My first post was a failure, so I'll try again.
I do not want icotonev to "help" to me again.
My system is repeatedly haunted by several infections, causing it to creep to a crawl. Interestingly Google usually appears rather normally, but most other sites take 5 seconds or more to show up after clicking their links.
I keep Malwarebytes ontime detection running, and frequently I do housekeeping first running SFC, then CCleaner, Windows Update, check for unintentional installations viewing Startup in Task Manager and Revo, and then run Rkill, Farbar, tdsskiller, Hitman Pro, and mBam.
Each time Farbar and Malwarbytes find wtime.cmd, wlocal.cmd, powershell, cpuz149, gntuud, AI.DDS, icsys.icn.exe, mrsys.exe, and system/explorer, so I successfully quarantine and eliminate as appropriate. My computer speeds up for just a short time then drags down again, and all infections reappear.
Thank you in advance if you can help my solve this!
David
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by David (administrator) on DAIVDDD (Hewlett-Packard HPE-590t) (25-04-2024 03:43:13)
Running from c:\Users\David\Backups\Farbar\frst64.exe
Loaded Profiles: David
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Malwarebytes\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Malwarebytes.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) () [File not signed] C:\Program Files (x86)\AX\AX.exe
(explorer.exe ->) () [File not signed] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(explorer.exe ->) (Binary Fortress Software Ltd. -> Binary Fortress Software) C:\Program Files (x86)\TrayStatus\TrayStatus.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(explorer.exe ->) (Matthew Malensek) [File not signed] C:\Program Files (x86)\3RVX\3RVX.exe
(explorer.exe ->) (Miranda NG team) [File not signed] C:\Program Files\Miranda NG\Miranda64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (Sindre Sorhus) [File not signed] C:\Users\David\AppData\Local\Programs\caprine\Caprine.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.14332.20685\OfficeClickToRun.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(services.exe ->) () [File not signed] C:\Program Files\Atomic Alarm Clock\timeserv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe <2>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Oracle America, Inc. -> ) C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.Windows Repair\WR_Tray_Icon.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19572528 2021-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-04-12] (Adobe Inc. -> )
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Windows\explorer.exe, c:\windows\system\explorer.exe <=== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (No File)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (No File)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation) [File not signed]
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [TrayStatus] => C:\Program Files (x86)\TrayStatus\TrayStatus.exe [2700304 2015-11-04] (Binary Fortress Software Ltd. -> Binary Fortress Software)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [8537040 2022-02-02] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [5321728 2016-08-16] () [File not signed]
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Policies\Explorer: [DisableThumbnails] 0
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Policies\Explorer: [TaskbarNoThumbnail] 1
HKLM\...\Windows x64\Print Processors\Canon iP7200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBA.DLL [30208 2012-04-16] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\Canon TS700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFD.DLL [529408 2020-06-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2022-11-14] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP7200 series: CNMLMBA.DLL (No File)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS700 series: C:\WINDOWS\system32\CNMLMFD.DLL [956928 2020-06-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\124.0.6367.78\Installer\chrmstp.exe [2024-04-24] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.55\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
IFEO\MicrosoftEdge.exe: [Debugger] C:\WINDOWS\System32\systray.exe
IFEO\msedge.exe: [Debugger] C:\WINDOWS\System32\systray.exe
Lsa: [Notification Packages]
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3RVX.lnk [2022-12-11]
ShortcutTarget: 3RVX.lnk -> C:\Program Files (x86)\3RVX\3RVX.exe (Matthew Malensek) [File not signed]
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AquaSnap.lnk [2022-12-12]
ShortcutTarget: AquaSnap.lnk -> C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.exe (No File)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Atomic Alarm Clock.lnk [2023-12-19]
ShortcutTarget: Atomic Alarm Clock.lnk -> C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe () [File not signed]
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AX.lnk [2023-11-22]
ShortcutTarget: AX.lnk -> C:\Program Files (x86)\AX\AX.exe () [File not signed]
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caprine 2.55.4.lnk [2023-01-24]
ShortcutTarget: Caprine 2.55.4.lnk -> C:\Users\David\Backups\Caprine\Caprine 2.55.4.vbs () [File not signed]
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda NG x64.lnk [2022-12-23]
ShortcutTarget: Miranda NG x64.lnk -> C:\Program Files\Miranda NG\Miranda64.exe (Miranda NG team) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk [2023-04-10]
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation) [File not signed]
GroupPolicy: Restriction - Edge <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {E7FE21DA-87DC-4D11-A65F-CC9E716FD9A5} - System32\Tasks\{D9329B93-8369-4C6A-BE78-2B097502B6BE} => C:\Windows\System32\pcalua.exe [53760 2023-11-22] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\David\Downloads\Revo Uninstaller Pro 5.0.7 Multilingual\RevoUninProSetup.exe" -d "C:\Users\David\Downloads\Revo Uninstaller Pro 5.0.7 Multilingual"
Task: {190AD4EA-480F-493B-B6B0-9E6E490C91EB} - System32\Tasks\{EB7841EA-FAAD-4BDA-BF20-87366F249309} => C:\Windows\System32\pcalua.exe [53760 2023-11-22] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\David\Downloads\magicdisc-2.7.106-installer_vVq-vd1.exe -d C:\Users\David\Downloads
Task: {D44BE560-DDE2-458A-90DE-5E0A154BD2A8} - System32\Tasks\Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (No File)
Task: {F7B99778-D9AD-44FF-8348-C62455E74B8E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (No File)
Task: {93C3487E-2170-48F0-89C6-945856C7D483} - System32\Tasks\Christmas Task (One-Time) => "C:\Program Files (x86)\Driver Booster\10.1.0\xmas.exe" -> C:\Program Files (x86)\Driver Booster\10.1.0\\/xr
Task: {42CCF440-8A5D-4D99-A52B-364025735943} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5656192 2024-04-21] (Microsoft Windows -> Microsoft Corporation)
Task: {EDEB406E-50B8-4AB8-AD23-01B5419253E9} - System32\Tasks\GoogleUpdateTaskMachineCore{9B774B54-BD57-42F9-A074-ED483F914C36} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-02] (Google LLC -> Google LLC)
Task: {148BD420-831B-4463-B5D0-21D51314F625} - System32\Tasks\GoogleUpdateTaskMachineUA{B3ED4877-4488-4829-BC2A-B9BF75B49A89} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-02] (Google LLC -> Google LLC)
Task: {2CC11EDC-A805-4FE3-9178-E18A4EFA5D5D} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3042316109-2743702496-2181490592-1000 => C:\Users\David\AppData\Local\Programs\Messenger\MessengerHelper.exe --lassie (No File)
Task: {2C1DBED1-D7F1-4C06-B7F2-7D485546260B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141384 2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7C54871-DC9F-4367-8E76-F77A097B7A6B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141384 2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {313FAC0D-D3D6-495F-9A7B-385578D533D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880 (No File)
Task: {ED363B64-6AF0-41F1-90B0-FBB5BF28ACDC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload (No File)
Task: {16744137-3A1A-490B-AF19-47A957C373A5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1D8E0697-439D-4BF4-A653-C047B4252157} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {F39B4B15-6281-47BD-A20E-A0274C19A7B2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C9FD0FB9-ABFC-4B87-B33D-A71A71F59970} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {54CC580C-37E3-4890-AD53-D23AEACCB070} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {C6527F69-548F-4A6D-BFCD-8FC30AF0DBE6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {9EDFEC13-37B0-4E5B-8B60-F3C8FC052A7C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {F540ABBC-CB1F-479E-89B5-22CA3F42376E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {AD6860A4-EA3A-4671-B791-CF8A3051FE3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {4F20BC2A-2729-4966-9EFF-029EFB297611} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {15BD6BA2-E15C-4913-BA1E-47AEA968E9E5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5DC230A3-60DF-46B4-B43C-880E73067223} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {3F0F5ED7-2052-44CE-956E-66FB42D0A5E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {074BDD1D-B2E7-4CF6-B7D1-F98F5331FF74} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {E14C49CF-B4F7-482D-86A3-7AE334987738} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {1E5E24ED-36D5-451D-A2EB-D275AE85FFEC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {03FB8671-D132-4B13-BB9C-FF6AF1A3E369} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {921F8F4C-199A-404E-8B0E-813EDEB0C508} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {AE46B4BC-2E1A-40D5-8915-C3F6219F6FA9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {C5BE1BB2-AA88-4F05-9576-F4BA0C4B2E25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {063DA904-2341-48A0-9532-15C1495E237F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {7411F577-18C0-467A-929F-43CADCE243F6} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {69E74DF2-FE06-4508-817B-023FE9B199AE} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {C6CA5C85-0403-49EF-823F-E5C57EAF612A} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DDF99BA8-A39A-488E-B468-A5E5C815667C} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {3072A1DF-191B-4E7D-9CDE-82B7D6A164C8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9517D107-CA8D-4158-8318-9DA8F69D2E97} - System32\Tasks\MySQL\Installer\ManifestUpdate => ""
Task: {8673DB21-D075-4BE7-B8B7-684BB75644DB} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [773120 2014-09-03] (Oracle Corporation) [File not signed]
Task: {BDADF474-49F2-4452-B405-C28D673F13B4} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.Windows Repair\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2124D53A-A1DB-4939-A7FB-15337D15B424}: [DhcpNameServer] 10.132.1.2 187.253.45.10
Tcpip\..\Interfaces\{8ECCC20D-51E1-4072-BA65-97DD33D31C4E}: [DhcpNameServer] 192.168.1.254
Edge:
=======
Edge Profile: C:\Users\David\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-23]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2024-04-25]
CHR Notifications: Default -> hxxps://www.locanto.com
CHR HomePage: Default -> hxxps://www.google.com/ncr
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-04-23]
CHR Extension: (Stylus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2024-04-23]
CHR Extension: (Adblock for Youtube™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2024-04-24]
CHR Extension: (Mailto: for Gmail™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2024-04-23]
CHR Extension: (AdBlock on YouTube™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\emngkmlligggbbiioginlkphcmffbncb [2024-04-23]
CHR Extension: (Get Favicon) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpipahagclehninhhjkhbkliinfofnhe [2024-04-23]
CHR Extension: (New Tab Redirect) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2024-04-23]
CHR Extension: (Favicon Changer) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo [2024-04-23]
CHR Extension: (Emoji Keyboard by JoyPixels®) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdjnhgkpapgippgcgkfcbpdpcgifncb [2024-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-23]
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 5 [2024-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-23]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9202360 2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\MBAMService.exe [8884840 2024-04-22] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\MBVpnTunnelService.exe [3073888 2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [14842600 2021-01-05] (Oracle America, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2022-12-15] (Alcorlink Corp. -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_bgp64; C:\Program Files\BlueStacks_bgp64\BstkDrv_bgp64.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [120416 2019-06-20] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [84128 2024-04-24] (Microsoft Windows Hardware Compatibility Publisher -> EnigmaSoft Limited)
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
S0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\System32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R3 HCW723x; C:\WINDOWS\system32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Hauppauge Computer Works, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [40976 2024-03-27] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2020-08-17] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [201280 2024-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-04-25] (Malwarebytes Inc. -> Malwarebytes)
R3 nusb3hub; C:\WINDOWS\System32\drivers\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [213088 2019-06-20] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20936 2024-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601376 2024-04-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-21] (Microsoft Windows -> Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2013-05-30] (Wondershare Software Co., Ltd. -> Wondershare)
R3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2013-05-30] (Wondershare Software Co., Ltd. -> Wondershare)
U4 aspnet_state; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-25 03:32 - 2024-04-25 03:32 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-04-25 03:06 - 2024-04-25 03:06 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-04-25 03:06 - 2024-04-25 03:06 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-04-25 03:06 - 2024-04-25 03:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-04-25 03:06 - 2024-04-25 03:06 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-25 03:01 - 2024-04-25 03:01 - 000000000 ____D C:\Program Files\Microsoft Office 15
2024-04-25 02:48 - 2024-04-25 02:48 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2024-04-25 02:33 - 2024-04-25 02:33 - 000000000 ____D C:\Users\David\AppData\Roaming\Techsmith
2024-04-25 02:33 - 2024-04-25 02:33 - 000000000 ____D C:\Users\David\AppData\Local\TechSmith
2024-04-25 01:29 - 2024-04-25 01:31 - 000000000 ___HD C:\$WINDOWS.~BT
2024-04-24 22:38 - 2024-04-24 22:41 - 000000108 _____ C:\Users\David\Desktop\pin.reg
2024-04-24 09:34 - 2024-04-24 09:34 - 000000000 ____D C:\Program Files\EnigmaSoft
2024-04-24 03:11 - 2024-04-24 03:11 - 002394112 ___SH (Farbar) C:\Users\David\Desktop\frst64.exe
2024-04-23 15:11 - 2024-04-23 15:11 - 000000000 ____D C:\Users\David\AppData\Local\UXP
2024-04-23 11:06 - 2024-04-24 18:12 - 000002292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-21 23:17 - 2024-04-23 01:31 - 000000014 _____ C:\ProgramData\krosqm.txt
2024-04-21 22:38 - 2024-04-25 03:26 - 000000000 ____D C:\Users\David\AppData\Local\Malwarebytes
2024-04-21 22:38 - 2024-04-21 22:38 - 000001949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-04-21 22:36 - 2024-04-23 10:39 - 000000000 ____D C:\Program Files\Malwarebytes
2024-04-21 22:36 - 2024-04-21 22:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-21 22:09 - 2023-03-29 04:40 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\Windows Driver Foundаtion (WDF).exe
2024-04-21 22:09 - 2009-01-03 03:49 - 628926976 ___SH C:\WINDOWS\Windows Driver Foundation (WUD).exe
2024-04-21 22:09 - 2008-10-17 08:53 - 000005120 ___SH () C:\WINDOWS\wudf.exe
2024-04-21 22:09 - 2007-08-14 22:58 - 000000115 ___SH C:\WINDOWS\wtime.cmd
2024-04-21 22:04 - 2024-04-21 22:04 - 000000000 ____D C:\Users\David\AppData\Roaming\16HD
2024-04-21 22:04 - 2024-04-21 22:04 - 000000000 ____D C:\Users\David\AppData\Local\Exodus_Movement_In
2024-04-21 22:03 - 2024-04-21 22:03 - 000000000 __SHD C:\Users\David\AppData\Local\GoogleDrive
2024-04-21 22:01 - 2024-04-21 22:01 - 000000000 __SHD C:\ProgramData\tl
2024-04-21 22:00 - 2024-04-21 22:00 - 000000000 ____D C:\Program Files (x86)\7-Zip
2024-04-21 16:41 - 2024-04-21 16:41 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-21 16:39 - 2024-04-21 16:39 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-21 16:03 - 2024-04-21 16:03 - 000000000 ___HD C:\$WinREAgent
2024-03-26 08:55 - 2024-03-26 08:55 - 000434844 _____ C:\Users\David\Documents\ToDoPRE.xlsm
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-25 03:44 - 2023-01-22 13:16 - 000000000 ____D C:\FRST
2024-04-25 03:43 - 2023-08-06 12:18 - 000000000 ____D C:\Users\David\AppData\Roaming\Caprine
2024-04-25 03:43 - 2022-12-02 03:58 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-25 03:35 - 2023-01-29 18:56 - 000000000 ____D C:\Users\David\AppData\LocalLow\IGDump
2024-04-25 03:33 - 2022-12-02 03:11 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-25 03:33 - 2022-09-07 20:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-25 03:31 - 2023-11-01 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-25 03:31 - 2023-04-12 13:21 - 000000000 ____D C:\Program Files\Adobe
2024-04-25 03:31 - 2023-01-15 16:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-25 03:31 - 2022-12-09 03:35 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-25 03:31 - 2022-12-03 08:58 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-25 03:31 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-04-25 03:30 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-25 03:08 - 2023-01-15 15:43 - 000000000 ___RD C:\Users\David
2024-04-25 03:06 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-25 02:55 - 2023-09-28 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2024-04-25 02:55 - 2023-09-28 17:50 - 000000000 ____D C:\Program Files\Oracle
2024-04-25 02:55 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-25 02:54 - 2022-12-09 03:55 - 000000000 ____D C:\Users\David\AppData\Local\Packages
2024-04-25 02:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-25 02:52 - 2023-01-14 14:47 - 000000432 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2024-04-25 02:48 - 2022-12-12 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AquaSnap
2024-04-25 02:48 - 2022-12-11 15:19 - 000000000 ____D C:\Program Files (x86)\AquaSnap
2024-04-25 02:38 - 2022-12-02 07:12 - 000000416 _____ C:\WINDOWS\SysWOW64\AbBakConfig.dat
2024-04-25 02:36 - 2022-12-22 18:52 - 000000000 ____D C:\Users\David\AppData\Roaming\BitTorrent
2024-04-25 02:34 - 2022-12-02 21:20 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-25 02:33 - 2022-12-06 13:13 - 000000000 ____D C:\ProgramData\ABBYY
2024-04-25 02:20 - 2023-01-16 14:25 - 000000000 ____D C:\Program Files (x86)\AOMEI
2024-04-25 02:19 - 2022-12-02 06:39 - 000000000 ____D C:\Users\David\AppData\Roaming\Adobe
2024-04-25 02:07 - 2023-01-29 11:01 - 000000000 ____D C:\ProgramData\HP
2024-04-25 02:06 - 2023-04-12 13:22 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-04-25 02:06 - 2023-04-12 13:19 - 000000000 ____D C:\ProgramData\Adobe
2024-04-25 02:02 - 2022-12-06 13:13 - 000000000 ____D C:\Users\David\AppData\Local\ABBYY
2024-04-25 01:58 - 2022-12-02 21:42 - 000000000 ____D C:\Program Files\7-Zip
2024-04-25 01:56 - 2024-01-23 01:07 - 000437042 _____ C:\Users\David\Documents\ToDo.xlsm
2024-04-25 01:54 - 2022-12-09 03:56 - 000000000 ____D C:\ProgramData\Packages
2024-04-25 01:39 - 2023-01-15 16:35 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2024-04-25 01:39 - 2023-01-15 16:35 - 000001908 _____ C:\WINDOWS\diagerr.xml
2024-04-25 01:38 - 2023-01-17 10:00 - 000000000 ____D C:\WINDOWS\Panther
2024-04-25 01:35 - 2023-01-15 16:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-25 01:15 - 2022-12-24 18:50 - 000000000 ____D C:\Users\David\AppData\Roaming\Notepad++
2024-04-24 22:50 - 2024-03-17 17:59 - 000000000 ____D C:\Users\David\Fitness
2024-04-24 21:05 - 2022-12-02 04:16 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Excel
2024-04-24 13:42 - 2022-12-04 09:24 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Word
2024-04-24 11:27 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-24 10:54 - 2022-12-02 03:24 - 000000000 ___RD C:\Users\David\Backups
2024-04-24 03:46 - 2023-11-22 15:07 - 000000000 ____D C:\WINDOWS\System
2024-04-23 15:56 - 2022-12-02 13:37 - 000000000 ____D C:\Program Files (x86)\Canon
2024-04-23 15:11 - 2023-04-12 13:19 - 000000000 ____D C:\Users\David\AppData\Local\Adobe
2024-04-23 15:01 - 2022-12-02 03:41 - 000000000 ____D C:\Users\David\Documents\Adobe
2024-04-23 14:55 - 2022-12-09 22:34 - 000000000 ____D C:\Users\David\AppData\Local\D3DSCache
2024-04-23 11:43 - 2023-01-14 14:46 - 000000000 ____D C:\ProgramData\AomeiBR
2024-04-23 11:42 - 2023-01-14 14:49 - 000001024 ____H C:\SYSTAG.BIN
2024-04-23 11:06 - 2022-12-02 03:13 - 000000000 __SHD C:\Users\David\AppData\Local\Google
2024-04-23 11:05 - 2023-01-15 16:36 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{B3ED4877-4488-4829-BC2A-B9BF75B49A89}
2024-04-23 11:05 - 2023-01-15 16:36 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{9B774B54-BD57-42F9-A074-ED483F914C36}
2024-04-23 08:59 - 2023-01-14 00:28 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2024-04-22 06:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-21 23:29 - 2022-12-09 03:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-21 22:54 - 2022-12-02 03:41 - 000000000 ___RD C:\Users\David\Security
2024-04-21 22:37 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-04-21 22:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Resources
2024-04-21 17:26 - 2022-12-02 07:06 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2024-04-21 17:18 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-21 17:02 - 2023-01-15 16:30 - 000910084 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-21 16:55 - 2023-01-15 16:14 - 000438160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-21 16:51 - 2023-12-16 11:37 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-21 16:50 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-04-21 16:50 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-21 16:49 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-21 16:40 - 2022-11-09 13:15 - 000416842 __RSH C:\bootmgr
2024-04-21 16:39 - 2023-01-15 16:18 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-21 16:01 - 2023-01-17 12:25 - 000000000 ____D C:\Program Files\dotnet
2024-04-21 16:00 - 2022-12-02 06:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-21 15:55 - 2022-12-04 09:58 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-21 14:33 - 2023-01-17 11:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2024-03-28 08:24 - 2023-01-27 19:21 - 000000000 ___RD C:\Users\David\Explorer
2024-03-27 19:09 - 2023-01-14 00:25 - 000000000 ____D C:\Users\David\AppData\Temp
2024-03-27 19:09 - 2022-12-02 23:24 - 000000000 __SHD C:\ProgramData\WlndowsDefenderTooI
2024-03-27 16:42 - 2022-12-03 00:11 - 000000396 _____ C:\WINDOWS\system32\.crusader
2024-03-27 15:31 - 2024-03-25 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS DriverHandy
2024-03-27 05:21 - 2022-12-09 08:56 - 000000000 ____D C:\Users\David\AppData\Local\PlaceholderTileLogoFolder
2024-03-26 21:25 - 2022-12-02 03:43 - 000000000 ____D C:\Users\David\Documents\Recipes
==================== Files in the root of some directories ========
2022-12-02 14:05 - 2023-12-13 16:33 - 000000202 _____ () C:\Users\David\AppData\Roaming\AX.settings
2023-01-14 01:47 - 2023-01-14 01:47 - 000000039 _____ () C:\Users\David\AppData\Roaming\epm_user.ini
2022-12-07 02:27 - 2023-02-12 09:58 - 000000615 _____ () C:\Users\David\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by David (25-04-2024 03:45:53)
Running from c:\Users\David\Backups\Farbar
Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) (2023-01-15 23:37:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3042316109-2743702496-2181490592-500 - Administrator - Disabled)
David (S-1-5-21-3042316109-2743702496-2181490592-1000 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-3042316109-2743702496-2181490592-503 - Limited - Disabled)
Guest (S-1-5-21-3042316109-2743702496-2181490592-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3042316109-2743702496-2181490592-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3042316109-2743702496-2181490592-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3RVX (HKLM-x32\...\{400A8514-5440-410A-B318-44061BD7EE8E}) (Version: 2.9.2.0 - Matthew Malensek)
5.0 (HKLM-x32\...\{9FAB5EAB-5D79-499C-864D-858CBD1E4AB6}_is1) (Version: - Peter Fox)
7-Zip 22.01 (HKLM-x32\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apache HTTP Server 2.2.25 (HKLM-x32\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.25 - Apache Software Foundation)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Atomic Alarm Clock 6.3 beta (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company)
Belarc Advisor 11.1 (HKLM-x32\...\Belarc Advisor) (Version: 11.1.0.0 - Belarc, Inc.)
Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.5 build 50 - Convivea Inc.)
BlueStacks (64-bit) (HKLM\...\BlueStacks_bgp64) (Version: 4.280.4.4002 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.15.1.52 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon TS700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS700_series) (Version: - Canon Inc.)
Caprine 2.55.4 (HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\b6c4192c-4ca1-5b79-a36d-5069848f8197) (Version: 2.55.4 - Sindre Sorhus)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 5.2.0.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.78 - Google LLC)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Malwarebytes version 5.1.2.109 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.2.109 - Malwarebytes)
Microsoft .NET Host - 6.0.29 (x64) (HKLM\...\{E7C485FB-3329-43E3-965B-3DE4B863E1D9}) (Version: 48.116.12053 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.29 (x64) (HKLM\...\{724B2734-4B1A-46E2-9333-6D3B83351D02}) (Version: 48.116.12053 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.29 (x64) (HKLM\...\{014E0350-0B29-483B-9252-8780DEBA0856}) (Version: 48.116.12053 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Excel MUI (English) 2016 (HKLM\...\{90160000-0016-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusVolume - en-us) (Version: 16.0.14332.20685 - Microsoft Corporation)
Microsoft Office Shared 32-bit MUI (English) 2016 (HKLM\...\{90160000-00C1-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2016 (HKLM\...\{90160000-006E-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2016 (HKLM\...\{90160000-001A-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2016 (HKLM\...\{90160000-0018-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Security Client (HKLM\...\{2AA3C13E-0531-41B8-AE48-AE28C940A809}) (Version: 4.10.0209.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.32919 (HKLM-x32\...\{68c77bab-8435-4d15-ae03-fd4f6e158317}) (Version: 14.38.32919.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.32919 (HKLM-x32\...\{5F0295FE-3DAA-4C04-94A6-2AFC6D739D34}) (Version: 14.38.32919 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.32919 (HKLM-x32\...\{2F7F071D-83D0-4994-8237-7B0579452FD4}) (Version: 14.38.32919 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.29 (x64) (HKLM\...\{A0DA3EDD-9C41-491F-A77E-5F90AFDB64B2}) (Version: 48.116.12057 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.29 (x64) (HKLM-x32\...\{54679abd-8ed9-4bd3-8400-7684dd7c6f03}) (Version: 6.0.29.33521 - Microsoft Corporation)
Microsoft Word MUI (English) 2016 (HKLM\...\{90160000-001B-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Miranda NG (HKLM-x32\...\Miranda NG_is1) (Version: 0.96.1 - Miranda NG team)
MySQL Connector C++ 8.0 (HKLM\...\{BEE35F1E-6750-452B-AB29-8D2337119A6C}) (Version: 8.0.32 - Oracle Corporation)
MySQL Connector J (HKLM-x32\...\{8A9B23F6-9C1D-4DB2-8254-EAB70EF4325B}) (Version: 5.1.36 - Oracle Corporation)
MySQL Connector NET 8.0.32 (HKLM-x32\...\{F7D3A87C-7CA0-4B79-A5FF-97BF3E18710B}) (Version: 8.0.32 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version: 6.1.6 - Oracle Corporation)
MySQL Connector/ODBC 8.0 (HKLM\...\{3BF88A07-3688-450A-87B2-C7C26AF51FC9}) (Version: 8.0.32 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{919DC950-1D2C-4D82-96D6-3615135BDEB6}) (Version: 5.6.51 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{980D81BF-AF30-45B4-9647-006D327B92E3}) (Version: 5.6.51 - Oracle Corporation)
MySQL Fabric 1.5.4 & MySQL Utilities 1.5.4 (HKLM-x32\...\{1F7D4F80-DF56-48DD-9FC5-220720F7517C}) (Version: 1.5.4 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{5848D524-F8CF-4A46-A3E4-B9BDB979A0FE}) (Version: 1.4.8.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle)
MySQL Server 5.6 (HKLM\...\{E4B936B1-9A24-4C70-9DB8-2E6A94FAD288}) (Version: 5.6.51 - Oracle Corporation)
MySQL Workbench 8.0 CE (HKLM\...\{5345D70A-6E66-4AF7-9A18-547E97DD538C}) (Version: 8.0.32 - Oracle Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6.2 - Notepad++ Team)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20685 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20685 - Microsoft Corporation) Hidden
PHP 5.3.9 (HKLM-x32\...\{95505508-5E3F-40D6-A1EA-008C75886E21}) (Version: 5.3.9 - The PHP Group)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 240315 - Kakao Corp.)
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.1 - Canon Inc.)
PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM-x32\...\{345E25C8-EC20-45D5-A088-C5891FC603D4}) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM-x32\...\{B622A8BB-C77B-4F03-B512-8B70A6760BD9}) (Version: 1.0.17.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (64 bit) (HKLM\...\{72383075-FF31-4B87-BD94-8CFC347A1C19}) (Version: 1.0.17.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.7.0.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.7.0.0 - Ardfry Imaging, LLC)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)
TrayStatus 2.0 (HKLM-x32\...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 2.0.0.0 - Binary Fortress Software)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.13.1 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 1.55.0.0 - Winaero)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-08-31] (Adobe Systems Incorporated)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1300.477.0_x64__8wekyb3d8bbwe [2024-04-24] (Microsoft Corporation)
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corporation)
MP3Skull Free Mp3 Music Downloader -> C:\Program Files\WindowsApps\64932DatLeThanh.MP3SkullFreeMp3MusicDownloader_2.0.7.0_x64__yzq4m1tm1yc56 [2024-03-27] (Dat Le Thanh)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-08-31] (Microsoft Corporation)
SMS Verification - Temporary PhoneNumber -> C:\Program Files\WindowsApps\14184MeetmeXMTechnologyCo.SMSVerification-Temporar_1.0.0.0_x64__8712n5bmjvf8t [2023-12-28] (MeetmeXM Technology Co., Ltd)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2414.8.0_x64__cv1g1gvanyjgm [2024-04-24] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\contextMenu\NppShell.dll [2024-01-13] (Notepad++ -> Bjarke I. Pedersen [email protected])
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\mbshlext.dll [2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\mbshlext.dll [2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers2_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => -> No File
ContextMenuHandlers4_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => -> No File
ContextMenuHandlers5_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => -> No File
ContextMenuHandlers6_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\David\Security\CHKDSK results.lnk -> C:\Users\David\Backups\BAT files\CHKDSK_WININIT_Results.bat ()
Shortcut: C:\Users\David\Security\Create CBS Log.lnk -> C:\Users\David\Backups\BAT files\CBS_Errors_TODAY.bat ()
Shortcut: C:\Users\David\Security\Run SFC.lnk -> C:\Users\David\Backups\BAT files\SFC.bat ()
Shortcut: C:\Users\David\Backups\AquaSnap\AquaSnap Restart.lnk -> C:\Users\David\Backups\AquaSnap\AquaSnap Restart.bat ()
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\David - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\buscompanerajar - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"
==================== Loaded Modules (Whitelisted) =============
2013-02-27 18:42 - 2013-02-27 18:42 - 000081983 _____ () [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\zlib1.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000097792 _____ () [File not signed] C:\Program Files (x86)\PHP\LIBPQ.dll
2023-12-18 21:58 - 2016-08-09 13:57 - 001886720 _____ () [File not signed] C:\Program Files\Atomic Alarm Clock\Clock.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000022528 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdautoaway.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000029184 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdaway.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000035328 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdcrypt.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000014336 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdemail.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000071168 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdfile.dll
2022-12-23 18:37 - 2023-03-31 12:28 - 000062976 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdpopup.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000020480 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stduihist.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000059904 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stduserinfo.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000014848 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stduseronline.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 001181696 _____ () [File not signed] C:\Program Files\Miranda NG\libs\FreeImage.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000075776 _____ () [File not signed] C:\Program Files\Miranda NG\libs\libjson.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000100352 _____ () [File not signed] C:\Program Files\Miranda NG\libs\Pcre16.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000684544 _____ () [File not signed] C:\Program Files\Miranda NG\libs\sqlite3.mir
2022-12-23 18:37 - 2023-03-31 12:24 - 000101376 _____ () [File not signed] C:\Program Files\Miranda NG\libs\zlib.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000079872 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\AVS.dll
2022-12-23 18:37 - 2023-03-31 12:26 - 000479232 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Clist_modern.dll
2023-05-06 08:46 - 2023-03-31 12:26 - 000061952 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Db_autobackups.dll
2022-12-23 18:37 - 2023-03-31 12:29 - 000036352 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\DbChecker.dll
2022-12-23 18:37 - 2023-03-31 12:28 - 000044032 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Dbx_sqlite.dll
2022-12-23 18:37 - 2023-03-31 12:29 - 000070656 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Facebook.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000096256 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Import.dll
2022-12-23 18:37 - 2023-03-31 12:27 - 000087552 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\PluginUpdater.dll
2022-12-23 18:37 - 2023-03-31 12:27 - 000014336 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Restart.dll
2022-12-23 18:37 - 2023-03-31 12:26 - 000053248 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\SeenPlugin.dll
2023-03-13 14:44 - 2023-03-31 12:26 - 000104448 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\SmileyAdd.dll
2022-12-23 18:37 - 2023-03-31 12:27 - 000020480 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\StartPosition.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000495616 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\TabSRMM.dll
2022-12-23 18:37 - 2023-03-31 12:26 - 000051712 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\TopToolBar.dll
2024-03-16 16:05 - 2022-03-20 09:52 - 002812416 _____ () [File not signed] C:\Users\David\AppData\Local\Programs\caprine\ffmpeg.dll
2024-03-16 16:05 - 2022-03-20 09:52 - 000438784 _____ () [File not signed] C:\Users\David\AppData\Local\Programs\caprine\libegl.dll
2024-03-16 16:05 - 2022-03-20 09:52 - 009659392 _____ () [File not signed] C:\Users\David\AppData\Local\Programs\caprine\libglesv2.dll
2013-07-10 00:53 - 2013-07-10 00:53 - 000139347 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\libapr-1.dll
2013-07-10 00:53 - 2013-07-10 00:53 - 000036958 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\libapriconv-1.dll
2013-07-10 00:53 - 2013-07-10 00:53 - 000208988 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\libaprutil-1.dll
2013-07-10 02:52 - 2013-07-10 02:52 - 000278600 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\libhttpd.dll
2013-07-10 02:52 - 2013-07-10 02:52 - 000024667 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_actions.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024665 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_alias.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024667 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_asis.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024666 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_auth_basic.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024669 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authn_default.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024666 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authn_file.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024669 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authz_default.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024671 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authz_groupfile.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024666 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authz_host.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024666 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authz_user.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000032864 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_autoindex.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000028762 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_cgi.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024663 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_dir.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024664 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_env.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000041051 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_include.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000032860 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_isapi.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000028766 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_log_config.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000028757 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_mime.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000036959 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_negotiation.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024669 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_setenvif.so
2022-12-02 13:36 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2022-12-02 13:36 - 2012-04-16 05:00 - 000030208 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\CNMPDBA.DLL
2024-04-23 15:27 - 2024-04-25 03:42 - 002394112 ___SH (Farbar) [File not signed] c:\users\david\backups\farbar\frst64.exe
2022-12-03 08:54 - 2010-11-21 01:33 - 000271360 ____R (Microsoft Corporation) [File not signed] C:\Windows\System32\oobe\wdscore.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000970240 _____ (Miranda NG team) [File not signed] C:\Program Files\Miranda NG\libs\mir_app.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000228864 _____ (Miranda NG team) [File not signed] C:\Program Files\Miranda NG\libs\mir_core.mir
2023-01-17 11:18 - 2018-03-23 16:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2023-01-17 11:18 - 2018-03-23 16:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2013-02-27 18:47 - 2013-02-27 18:47 - 001077327 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\LIBEAY32.dll
2013-02-27 18:47 - 2013-02-27 18:47 - 000225359 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\SSLEAY32.dll
2022-12-23 18:37 - 2023-02-08 19:13 - 003428864 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Miranda NG\libs\libcrypto-1_1.mir
2022-12-23 18:37 - 2023-02-08 19:14 - 000686592 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Miranda NG\libs\libssl-1_1.mir
2012-01-10 17:23 - 2012-01-10 17:23 - 000060928 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_bz2.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000444928 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_curl.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000044544 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_exif.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 001057280 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_gd2.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000039936 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_gettext.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000196608 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_gmp.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000818688 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_imap.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 002062336 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_mbstring.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000035328 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_mysql.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000088064 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_mysqli.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000077312 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_openssl.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000024064 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_pdo_mysql.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000022016 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_pdo_odbc.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000514560 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_pdo_sqlite.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000092160 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_pgsql.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000252416 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_soap.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000034304 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_sockets.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000526848 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_sqlite3.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000227328 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_tidy.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000063488 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_xmlrpc.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000026624 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\php5apache2_2.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 005910528 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\php5ts.dll
2023-12-18 21:58 - 2013-02-19 19:16 - 000223744 _____ (Un4seen Developments) [File not signed] C:\Program Files\Atomic Alarm Clock\bass.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21949980.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21949980.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKU\S-1-5-21-3042316109-2743702496-2181490592-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2021-09-13] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-25] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2020-07-05 14:55 - 2024-04-21 22:00 - 000001618 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 license.piriform.com
0.0.0.0 license-api.ccleaner.com
0.0.0.0 www.ccleaner.com
0.0.0.0 serius.mwbsys.com
0.0.0.0 keystone.mwbsys.com
127.0.0.1 keystone.mwbsys.com
127.0.0.1 telemetry.malwarebytes.com
74.86.5.247 apowersoft.com
127.0.0.1 apowersoft.com
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 easeus.com.cn
127.0.0.1 www.easeus.com.cn
127.0.0.1 track.easeus.com
127.0.0.1 track.easeus.com.cn
127.0.0.1 api.easeus.com
127.0.0.1 update.easeus.com
127.0.0.1 map2.hwcdn.net
127.0.0.1 easeusinfo.us-east-1.log.aliyuncs.com
127.0.0.1 aaa100cd68bbe03f3.awsglobalaccelerator.com
127.0.0.1 uompro.easeus.com
127.0.0.1 order.easeus.com
127.0.0.1 curl.haxx.se
127.0.0.1 buy.easeus.com
127.0.0.1 v2api-uoss.easeus.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm-prd-da1.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip4.adobe.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\PHP\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\MySQL\MySQL Fabric 1.5.4 & MySQL Utilities 1.5.4 1.5\;C:\Program Files (x86)\MySQL\MySQL Fabric 1.5.4 & MySQL Utilities 1.5.4 1.5\Doctrine extensions for PHP\
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: Backupper Service => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
HKLM\...\StartupApproved\StartupFolder: => "Monitor Apache Servers.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Explorer"
HKLM\...\StartupApproved\Run32: => "Svchost"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "AtomicAlarmClock6"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "MySQL Notifier"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "ApowersoftScreenRecorder"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "FreeAC"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "Emceed"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{BC717EF5-4E4D-445A-AF0D-EECD83B84C49}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{38A45111-F394-43CC-8464-B7A0421A4D4C}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{79ED041A-5102-43BC-B52A-84844E87900F}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe => No File
FirewallRules: [{A264A7FB-062C-4BA3-B3E8-3C02FA78DF98}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe => No File
FirewallRules: [TCP Query User{3C14E09E-91F0-46A5-808F-FC5DE4B52580}C:\users\david\backups\bittorrent-7.2--no ads.exe ] => (Allow) C:\users\david\backups\bittorrent-7.2--no ads.exe* () [File not signed]
FirewallRules: [UDP Query User{519EAD72-57C4-4E5B-BF67-9E3CB4683483}C:\users\david\backups\bittorrent-7.2--no ads.exe ] => (Allow) C:\users\david\backups\bittorrent-7.2--no ads.exe* () [File not signed]
FirewallRules: [TCP Query User{81CB440D-EBF3-4297-8FDC-AD60CC3B1DDA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [UDP Query User{01BF1D5E-B27E-45C8-A2AB-94959D1B2F19}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [{7D16D042-2AA6-4078-B6DB-FFB5B2CE454D}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe => No File
FirewallRules: [{1FB1C82B-3150-4A1D-BDBB-A0CF4D044BF5}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe => No File
FirewallRules: [{5D105ECB-33EA-4EFE-9D2A-0C5C1E32FBFF}] => (Allow) LPort=3306
FirewallRules: [{A59A7B8F-5A8F-4A8C-9BE8-A268AF98A708}] => (Allow) LPort=3306
FirewallRules: [TCP Query User{7B1F07A4-5581-4996-824B-479B60ACE190}C:\users\david\appdata\local\programs\caprine\caprine.exe] => (Block) C:\users\david\appdata\local\programs\caprine\caprine.exe (Sindre Sorhus) [File not signed]
FirewallRules: [UDP Query User{EE2677DB-22A9-4AD6-A467-D880085C3CE8}C:\users\david\appdata\local\programs\caprine\caprine.exe] => (Block) C:\users\david\appdata\local\programs\caprine\caprine.exe (Sindre Sorhus) [File not signed]
FirewallRules: [{CC77477F-C14D-4F21-AC00-899935DCD935}] => (Allow) C:\Program Files\BlueStacks_bgp64\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [TCP Query User{30EF558A-2073-4D82-8310-75878CFFC8F6}C:\users\david\backups\bittorrent-7.2--no ads.exe ] => (Allow) C:\users\david\backups\bittorrent-7.2--no ads.exe* () [File not signed]
FirewallRules: [UDP Query User{7BAAF638-8C7A-4EA6-AF9C-92B24D8F4190}C:\users\david\backups\bittorrent-7.2--no ads.exe ] => (Allow) C:\users\david\backups\bittorrent-7.2--no ads.exe* () [File not signed]
FirewallRules: [{AB260CD8-710C-499C-AF77-9B1CD754FA9A}] => (Block) C:\Program Files (x86)\4uKey for Android\4uKeyForAndroid.exe (Tenorshare Co.,Ltd. -> )
FirewallRules: [{94D76435-5BB0-4E44-9E53-3A3A90BF8A67}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
25-04-2024 01:48:12 Removed FileLocator Pro/Lite
25-04-2024 01:50:42 Removed Microsoft Office 32-bit Components 2016
25-04-2024 02:47:22 Removed AquaSnap 1.23.3
25-04-2024 02:54:45 Removed Oracle VM VirtualBox 7.0.10
==================== Faulty Device Manager Devices ============
Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/25/2024 03:44:10 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} [0x80070424, The specified service does not exist as an installed service.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Delete Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/25/2024 03:44:10 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Delete Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/25/2024 03:44:10 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} [0x80070424, The specified service does not exist as an installed service.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Get Shadow Copy Properties
Delete Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Execution Context: Coordinator
Error: (04/25/2024 03:44:10 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Get Shadow Copy Properties
Delete Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Execution Context: Coordinator
Error: (04/25/2024 03:44:10 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} [0x80070424, The specified service does not exist as an installed service.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/25/2024 03:44:10 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/25/2024 03:44:09 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} [0x80070424, The specified service does not exist as an installed service.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/25/2024 03:44:09 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
System errors:
=============
Error: (04/25/2024 03:31:40 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/25/2024 02:38:38 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/24/2024 09:40:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SpyHunter 5 Kernel service terminated unexpectedly. It has done this 1 time(s).
Error: (04/24/2024 09:30:59 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/24/2024 09:29:49 AM) (Source: DCOM) (EventID: 10010) (User: daivddd)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (04/23/2024 04:42:14 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/23/2024 02:38:37 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/23/2024 02:38:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:13:01 AM on 4/23/2024 was unexpected.
Windows Defender:
================
Date: 2024-03-20 02:58:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-02-19 17:26:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-24 19:20:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-24 19:09:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-24 18:55:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-04-23 10:37:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.409.436.0;1.409.436.0
Engine Version: 1.1.24030.4
Date: 2024-04-23 09:10:28
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.409.436.0;1.409.436.0
Engine Version: 1.1.24030.4
Date: 2024-04-21 22:20:55
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.409.436.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24030.4
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2024-04-21 16:53:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.565.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x8007045b
Error description: A system shutdown is in progress.
Date: 2024-03-28 17:28:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.407.565.0;1.407.565.0
Engine Version: 1.1.24020.9
CodeIntegrity:
===============
Date: 2024-04-25 03:38:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 6.16 09/15/2011
Motherboard: PEGATRON CORPORATION 2A86
Processor: Intel® Core™ i7 CPU X 990 @ 3.47GHz
Percentage of memory in use: 18%
Total physical RAM: 24567.06 MB
Available physical RAM: 20025.67 MB
Total Virtual: 49143.06 MB
Available Virtual: 41704.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:929.5 GB) (Free:753.47 GB) (Model: Hitachi HDS721010CLA332) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:316.59 GB) (Model: Hitachi HDS721010CLA332) NTFS
Drive f: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2BA839C3)
Partition 1: (Active) - (Size=929.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DC7D382E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Sign In
Create Account
