D C:\FRST
2021-04-14 21:17 – 2021-04-14 21:17 – 002298368 _____ (Farbar) C:\Users\Jennifer\Downloads\FRST64.exe
2021-04-14 18:56 – 2021-04-14 18:56 – 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-14 18:56 – 2021-04-14 18:56 – 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-14 18:56 – 2021-04-14 18:56 – 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-04-14 18:56 – 2021-04-14 18:56 – 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-04-14 18:56 – 2021-03-04 19:52 – 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-14 18:50 – 2021-04-14 18:50 – 002078632 _____ (Malwarebytes) C:\Users\Jennifer\Downloads\MBSetup.exe
2021-04-14 08:34 – 2021-04-14 08:35 – 000000000 ____D C:\Users\Jennifer\AppData\Local\NordVPN
2021-04-14 08:34 – 2021-04-14 08:34 – 000001805 _____ C:\Users\Jennifer\Desktop\NordVPN.lnk
2021-04-14 08:34 – 2021-04-14 08:34 – 000000000 ____D C:\ProgramData\NordVPN
2021-04-14 08:34 – 2021-04-14 08:34 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-04-14 08:34 – 2021-04-14 08:34 – 000000000 ____D C:\Program Files\NordVPN
2021-04-14 08:34 – 2021-02-22 07:27 – 000105184 _____ C:\WINDOWS\system32\Drivers\NDivert.sys
2021-04-14 08:34 – 2020-12-14 10:21 – 000038608 _____ (TEFINCOM S.A.) C:\WINDOWS\system32\Drivers\nordlwf.sys
2021-04-14 08:33 – 2021-04-14 08:33 – 000039360 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\nlwt.sys
2021-04-14 08:33 – 2021-04-14 08:33 – 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2021-04-14 08:32 – 2021-04-14 08:32 – 000000000 ____D C:\Program Files\NordVPN network TUN
2021-04-14 08:31 – 2021-04-14 08:32 – 021276944 _____ (TEFINCOM S.A. ) C:\Users\Jennifer\Downloads\NordVPNSetup.exe
2021-04-13 15:49 – 2021-04-13 15:49 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-04-13 15:49 – 2021-04-13 15:48 – 000001162 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-04-13 15:49 – 2021-04-13 15:48 – 000001162 _____ C:\ProgramData\Desktop\Kaspersky VPN.lnk
2021-04-13 11:51 – 2021-04-13 11:51 – 000092818 _____ C:\Users\Jennifer\Downloads\-2703014359313847527.csv
2021-04-13 07:47 – 2021-04-13 07:47 – 000263888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-04-13 07:47 – 2021-04-13 07:47 – 000115744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-04-12 15:55 – 2021-04-12 15:55 – 000278302 _____ C:\Users\Jennifer\Downloads\E-Book Opt-In Details Multiple LeadSource (17).xlsx
2021-04-12 15:44 – 2021-04-12 15:44 – 000000000 ____D C:\Users\Jennifer\Downloads\New Ad Copy Ideas (1)
2021-04-12 15:42 – 2021-04-12 15:42 – 007106639 _____ C:\Users\Jennifer\Downloads\New Ad Copy Ideas (1).zip
2021-04-12 15:39 – 2021-04-12 15:39 – 000000000 ____D C:\Users\Jennifer\Downloads\New Ad Copy Ideas
2021-04-12 15:34 – 2021-04-12 15:34 – 007106647 _____ C:\Users\Jennifer\Downloads\New Ad Copy Ideas.zip
2021-04-12 10:17 – 2021-04-12 10:17 – 000015720 _____ C:\Users\Jennifer\Downloads\2448328835253773489.csv
2021-04-12 10:15 – 2021-04-12 10:17 – 131827774 _____ C:\Users\Jennifer\Downloads\RRR Testimonial Video April 5 2021.mp4
2021-04-12 09:27 – 2021-04-12 09:27 – 042074937 _____ C:\Users\Jennifer\Downloads\Video 1.mp4
2021-04-09 15:55 – 2021-04-09 15:55 – 000093682 _____ C:\Users\Jennifer\Downloads\1143621766803853338.csv
2021-04-07 17:38 – 2021-04-07 17:40 – 091721353 _____ C:\Users\Jennifer\Downloads\Preview Video.mp4
2021-04-07 15:59 – 2021-04-12 12:08 – 000000000 ____D C:\Users\Jennifer\AppData\Roaming\Loom
2021-04-07 15:59 – 2021-04-12 12:07 – 000000000 ____D C:\Users\Jennifer\AppData\Local\loom-updater
2021-04-07 15:59 – 2021-04-07 15:59 – 000002271 _____ C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Loom.lnk
2021-04-07 15:59 – 2021-04-07 15:59 – 000002263 _____ C:\Users\Jennifer\Desktop\Loom.lnk
2021-04-07 15:58 – 2021-04-07 15:59 – 079920048 _____ (Loom, Inc.) C:\Users\Jennifer\Downloads\Loom Setup 0.75.0.exe
2021-04-07 15:21 – 2021-04-07 15:21 – 000602561 _____ C:\Users\Jennifer\Downloads\Targeting Group Ideas.xlsx
2021-04-07 08:03 – 2021-04-07 08:04 – 091721353 _____ C:\Users\Jennifer\Downloads\1200138769875179-Amy Crane-1×1-VC-1.02.mp4
2021-04-01 09:03 – 2021-03-31 18:15 – 000049142 ____T C:\Users\Jennifer\Desktop\Buyer List.xlsx
2021-03-30 13:13 – 2021-03-30 13:13 – 000000000 ____D C:\Users\Jennifer\Downloads\Grey Line Art Business Instagram Story Highlight Cover
2021-03-30 13:12 – 2021-03-30 13:12 – 000818558 _____ C:\Users\Jennifer\Downloads\Grey Line Art Business Instagram Story Highlight Cover.zip
2021-03-27 19:22 – 2021-03-27 19:22 – 000000000 ____D C:\Users\Jennifer\AppData\LocalLow\Ancient Forge Studio
2021-03-27 19:05 – 2021-03-27 19:05 – 000000223 _____ C:\Users\Jennifer\Desktop\The Tenants.url
2021-03-21 13:16 – 2021-03-21 13:16 – 000000000 ____D C:\Users\Jennifer\AppData\LocalLow\IronGate
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-14 21:18 – 2019-12-07 05:14 – 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-14 21:12 – 2020-06-15 15:07 – 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-14 21:02 – 2020-06-15 15:26 – 000004174 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{4CA793F7-0B36-47A6-823E-00F046E1A8B9}
2021-04-14 20:32 – 2020-05-31 20:40 – 000000000 ____D C:\Program Files\CCleaner
2021-04-14 18:56 – 2021-03-04 19:52 – 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-14 18:56 – 2019-12-07 05:14 – 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-14 18:55 – 2019-04-15 11:38 – 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-14 18:54 – 2021-03-04 19:52 – 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-04-14 18:48 – 2019-12-07 05:03 – 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-14 12:25 – 2019-09-04 23:32 – 000000000 ____D C:\ProgramData\NVIDIA
2021-04-14 11:00 – 2020-02-04 09:52 – 000000000 ____D C:\Users\Jennifer\AppData\Local\Spotify
2021-04-14 10:01 – 2020-02-04 09:50 – 000000000 ____D C:\Users\Jennifer\AppData\Roaming\Spotify
2021-04-14 08:35 – 2019-12-07 05:13 – 000000000 ____D C:\WINDOWS\INF
2021-04-14 08:34 – 2019-12-07 05:14 – 000000000 ___HD C:\Program Files\WindowsApps
2021-04-14 08:34 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-14 08:34 – 2019-09-04 23:32 – 000000000 ____D C:\ProgramData\Package Cache
2021-04-14 08:33 – 2020-03-27 09:15 – 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-14 08:32 – 2021-03-04 19:33 – 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-14 08:31 – 2019-10-01 14:15 – 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-04-14 08:31 – 2019-10-01 14:15 – 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-04-13 15:49 – 2021-03-04 17:05 – 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-04-13 15:48 – 2021-03-04 17:05 – 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-04-13 09:31 – 2020-08-29 10:44 – 000000000 ____D C:\Program Files (x86)\Steam
2021-04-12 08:14 – 2020-06-15 15:26 – 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2917363170-1330795515-2627479021-1001
2021-04-12 08:14 – 2020-06-15 15:13 – 000002383 _____ C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 08:14 – 2019-09-12 20:09 – 000000000 ___RD C:\Users\Jennifer\OneDrive
2021-04-09 17:49 – 2019-05-17 13:42 – 000000000 ____D C:\Program Files\Microsoft Office
2021-04-07 07:32 – 2021-03-02 10:34 – 000000000 ____D C:\Program Files\SJPulse
2021-04-06 15:30 – 2019-09-12 19:41 – 000000000 ____D C:\Users\Jennifer\AppData\Local\Packages
2021-04-05 15:30 – 2019-09-12 20:14 – 000000000 ____D C:\Users\Jennifer\AppData\Local\PlaceholderTileLogoFolder
2021-03-30 09:03 – 2020-05-31 20:44 – 000000000 ___HD C:\temp
2021-03-29 08:29 – 2020-11-06 12:48 – 000000000 ____D C:\Users\Jennifer\AppData\Roaming\Messenger
2021-03-29 08:29 – 2020-11-06 12:48 – 000000000 ____D C:\Users\Jennifer\AppData\Local\Messenger
2021-03-29 08:26 – 2019-09-12 20:07 – 000000000 __SHD C:\Users\Jennifer\IntelGraphicsProfiles
2021-03-28 15:32 – 2020-06-15 15:13 – 000000000 ____D C:\Users\Jennifer
2021-03-25 10:25 – 2020-06-15 15:26 – 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-22 08:34 – 2021-03-04 19:05 – 000000000 ____D C:\Users\Jennifer\AppData\Roaming\Easeware
2021-03-21 16:14 – 2020-06-15 15:23 – 000845872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-21 16:06 – 2020-06-15 15:26 – 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-21 16:06 – 2020-06-15 15:06 – 000008192 ___SH C:\DumpStack.log.tmp
2021-03-21 16:06 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\ServiceState
2021-03-15 10:58 – 2020-10-22 00:12 – 001400600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2021-03-15 10:58 – 2020-10-22 00:12 – 000657696 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klgse.sys
2021-03-15 08:40 – 2020-06-15 15:07 – 000457232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-15 08:39 – 2019-12-07 05:03 – 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\SystemResources
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\system32\setup
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-15 08:38 – 2019-12-07 05:14 – 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-15 08:37 – 2020-11-09 12:38 – 000000000 ____D C:\Users\Jennifer\AppData\Local\Screencast-O-Matic-v2
==================== Files in the root of some directories ========
2019-09-26 13:43 – 2019-09-26 13:43 – 000000410 _____ () C:\Users\Jennifer\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2021
Ran by Jennifer (14-04-2021 21:20:38)
Running from C:\Users\Jennifer\Downloads
Windows 10 Home Version 20H2 19042.867 (X64) (2020-06-15 19:29:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2917363170-1330795515-2627479021-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-2917363170-1330795515-2627479021-503 – Limited – Disabled)
Guest (S-1-5-21-2917363170-1330795515-2627479021-501 – Limited – Disabled)
Jennifer (S-1-5-21-2917363170-1330795515-2627479021-1001 – Administrator – Enabled) => C:\Users\Jennifer
WDAGUtilityAccount (S-1-5-21-2917363170-1330795515-2627479021-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled – Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\…\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 – Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\…\AdobeGenuineService) (Version:  – Adobe)
Audacity 2.4.2 (HKLM-x32\…\Audacity_is1) (Version: 2.4.2 – Audacity Team)
CCleaner (HKLM\…\CCleaner) (Version: 5.78 – Piriform)
Epson Connect Printer Setup (HKLM-x32\…\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 – Seiko Epson Corporation)
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 89.0.4389.128 – Google LLC)
HP Audio Switch (HKLM-x32\…\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 – HP Inc.)
HP Connection Optimizer (HKLM-x32\…\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 – HP Inc.)
HP Documentation (HKLM\…\HP_Documentation) (Version: 1.0.0.1 – HP Inc.)
HP Software Framework (HKLM-x32\…\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 – HP)
Intel® PROSet/Wireless Software (HKLM-x32\…\{31a05164-f722-485c-90e3-db78421fa156}) (Version: 20.70.0 – Intel Corporation)
Java 8 Update 281 (64-bit) (HKLM\…\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 – Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\…\{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 – Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\…\InstallWIX_{63129F5E-8EC5-41BA-A4CF-47966CE84953}) (Version: 21.2.16.590 – Kaspersky)
Kaspersky VPN (HKLM-x32\…\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 – Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\…\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 – Kaspersky)
Loom 0.75.0 (HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.75.0 – Loom, Inc.)
Malwarebytes version 4.3.0.98 (HKLM\…\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 – Malwarebytes)
Messenger 91.5.119 (HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 91.5.119 – Facebook, Inc.)
Microsoft 365 – en-us (HKLM\…\O365HomePremRetail – en-us) (Version: 16.0.13901.20336 – Microsoft Corporation)
Microsoft Edge (HKLM-x32\…\Microsoft Edge) (Version: 89.0.774.76 – Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\…\Microsoft EdgeWebView) (Version: 89.0.774.76 – Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\OneDriveSetup.exe) (Version: 21.052.0314.0001 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM\…\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM\…\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32\…\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32\…\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32\…\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32\…\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32\…\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32\…\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32\…\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29914 (HKLM-x32\…\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32\…\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 – Microsoft Corporation)
NordVPN (HKLM\…\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.35.9.0 – TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\…\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 – NordVPN)
NordVPN network TUN (HKLM\…\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 – NordVPN)
NVIDIA GeForce Experience 3.18.0.94 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.94 – NVIDIA Corporation)
NVIDIA Graphics Driver 457.63 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.63 – NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\…\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\…\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\…\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13901.20336 – Microsoft Corporation) Hidden
Origin (HKLM-x32\…\Origin) (Version: 10.5.90.45798 – Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\…\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 – Paradox Interactive)
RingCentral Meetings (HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\RingCentralMeetings) (Version: 7.0 – Zoom Video Communications, Inc. and RingCentral Inc.)
Screencast-O-Matic v2 (Web Launcher v2.11.3) (HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Screencast-O-Matic v2) (Version: v2.11.3 – Screencast-O-Matic)
SJ App (HKLM\…\SJPulse-app) (Version: 0.0.42.0 – SJPulse)
SJ Updater (HKLM\…\SJPulse-updater) (Version: 0.0.42.0 – SJPulse)
Spotify (HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\Spotify) (Version: 1.1.56.595.g2d2da0de – Spotify AB)
Steam (HKLM-x32\…\Steam) (Version: 2.10.91.91 – Valve Corporation)
The Sims™ 4 (HKLM-x32\…\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.69.59.1020 – Electronic Arts Inc.)
Wondershare Filmora9(Build 9.2.11) (HKLM\…\Wondershare Filmora9_is1) (Version:  – Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\…\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 – Wondershare)
Zoom (HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\…\ZoomUMX) (Version: 5.4.9 (59931.0110) – Zoom Video Communications, Inc.)
Alaskan Landscapes by Kyle Waters -> C:\Program Files\WindowsApps\Microsoft.AlaskanLandscapesbyKyleWaters_1.0.0.0_neutral__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-02-03] (Amazon.com)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.3.689.0_x64__22t9g3sebte08 [2021-02-27] (AMZN Mobile LLC.) [Startup Task]
Autumn in Sweden -> C:\Program Files\WindowsApps\Microsoft.AutumninSweden_1.0.0.0_neutral__8wekyb3d8bbwe [2020-11-26] (Microsoft Corporation)
Baffin Island Expedition by Will Christiansen -> C:\Program Files\WindowsApps\Microsoft.BaffinIslandExpeditionbyWillChristiansen_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-10] (Microsoft Corporation)
Bountiful Cottage Gardens -> C:\Program Files\WindowsApps\Microsoft.BountifulCottageGardens_1.0.0.0_neutral__8wekyb3d8bbwe [2020-03-16] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2021-02-03] (Dropbox Inc.)
ELAN Touchpad Setting -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2021-02-03] (ELAN Microelectronics Corporation)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-02-03] (HP Inc.)
Forest for the Trees -> C:\Program Files\WindowsApps\Microsoft.ForestfortheTrees_1.0.0.0_neutral__8wekyb3d8bbwe [2020-04-20] (Microsoft Corporation)
Hooked on Phonics -> C:\Program Files\WindowsApps\SandviksHOPInc.6523063BF071D_6.1.5.0_x64__r8x50y90hy6ae [2021-02-27] (Sandviks HOP, Inc.)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.3.176.0_x64__dt26b99r8h8gj [2019-09-04] (Realtek Semiconductor Corp)
HP CoolSense -> C:\Program Files\WindowsApps\AD2F1837.HPCoolSense_1.0.6.0_x64__v10z8vjag6ke6 [2019-09-04] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.9.1548.0_x64__v10z8vjag6ke6 [2021-02-03] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6 [2021-02-03] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2021-02-03] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-02-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.238.0_x64__v10z8vjag6ke6 [2021-02-27] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2020-10-27] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-02-03] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-03-04] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.0.1017.0_x64__8j3eq9eme6ctt [2021-02-03] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-09-17] (LinkedIn)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.38.4482.0_x64__8wekyb3d8bbwe [2021-02-27] (Microsoft Corporation) [Startup Task]
Mountain Dwellings -> C:\Program Files\WindowsApps\Microsoft.MountainDwellings_1.0.0.0_neutral__8wekyb3d8bbwe [2021-02-27] (Microsoft Corporation)
Mountain Light PREMIUM -> C:\Program Files\WindowsApps\Microsoft.MountainLightPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-10] (Microsoft Corporation)
Movie Maker : Free Video Editor -> C:\Program Files\WindowsApps\39691Videopix.MovieMakerFreeVideoEditor_1.1.78.0_x64__dxz7h1qnd1pge [2021-02-27] (Videopix)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-02-03] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation)
PhotoScape X -> C:\Program Files\WindowsApps\MooiiTech.PhotoScapeX_4.1.1.0_x64__f5eddttrpssna [2020-11-08] (Mooii Tech)
Scenes from Yosemite by Ingo Scholtes -> C:\Program Files\WindowsApps\Microsoft.ScenesfromYosemitebyIngoScholtes_1.0.0.0_neutral__8wekyb3d8bbwe [2020-11-26] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.0.0.0_x64__kx24dqmazqk8j [2021-02-03] (Random Salad Games LLC)
Slack -> C:\Program Files\WindowsApps\91750D7E.Slack_4.12.2.0_x64__8she8kybcnzg4 [2021-02-03] (Slack Technologies Inc.) [Startup Task]
Spring Blooms 2 by Rebecca Heigel -> C:\Program Files\WindowsApps\Microsoft.SpringBlooms2byRebeccaHeigel_1.0.0.0_neutral__8wekyb3d8bbwe [2020-03-16] (Microsoft Corporation)
Sticky Notes – Post Virtual Notes on Your Desktop -> C:\Program Files\WindowsApps\32336LoganK.StickyNotes-PostVirtualNotesonYourDesk_0.9.13.0_neutral__3bct828mydfqt [2021-02-03] (Logan K) [Startup Task]
The Grand Canyon National Park -> C:\Program Files\WindowsApps\Microsoft.TheGrandCanyonNationalPark_1.0.0.0_neutral__8wekyb3d8bbwe [2021-04-05] (Microsoft Corporation)
Video Rotate Flip Video -> C:\Program Files\WindowsApps\22546Cidade.VideoRotateFlipVideo_2.0.6.0_x64__cjt5542sbwgmj [2021-02-03] (Cidade) [MS Ad]
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2021-02-27] (WildTangent Games)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_58e40596c07739dd\nvshext.dll [2021-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.2] -> {9B9F6E01-A5CF-4269-B245-CFF66A7DAEBD} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\shellex.dll [2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-04] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Drivers32: [vidc.VP60] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\…\Drivers32: [vidc.VP61] => C:\windows\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FLV Player (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  –profile-directory=Default –app-id=dhogabmliblgpadclikpkjfnnipeebjm
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wicked Good Unarchiver (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  –profile-directory=Default –app-id=mljpablpddhocfbnokacjggdbmafjnon
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wicked Good Unarchiver (3).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  –profile-directory=”Profile 1″ –app-id=mljpablpddhocfbnokacjggdbmafjnon
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom (2).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  –profile-directory=Default –app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom (3).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  –profile-directory=”Profile 1″ –app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
==================== Loaded Modules (Whitelisted) =============
2019-11-26 12:51 – 2016-07-21 11:54 – 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2019-11-26 12:51 – 2017-09-12 11:34 – 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-03-11 06:48 – 2021-03-11 06:48 – 000078336 _____ () [File not signed] C:\Program Files\SJPulse\app\boost_iostreams-vc142-mt-x64-1_73.dll
2021-03-11 06:47 – 2021-03-11 06:47 – 000346624 _____ () [File not signed] C:\Program Files\SJPulse\app\boost_program_options-vc142-mt-x64-1_73.dll
2021-03-11 06:49 – 2021-03-11 06:49 – 000137216 _____ () [File not signed] C:\Program Files\SJPulse\app\brotlicommon.dll
2021-03-11 06:49 – 2021-03-11 06:49 – 000047104 _____ () [File not signed] C:\Program Files\SJPulse\app\brotlidec.dll
2021-03-11 06:49 – 2021-03-11 06:49 – 003082240 _____ () [File not signed] C:\Program Files\SJPulse\app\brotlienc.dll
2021-03-11 06:47 – 2021-03-11 06:47 – 000074752 _____ () [File not signed] C:\Program Files\SJPulse\app\bz2.dll
2021-03-11 06:49 – 2021-03-11 06:49 – 000160768 _____ () [File not signed] C:\Program Files\SJPulse\app\date-tz.dll
2021-03-11 06:49 – 2021-03-11 06:49 – 000130048 _____ () [File not signed] C:\Program Files\SJPulse\app\fmt.dll
2021-03-11 06:48 – 2021-03-11 06:48 – 000153600 _____ () [File not signed] C:\Program Files\SJPulse\app\lzma.dll
2021-03-11 06:50 – 2021-03-11 06:50 – 000103424 _____ () [File not signed] C:\Program Files\SJPulse\app\zip.dll
2021-03-11 06:48 – 2021-03-11 06:48 – 000086528 _____ () [File not signed] C:\Program Files\SJPulse\app\zlib1.dll
2021-03-11 06:49 – 2021-03-11 06:49 – 000130048 _____ () [File not signed] C:\Program Files\SJPulse\updater\fmt.dll
2021-03-06 19:42 – 2021-03-06 19:42 – 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\951888f8ec328648f94e872e4166a50b\Interop.IWshRuntimeLibrary.ni.dll
2021-03-11 06:55 – 2021-03-11 06:55 – 002472448 _____ (Google Inc.) [File not signed] C:\Program Files\SJPulse\app\libprotobuf.dll
2021-03-11 06:54 – 2021-03-11 06:54 – 000461312 _____ (Google Inc.) [File not signed] C:\Program Files\SJPulse\app\libprotobuf-lite.dll
2021-03-05 10:36 – 2021-03-05 10:36 – 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\0f1eaacb1233127eedde1676050c2306\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-06-20 10:48 – 2020-06-20 10:48 – 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2021-03-06 19:42 – 2021-03-06 19:42 – 001591808 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\9f1fb811cecca00c1c0093fcdbfb55df\NAudio.ni.dll
2021-03-06 19:42 – 2021-03-06 19:42 – 003127808 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\af5a3640200201f73429f4848045535d\Newtonsoft.Json.ni.dll
2019-09-04 23:27 – 2019-09-04 23:27 – 000023040 _____ (Synaptics Incorporated.) [File not signed] C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.3.176.0_x64__dt26b99r8h8gj\SynAudSrvDll.dll
2021-03-06 19:41 – 2021-03-06 19:41 – 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\99ce6136aae3bc57a1c49add2632a650\log4net.ni.dll
2021-03-11 06:46 – 2021-03-11 06:46 – 003471872 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\SJPulse\app\libcrypto-1_1-x64.dll
2021-03-11 06:46 – 2021-03-11 06:46 – 000685568 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\SJPulse\app\libssl-1_1-x64.dll
2021-03-11 06:46 – 2021-03-11 06:46 – 003471872 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\SJPulse\updater\libcrypto-1_1-x64.dll
2021-03-11 06:46 – 2021-03-11 06:46 – 000685568 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\SJPulse\updater\libssl-1_1-x64.dll
2019-11-26 12:51 – 2017-09-12 11:36 – 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
2021-03-11 06:48 – 2021-03-11 06:48 – 000540160 _____ (Yann Collet, Facebook, Inc.) [File not signed] C:\Program Files\SJPulse\app\zstd.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Jennifer\AppData\Local\Temp:com.affinity.photo.2 [241]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=”Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => “”=”Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=”Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => “”=”Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {51AA6787-0BC5-4685-839D-F998BBCCDED0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {51AA6787-0BC5-4685-839D-F998BBCCDED0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2917363170-1330795515-2627479021-1001 -> {51AA6787-0BC5-4685-839D-F998BBCCDED0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-03-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-03-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2019-12-19] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2019-12-19] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 00:49 – 2021-03-04 17:00 – 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2917363170-1330795515-2627479021-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.254.254 – 207.91.5.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
Network Binding:
=============
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B6AC1E0D-5DE4-458D-857C-A413FE8376EE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{319B924D-A1CA-4F6E-8E76-A783895E75B9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8C0E0376-09B6-4041-A081-48AF654CE131}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\Northgard.exe => No File
FirewallRules: [{428A3CE9-DEBA-4A0A-892F-B71FD2C3336C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\Northgard.exe => No File
FirewallRules: [{7AD10170-61CA-4404-A1F7-8B29559DD704}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{AB49CFC5-371C-4782-B413-56BAB0B4E499}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{5D36F0A4-B2AB-4BC0-9A5E-581ADFA817DD}C:\users\jennifer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jennifer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{56029379-A384-4148-8A2B-EB98C1451071}C:\users\jennifer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jennifer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B60C174A-FFC7-42E3-BAA2-B11BC33C7EF4}] => (Allow) C:\Users\Jennifer\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FA55E300-F62A-4226-BED4-92EF8C55526A}] => (Allow) C:\Users\Jennifer\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C80772AD-B4F7-4CBD-A8D5-8675EAE07A41}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{F48811F6-8F73-4E1B-8BD5-E42DE6AE881E}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{C2E119EC-1EE6-4BBC-8145-0A4DBC874F71}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{67CB4513-3E06-47BD-A47B-442EA5030DE7}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{10D3C386-E4AB-4C16-8143-BCBF2113ECB0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{466E0F31-D1BE-49D1-A18C-AB35926456B0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{6917164B-2E0D-44BA-8AD3-61BAE210C80D}] => (Allow) C:\Users\Jennifer\AppData\Roaming\RingCentralMeetings\bin\airhost.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{F74A32E5-63FD-47C8-BE08-B7E4D4FFAE60}] => (Allow) C:\Users\Jennifer\AppData\Roaming\RingCentralMeetings\bin\RingCentralMeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{9FAA1384-72A4-40F3-93C0-F439F69AAB3B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{1B6BC220-E558-4EFB-87F5-931EBADE98F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FCD91C85-FB5B-4D94-B3E5-7ABD09093595}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1523912C-0628-4343-8387-8CEBE4DC1B65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{43DF98D4-2176-41AB-8B43-D7935607683C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9EB7ECE-84B3-4049-A459-9967E4B3EF61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2A40C1DF-C436-4C41-9726-82CB57CB4EE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{08A7D3E1-7278-407E-AA08-3D82B66972F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{59D9FB5B-4B12-44F0-982D-0148D8FE2EBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{55124EDF-365E-4FE6-BFC0-E731D38992DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\ng32\Northgard.exe => No File
FirewallRules: [{5F408B40-9DFA-4BC5-BD8A-7AEB411147FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\ng32\Northgard.exe => No File
FirewallRules: [{562573D7-B452-4D5F-84B2-AE24A8599318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{E4A9C450-3B78-4262-8693-5EA096CFD5AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{042B9AB1-EDED-4DB9-9C89-B276886AEE02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{AF625E7E-82DE-4422-BA85-4985BB80E616}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{FB153E33-1C31-49C6-9AF1-1D091CF7E6EF}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{80147463-90DA-4CAB-8950-FE3B45F5C0F4}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{54D81AB6-D0CE-4886-A4F4-F7B5807C6C96}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{97603917-8B7F-4B91-937E-4774B29C2AB2}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{F9E3C7C7-99E5-4135-9620-429EE6B678FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7308E171-1CCA-4EBA-A209-29587203B3BB}C:\users\jennifer\appdata\local\bluejeans\current\bluejeans.exe] => (Block) C:\users\jennifer\appdata\local\bluejeans\current\bluejeans.exe => No File
FirewallRules: [UDP Query User{47BE1A7D-7BFF-4D39-B938-65C01C485621}C:\users\jennifer\appdata\local\bluejeans\current\bluejeans.exe] => (Block) C:\users\jennifer\appdata\local\bluejeans\current\bluejeans.exe => No File
FirewallRules: [{40E328E2-FB62-4BEB-814A-640FF117913A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0400CF42-641A-4DEB-AABE-EED5BEB8E9D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8D1C1A75-A0BE-41D6-9802-5B56CFEA5E25}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A19B5A19-BBB8-4CA7-B05F-F45FAEC859B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D659A52-ACB3-41E4-9EF4-7354B41957DF}] => (Allow) C:\Program Files\WindowsApps\91750D7E.Slack_4.12.2.0_x64__8she8kybcnzg4\app\Slack.exe (Slack Technologies, Inc. -> Slack Technologies Inc.)
FirewallRules: [{C2298127-296B-4D27-BFDF-37126424DD18}] => (Allow) C:\Program Files\WindowsApps\91750D7E.Slack_4.12.2.0_x64__8she8kybcnzg4\app\Slack.exe (Slack Technologies, Inc. -> Slack Technologies Inc.)
FirewallRules: [{9AEEA3D5-3A1E-40EE-9FEC-51831E9249B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Tenants\The Tenants.exe () [File not signed]
FirewallRules: [{5F44DCD8-0649-4DB8-B9C9-505736B01354}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Tenants\The Tenants.exe () [File not signed]
FirewallRules: [{CCBB9D08-9D30-4AD4-8F3F-6A340D65D8D3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4B92DDC-FCDE-4861-A602-9C7037DBDC08}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
09-04-2021 17:37:39 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: System Firmware
Description: System Firmware
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: HP Inc.
Service: 
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/14/2021 07:11:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.944, time stamp: 0x60660637
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0xb2d8
Faulting application start time: 0x01d7318167ce8385
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: b4ff810e-5d64-456c-98e7-61b3365b4e3f
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/14/2021 03:17:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 89.0.4389.128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 47a4
Start Time: 01d73149e683f891
Termination Time: 23
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Report Id: 35c74543-da84-4789-ba54-9cabc8171838
Faulting package full name: 
Faulting package-relative application ID: 
Hang type: Cross-thread
Error: (04/14/2021 12:18:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 89.0.4389.128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: b634
Start Time: 01d7312b851110ba
Termination Time: 16
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Report Id: fc579321-b30b-4c70-8a30-fe4f0e51aeec
Faulting package full name: 
Faulting package-relative application ID: 
Hang type: Cross-thread
Error: (04/14/2021 08:34:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
Operation:
   Executing Asynchronous Operation
   Current State: DoSnapshotSet
Error: (04/06/2021 02:08:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 89.0.4389.114 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1b38
Start Time: 01d72a70997e8f02
Termination Time: 15
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Report Id: c6365e6e-3288-47f9-ae5e-38c3f6a6534e
Faulting package full name: 
Faulting package-relative application ID: 
Hang type: Cross-thread
Error: (03/24/2021 08:09:37 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (8144,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Jennifer\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (03/24/2021 08:09:37 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8144,R,98) WebCacheLocal: An attempt to open the file “C:\Users\Jennifer\AppData\Local\Microsoft\Windows\WebCache\V01.log” for read / write access failed with system error 32 (0x00000020): “The process cannot access the file because it is being used by another process. “.  The open file operation will fail with error -1032 (0xfffffbf8).
Error: (03/23/2021 08:20:30 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (13508,R,98) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Jennifer\AppData\Local\Microsoft\Windows\WebCache\V01.log.
System errors:
=============
Error: (04/13/2021 09:30:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
Error: (04/13/2021 09:30:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (04/01/2021 09:47:07 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (03/30/2021 09:05:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Compaq Dfw service failed to start due to the following error: 
The system cannot find the file specified.
Error: (03/30/2021 09:05:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpvision service failed to start due to the following error: 
The system cannot find the file specified.
Error: (03/30/2021 09:03:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Compaq Dfw service failed to start due to the following error: 
The system cannot find the file specified.
Error: (03/30/2021 09:03:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpvision service failed to start due to the following error: 
The system cannot find the file specified.
Error: (03/28/2021 05:34:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
Windows Defender:
================
Date: 2021-04-14 19:37:56
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-14 18:55:15
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2021-03-04 08:28:21
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-03-03 09:47:52
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-03-02 12:08:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2021-04-14 18:43:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-04-14 08:31:57
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
Date: 2021-04-14 08:28:48
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.
==================== Memory info =========================== 
BIOS: Insyde F.19 07/05/2019
Motherboard: HP 84C1
Processor: Intel® Core™ i7-8565U CPU @ 1.80GHz
Percentage of memory in use: 76%
Total physical RAM: 12175.3 MB
Available physical RAM: 2893.9 MB
Total Virtual: 17846.53 MB
Available Virtual: 3837.11 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.33 GB) (Free:786.7 GB) NTFS
\\?\Volume{9a4b8ea9-6582-4baa-85bd-ef0912b52bff}\ () (Fixed) (Total:0.9 GB) (Free:0.08 GB) NTFS
\\?\Volume{1175a1c4-5de4-42ae-8601-40ad05429bfb}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DF36B658)
Partition: GPT.
==================== End of Addition.txt =======================

Attached Files

Source of this news: https://www.bleepingcomputer.com/forums/t/748893/keep-getting-redirected-to-security-checks-recaptcha-and-chrome-errors/

Related posts:

Install Code-Server for VS code on Ubuntu 22.04 or 20.04 LTS - H2S Media
Code Server is an open-source project to program on VS Code but using a web browser. Here we learn the command to install Code Server on Ubuntu 22.04 Jammy JellyFish or 20.04 Focal Fossa. VS Code...
HTTP vs SOCKS Proxies: The Main Differences - Business MattersBusiness Matters
@media screen and (min-width: 1201px) { .tjimr60eb17d9d25c5 { display: none; } } @media screen and (min-width: 993px) and (max-width: 1200px) { .tjimr60eb17d9d25c5 { display: none; } } @media screen...
LRRC8A-containing chloride channel is crucial for cell volume recovery and survival under hypertonic...
The regulation of cell volume is essential for organism homeostasis (1). Cell swelling or shrinkage following osmotic stress exerts profound alterations of the cellular status (2), from short-term ch...
Unpatched RainLoop Webmail Enables Theft of Emails - GovInfoSecurity.com
Email Security & Protection , Fraud Management & Cybercrime , Incident & Breach Response Researchers Have Identified a Cross-Site Scripting Vulnerability Prajeet Nair (@prajeetspeaks) ...
Review: Group-IB Fraud Hunting Platform - Help Net Security - Help Net Security
Today’s Internet is a hectic place. A lot of different web technologies and services are “glued together” and help users shop online, watch the newest movies, or stream the newest hits while jogging....
Can be the difference between a VPN and a proxy? - TechRadar
So you are looking to add an extra layer pertaining to privacy online, and have discovered the words VPN associated with proxy being thrown around? Both allow you to browse the world anonym...
Messages view - The Daily Swig
PROFESSIONAL DOM Invader's Messages view drastically simplifies testing for DOM XSS vulnerabilities using web messages. It lets you intercept messages that are sent on the target website, view usefu...
Continue reading "What Are the Main Use Cases of Proxies?" - jim o brien
Have you ever tried accessing data on the internet only to realize that it is restricted to your location? In this case, a proxy server can be valuable. Other than unblocking content online, proxy se...
Shotcut 21.05.18 - Neowin
Shotcut is a free, open source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing...
Madero Alto Networks: Personal VPNs pose risks to associations - TechTarget
The rise in remote exercise continues to expose network security measures concerns within the enterprise establishing, and a new report by Palo Alto Networks imparts yet another risk -- applying ...
Bidirectional IP With New Info Radio - Hackaday
There are a few options should you want to network computers on groupie radio. There are WiFi hacks of sort, and of course there’s always packet radio. New Packet Car stereo , a project from [f4...
Deutsche Bank AG (DB) Q3 2021 Earnings Call Transcript - The Motley Fool
Image source: The Motley Fool. Deutsche Bank AG (NYSE:DB)Q3 2021 Earnings CallOct 27, 2021, 7:00 a.m. ETContents: Prepared Remarks Questions and Answers Call Participants Prepared Rema...
‘If I don’t do it, who’s headed to help them? ’: Maryland workforce works to ensure equity wearing C...
These efforts are given a hand to by the fact that four during the eight Vaccine Hunters — Peterson, Maisie Lynch, Kathleen Bartels, Courtney Mason, Dina Ciccone, Tanya Aguilar, Becky Taylor and ...
'Unique Attack Chain' Drops Backdoor in New Phishing Marketing and advertising - DARKReading
An unknown and likely advanced threars actor is using a novicio combination of open source tools, steganography, and a detection bypass way to attack government agencies, real estate producers, a...
ZiGate-Ethernet – An ESP32 Ethernet, WiFi, and BLE Gateway with optional Zigbee connectivity - CNX S...
Frédéric Dubois, aka fairecasoimeme, has recently released ZiGate-Ethernet, an home automation gateway based on Espressif Systems ESP32 wireless SoC with Ethernet, WiFi, and Bluetooth LE connectivity...
N-vidia deflates God of A huge PC and Half-Life regarding Remastered rumors, says leaked data was 's...
Rumors of a Half-Life second remaster and a God relating to War PC port moving spreading on Monday wedding and reception contents of an Nvidia applications leaked. Don't get too restless, though:...
Correcting volume message on initial and its taking more tham 12 hours - Windows $20 Support - Bleep...
Hi folks, Need all of your current help on this situation. Model: Dell 15 inspiron 5547 (2015) Panes 10 Intel i7 8gb RAM 1TB HDD (not ssd) Last week after the sacrifice of fowl.|leaving the...
2022-04-28 | NYSE:TWTR | Press Release | Twitter Inc. - Stockhouse
SAN FRANCISCO, April 28, 2022 /PRNewswire/ -- Twitter, Inc. (NYSE: TWTR) today announced financial results for its first quarter 2022. First Quarter 2022 Operational and Financial Highlights Except ...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30