My system is repeatedly haunted by several infections, causing it to creep to a crawl. Interestingly Google usually appears rather normally, but most other sites take 10 - 15 seconds to show up after clicking their links.
I keep Malwarebytes ontime detection running, and frequently I do housekeeping first running SFC, then CCleaner, Windows Update, check for unintentional installations viewing Startup in Task Manager and Revo, and then run Rkill, Farbar, tdsskiller, Hitman Pro, and mBam.
Each time Farbar and Malwarbytes find wtime.cmd, wlocal.cmd, powershell, cpuz149, gntuud,
icsys.icn.exe, mrsys.exe, and system/explorer, so I successfully quarantine and eliminate as appropriate. My computer speeds up for just a short time then drags down again, and all infections reappear.
Thank you in advance if you can help my solve this!
David
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by David (administrator) on DAIVDDD (Hewlett-Packard HPE-590t) (24-04-2024 03:12:05)
Running from c:\Users\David\Desktop\frst64.exe
Loaded Profiles: David
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.exe ->) (Nurgo Software -> Nurgo Software) C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.x64.exe
(C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.exe ->) (Nurgo Software -> Nurgo Software) C:\Program Files (x86)\AquaSnap\AquaSnap.DpiAwareAgent.exe
(C:\Program Files\Malwarebytes\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Malwarebytes.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) () C:\Program Files (x86)\AX\AX.exe
(explorer.exe ->) () C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(explorer.exe ->) (Binary Fortress Software Ltd. -> Binary Fortress Software) C:\Program Files (x86)\TrayStatus\TrayStatus.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <17>
(explorer.exe ->) (Matthew Malensek) C:\Program Files (x86)\3RVX\3RVX.exe
(explorer.exe ->) (Miranda NG team) C:\Program Files\Miranda NG\Miranda64.exe
(explorer.exe ->) (Notepad++ -> Don HO [email protected]) C:\Program Files\Notepad++\notepad++.exe
(explorer.exe ->) (Nurgo Software -> Nurgo Software) C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (Sindre Sorhus) C:\Users\David\AppData\Local\Programs\caprine\Caprine.exe <5>
(Microsoft) C:\Users\David\AppData\Local\icsys.icn.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(services.exe ->) () C:\Program Files\Atomic Alarm Clock\timeserv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe
(services.exe ->) (Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe <2>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Oracle America, Inc. -> ) C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.Windows Repair\WR_Tray_Icon.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19572528 2021-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-04-12] (Adobe Inc. -> )
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Windows\explorer.exe, c:\windows\system\explorer.exe <=== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (No File)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe (No File)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [TrayStatus] => C:\Program Files (x86)\TrayStatus\TrayStatus.exe [2700304 2015-11-04] (Binary Fortress Software Ltd. -> Binary Fortress Software)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [ApowersoftScreenRecorder] => C:\Program Files (x86)\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe [4132912 2019-09-23] (Apowersoft Ltd -> Apowersoft)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [8537040 2022-02-02] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [5321728 2016-08-16] ()
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Policies\Explorer: [DisableThumbnails] 0
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\Policies\Explorer: [TaskbarNoThumbnail] 1
HKLM\...\Windows x64\Print Processors\Canon iP7200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBA.DLL [30208 2012-04-16] (CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFD.DLL [529408 2020-06-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2022-11-14] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP7200 series: CNMLMBA.DLL (No File)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS700 series: C:\WINDOWS\system32\CNMLMFD.DLL [956928 2020-06-17] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\124.0.6367.61\Installer\chrmstp.exe [2024-04-23] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.55\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
IFEO\MicrosoftEdge.exe: [Debugger] C:\WINDOWS\System32\systray.exe
IFEO\msedge.exe: [Debugger] C:\WINDOWS\System32\systray.exe
Lsa: [Notification Packages]
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3RVX.lnk [2022-12-11]
ShortcutTarget: 3RVX.lnk -> C:\Program Files (x86)\3RVX\3RVX.exe (Matthew Malensek)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AquaSnap.lnk [2022-12-12]
ShortcutTarget: AquaSnap.lnk -> C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.exe (Nurgo Software -> Nurgo Software)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Atomic Alarm Clock.lnk [2023-12-19]
ShortcutTarget: Atomic Alarm Clock.lnk -> C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AX.lnk [2023-11-22]
ShortcutTarget: AX.lnk -> C:\Program Files (x86)\AX\AX.exe ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Caprine 2.55.4.lnk [2023-01-24]
ShortcutTarget: Caprine 2.55.4.lnk -> C:\Users\David\Backups\Caprine\Caprine 2.55.4.vbs ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda NG x64.lnk [2022-12-23]
ShortcutTarget: Miranda NG x64.lnk -> C:\Program Files\Miranda NG\Miranda64.exe (Miranda NG team)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk [2023-04-10]
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
GroupPolicy: Restriction - Edge <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {E7FE21DA-87DC-4D11-A65F-CC9E716FD9A5} - System32\Tasks\{D9329B93-8369-4C6A-BE78-2B097502B6BE} => C:\Windows\System32\pcalua.exe [53760 2023-11-22] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\David\Downloads\Revo Uninstaller Pro 5.0.7 Multilingual\RevoUninProSetup.exe" -d "C:\Users\David\Downloads\Revo Uninstaller Pro 5.0.7 Multilingual"
Task: {190AD4EA-480F-493B-B6B0-9E6E490C91EB} - System32\Tasks\{EB7841EA-FAAD-4BDA-BF20-87366F249309} => C:\Windows\System32\pcalua.exe [53760 2023-11-22] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\David\Downloads\magicdisc-2.7.106-installer_vVq-vd1.exe -d C:\Users\David\Downloads
Task: {B2E38875-E691-451D-B2E0-E3BBF622B0CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {D44BE560-DDE2-458A-90DE-5E0A154BD2A8} - System32\Tasks\Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (No File)
Task: {F7B99778-D9AD-44FF-8348-C62455E74B8E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (No File)
Task: {B46AE522-33B8-4A72-9144-A376B03B2D7A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-04-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {C2015C87-B692-4E76-86CA-72D5A3A90F3D} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703544 2023-04-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "f725253d-13c5-4de3-b20d-50f7b367ba44" --version "6.11.10455" --silent
Task: {AC02B5F8-0375-4863-8179-F9E5469295F9} - System32\Tasks\CCleanerSkipUAC - David => C:\Program Files\CCleaner\CCleaner.exe [34159416 2023-04-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {93C3487E-2170-48F0-89C6-945856C7D483} - System32\Tasks\Christmas Task (One-Time) => "C:\Program Files (x86)\Driver Booster\10.1.0\xmas.exe" -> C:\Program Files (x86)\Driver Booster\10.1.0\\/xr
Task: {42CCF440-8A5D-4D99-A52B-364025735943} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5656192 2024-04-21] (Microsoft Windows -> Microsoft Corporation)
Task: {EDEB406E-50B8-4AB8-AD23-01B5419253E9} - System32\Tasks\GoogleUpdateTaskMachineCore{9B774B54-BD57-42F9-A074-ED483F914C36} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-02] (Google LLC -> Google LLC)
Task: {148BD420-831B-4463-B5D0-21D51314F625} - System32\Tasks\GoogleUpdateTaskMachineUA{B3ED4877-4488-4829-BC2A-B9BF75B49A89} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-02] (Google LLC -> Google LLC)
Task: {2CC11EDC-A805-4FE3-9178-E18A4EFA5D5D} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3042316109-2743702496-2181490592-1000 => C:\Users\David\AppData\Local\Programs\Messenger\MessengerHelper.exe --lassie (No File)
Task: {4ACCD32E-1456-408D-90DD-32970D92049C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21916864 2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {C878AE3F-81DA-42E4-AC08-D10356879506} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21916864 2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {B8E01CF0-C7A8-4EB8-952D-3D8D77BAC23E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141384 2024-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E33100D-EFB4-4567-94BE-041D9E5086EC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141384 2024-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {313FAC0D-D3D6-495F-9A7B-385578D533D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880 (No File)
Task: {ED363B64-6AF0-41F1-90B0-FBB5BF28ACDC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload (No File)
Task: {16744137-3A1A-490B-AF19-47A957C373A5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1D8E0697-439D-4BF4-A653-C047B4252157} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {F39B4B15-6281-47BD-A20E-A0274C19A7B2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C9FD0FB9-ABFC-4B87-B33D-A71A71F59970} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {54CC580C-37E3-4890-AD53-D23AEACCB070} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {C6527F69-548F-4A6D-BFCD-8FC30AF0DBE6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {9EDFEC13-37B0-4E5B-8B60-F3C8FC052A7C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {F540ABBC-CB1F-479E-89B5-22CA3F42376E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {AD6860A4-EA3A-4671-B791-CF8A3051FE3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {4F20BC2A-2729-4966-9EFF-029EFB297611} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {15BD6BA2-E15C-4913-BA1E-47AEA968E9E5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5DC230A3-60DF-46B4-B43C-880E73067223} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {3F0F5ED7-2052-44CE-956E-66FB42D0A5E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {074BDD1D-B2E7-4CF6-B7D1-F98F5331FF74} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {E14C49CF-B4F7-482D-86A3-7AE334987738} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {1E5E24ED-36D5-451D-A2EB-D275AE85FFEC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {03FB8671-D132-4B13-BB9C-FF6AF1A3E369} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {921F8F4C-199A-404E-8B0E-813EDEB0C508} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {AE46B4BC-2E1A-40D5-8915-C3F6219F6FA9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {C5BE1BB2-AA88-4F05-9576-F4BA0C4B2E25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {063DA904-2341-48A0-9532-15C1495E237F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {7411F577-18C0-467A-929F-43CADCE243F6} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {69E74DF2-FE06-4508-817B-023FE9B199AE} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {C6CA5C85-0403-49EF-823F-E5C57EAF612A} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DDF99BA8-A39A-488E-B468-A5E5C815667C} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {3072A1DF-191B-4E7D-9CDE-82B7D6A164C8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9517D107-CA8D-4158-8318-9DA8F69D2E97} - System32\Tasks\MySQL\Installer\ManifestUpdate => ""
Task: {8673DB21-D075-4BE7-B8B7-684BB75644DB} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [773120 2014-09-03] (Oracle Corporation)
Task: {BDADF474-49F2-4452-B405-C28D673F13B4} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.Windows Repair\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2124D53A-A1DB-4939-A7FB-15337D15B424}: [DhcpNameServer] 10.132.1.2 187.253.45.10
Tcpip\..\Interfaces\{8ECCC20D-51E1-4072-BA65-97DD33D31C4E}: [DhcpNameServer] 192.168.1.254
Edge:
=======
Edge Profile: C:\Users\David\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-23]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2024-04-24]
CHR Notifications: Default -> hxxps://www.locanto.com
CHR HomePage: Default -> hxxps://www.google.com/ncr
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-04-23]
CHR Extension: (Stylus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\clngdbkpkpeebahjckkjfobafhncgmne [2024-04-23]
CHR Extension: (Adblock for Youtube™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2024-04-24]
CHR Extension: (Mailto: for Gmail™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2024-04-23]
CHR Extension: (AdBlock on YouTube™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\emngkmlligggbbiioginlkphcmffbncb [2024-04-23]
CHR Extension: (Get Favicon) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpipahagclehninhhjkhbkliinfofnhe [2024-04-23]
CHR Extension: (New Tab Redirect) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2024-04-23]
CHR Extension: (Favicon Changer) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo [2024-04-23]
CHR Extension: (Emoji Keyboard by JoyPixels®) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdjnhgkpapgippgcgkfcbpdpcgifncb [2024-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-23]
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 5 [2024-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-23]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] ()
R2 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe [1095112 2022-08-31] (AOMEI International Network Limited -> AOMEI International Network Limited)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9202360 2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\MBAMService.exe [8884840 2024-04-22] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\MBVpnTunnelService.exe [3073888 2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
R2 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [14842600 2021-01-05] (Oracle America, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [804296 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2019-05-14] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [172928 2023-01-16] (AOMEI International Network Limited -> )
S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2022-12-15] (Alcorlink Corp. -> )
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [32176 2023-01-16] (AOMEI International Network Limited -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_bgp64; C:\Program Files\BlueStacks_bgp64\BstkDrv_bgp64.sys [315976 2020-10-04] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [120416 2019-06-20] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
S0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\System32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R3 HCW723x; C:\WINDOWS\system32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Hauppauge Computer Works, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [40976 2024-03-27] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2020-08-17] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [201280 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-04-23] (Malwarebytes Inc. -> Malwarebytes)
R3 nusb3hub; C:\WINDOWS\System32\drivers\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [213088 2019-06-20] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1062048 2023-07-12] (Oracle Corporation -> Oracle and/or its affiliates)
R3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20936 2024-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601376 2024-04-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-21] (Microsoft Windows -> Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2013-05-30] (Wondershare Software Co., Ltd. -> Wondershare)
R3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2013-05-30] (Wondershare Software Co., Ltd. -> Wondershare)
U4 aspnet_state; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-24 03:12 - 2024-04-24 03:13 - 000033451 _____ C:\Users\David\Desktop\FRST.txt
2024-04-24 03:11 - 2024-04-24 03:11 - 002394112 ___SH (Farbar) C:\Users\David\Desktop\frst64.exe
2024-04-24 03:11 - 2024-04-24 03:11 - 000211827 _____ (Microsoft) C:\Users\David\AppData\Local\icsys.icn.exe
2024-04-24 03:10 - 2024-04-23 15:25 - 002605964 _____ (Microsoft) C:\Users\David\Desktop\FRST64.exe
2024-04-23 16:42 - 2024-04-23 16:42 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-04-23 16:00 - 2024-04-23 16:00 - 000002439 _____ C:\Users\David\Desktop\daivddd - Chrome.lnk
2024-04-23 15:11 - 2024-04-23 15:11 - 000000000 ____D C:\Users\David\AppData\Local\UXP
2024-04-23 15:01 - 2024-04-23 15:01 - 000001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
2024-04-23 14:46 - 2024-04-21 23:00 - 029211754 _____ C:\Users\David\Downloads\H8a26324 F Adobe Photoshop 2020 v21.1.0.106 (x64) Patched
2024-04-23 11:06 - 2024-04-23 11:06 - 000002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-23 11:06 - 2024-04-23 11:06 - 000002327 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-04-23 10:43 - 2024-04-23 10:43 - 000003416 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-04-23 10:42 - 2024-04-23 11:02 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-23 10:22 - 2024-04-23 10:22 - 000000000 ____D C:\Users\David\AppData\Roaming\Mythicsoft
2024-04-23 10:22 - 2024-04-23 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileLocator Pro
2024-04-23 10:21 - 2024-04-23 10:46 - 000000000 ____D C:\Program Files\FileLocator Pro
2024-04-23 10:21 - 2024-04-23 10:21 - 000000000 ____D C:\Users\David\AppData\Local\Mythicsoft
2024-04-23 09:50 - 2024-04-23 09:50 - 114912816 _____ (Google LLC) C:\Users\David\Downloads\ChromeStandaloneSetup64.exe
2024-04-21 23:17 - 2024-04-23 01:31 - 000000014 _____ C:\ProgramData\krosqm.txt
2024-04-21 22:38 - 2024-04-24 03:08 - 000000000 ____D C:\Users\David\AppData\Local\Malwarebytes
2024-04-21 22:38 - 2024-04-21 22:38 - 000001949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-04-21 22:36 - 2024-04-23 10:39 - 000000000 ____D C:\Program Files\Malwarebytes
2024-04-21 22:36 - 2024-04-21 22:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-21 22:09 - 2023-03-29 04:40 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\Windows Driver Foundаtion (WDF).exe
2024-04-21 22:09 - 2009-01-03 03:49 - 628926976 ___SH C:\WINDOWS\Windows Driver Foundation (WUD).exe
2024-04-21 22:09 - 2008-10-17 08:53 - 000005120 ___SH () C:\WINDOWS\wudf.exe
2024-04-21 22:09 - 2007-08-14 22:58 - 000000115 ___SH C:\WINDOWS\wtime.cmd
2024-04-21 22:04 - 2024-04-21 22:04 - 000000000 ____D C:\Users\David\AppData\Roaming\16HD
2024-04-21 22:04 - 2024-04-21 22:04 - 000000000 ____D C:\Users\David\AppData\Local\Exodus_Movement_In
2024-04-21 22:03 - 2024-04-21 22:03 - 000000000 __SHD C:\Users\David\AppData\Local\GoogleDrive
2024-04-21 22:01 - 2024-04-21 22:01 - 000000000 __SHD C:\ProgramData\tl
2024-04-21 22:00 - 2024-04-21 22:00 - 000000000 ____D C:\Program Files (x86)\7-Zip
2024-04-21 16:41 - 2024-04-21 16:41 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-21 16:39 - 2024-04-21 16:39 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-21 16:03 - 2024-04-21 16:03 - 000000000 ___HD C:\$WinREAgent
2024-03-27 16:34 - 2024-03-27 16:34 - 000168976 _____ C:\TDSSKiller.3.1.0.28_27.03.2024_16.34.16_log.txt
2024-03-26 08:55 - 2024-03-26 08:55 - 000434844 _____ C:\Users\David\Documents\ToDoPRE.xlsm
2024-03-25 12:01 - 2024-03-25 12:01 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2024-03-25 12:00 - 2024-03-25 12:00 - 000000000 ____D C:\Program Files (x86)\Realtek
2024-03-25 12:00 - 2021-09-26 11:13 - 003168280 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2024-03-25 12:00 - 2021-09-26 11:13 - 001435032 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2024-03-25 12:00 - 2021-09-26 11:13 - 000541008 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2024-03-25 12:00 - 2021-09-26 11:13 - 000467048 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2024-03-25 12:00 - 2021-09-26 11:13 - 000381304 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2024-03-25 12:00 - 2021-09-26 11:13 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2024-03-25 12:00 - 2021-09-26 11:13 - 000230600 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2024-03-25 12:00 - 2021-09-26 11:13 - 000218160 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2024-03-25 12:00 - 2021-09-26 11:13 - 000174832 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 003601384 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 003445640 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 003375928 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 001414992 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 001403720 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 001327944 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 001195856 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 001110072 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000692064 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000392776 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000343608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000327176 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000327176 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000220288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000192880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000116440 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2024-03-25 12:00 - 2021-09-26 11:12 - 000093808 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2024-03-25 12:00 - 2021-09-26 11:11 - 003843944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2024-03-25 12:00 - 2021-09-26 11:10 - 006532712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2024-03-25 12:00 - 2021-09-26 11:10 - 003676976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2024-03-25 12:00 - 2021-09-26 11:10 - 003159680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2024-03-25 12:00 - 2021-09-26 11:10 - 002930056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2024-03-25 12:00 - 2021-09-26 11:10 - 000266456 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2024-03-25 12:00 - 2021-09-26 11:10 - 000023600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2024-03-25 12:00 - 2021-09-26 11:09 - 000122240 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2024-03-25 11:59 - 2024-03-25 12:01 - 000000000 ___HD C:\Program Files (x86)\Temp
2024-03-25 11:59 - 2021-05-16 18:50 - 002875968 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2024-03-25 10:52 - 2024-03-27 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS DriverHandy
2024-03-25 10:52 - 2024-03-25 10:54 - 000000000 ____D C:\DriverHandy
2024-03-25 10:51 - 2024-03-25 10:51 - 000000000 ____D C:\Program Files (x86)\EaseUS
2024-03-25 09:22 - 2024-03-25 09:22 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-24 03:14 - 2023-08-06 12:18 - 000000000 ____D C:\Users\David\AppData\Roaming\Caprine
2024-04-24 03:13 - 2022-12-24 18:50 - 000000000 ____D C:\Users\David\AppData\Roaming\Notepad++
2024-04-24 03:12 - 2023-01-22 13:16 - 000000000 ____D C:\FRST
2024-04-24 03:11 - 2023-11-22 15:07 - 000000000 ____D C:\WINDOWS\System
2024-04-24 03:10 - 2022-12-02 03:11 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-24 03:10 - 2022-09-07 20:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-24 02:56 - 2023-11-01 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-24 02:45 - 2022-12-02 20:39 - 000000000 ____D C:\Program Files\CCleaner
2024-04-24 01:43 - 2022-12-03 08:58 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-24 01:33 - 2023-01-15 16:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-24 01:17 - 2024-01-23 01:07 - 000435829 _____ C:\Users\David\Documents\ToDo.xlsm
2024-04-24 01:17 - 2022-12-02 04:16 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Excel
2024-04-23 19:44 - 2023-01-29 18:56 - 000000000 ____D C:\Users\David\AppData\LocalLow\IGDump
2024-04-23 18:42 - 2024-03-17 17:59 - 000000000 ____D C:\Users\David\Fitness
2024-04-23 16:42 - 2023-01-15 16:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-23 16:42 - 2023-01-14 14:47 - 000000432 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2024-04-23 16:42 - 2022-12-09 03:35 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-23 16:42 - 2022-12-02 07:12 - 000000416 _____ C:\WINDOWS\SysWOW64\AbBakConfig.dat
2024-04-23 16:42 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-04-23 16:41 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-23 16:40 - 2023-01-15 15:43 - 000000000 ____D C:\Users\David
2024-04-23 15:56 - 2022-12-02 13:37 - 000000000 ____D C:\Program Files (x86)\Canon
2024-04-23 15:23 - 2022-12-02 03:24 - 000000000 ___RD C:\Users\David\Backups
2024-04-23 15:11 - 2023-04-12 13:19 - 000000000 ____D C:\Users\David\AppData\Local\Adobe
2024-04-23 15:11 - 2022-12-02 06:39 - 000000000 ____D C:\Users\David\AppData\Roaming\Adobe
2024-04-23 15:01 - 2023-04-12 13:22 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-04-23 15:01 - 2022-12-02 03:41 - 000000000 ____D C:\Users\David\Documents\Adobe
2024-04-23 14:55 - 2023-04-12 13:21 - 000000000 ____D C:\Program Files\Adobe
2024-04-23 14:55 - 2022-12-09 22:34 - 000000000 ____D C:\Users\David\AppData\Local\D3DSCache
2024-04-23 11:43 - 2023-01-14 14:46 - 000000000 ____D C:\ProgramData\AomeiBR
2024-04-23 11:42 - 2023-01-14 14:49 - 000001024 ____H C:\SYSTAG.BIN
2024-04-23 11:06 - 2022-12-02 03:13 - 000000000 __SHD C:\Users\David\AppData\Local\Google
2024-04-23 11:05 - 2023-01-15 16:36 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{B3ED4877-4488-4829-BC2A-B9BF75B49A89}
2024-04-23 11:05 - 2023-01-15 16:36 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{9B774B54-BD57-42F9-A074-ED483F914C36}
2024-04-23 09:07 - 2022-12-04 09:24 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Word
2024-04-23 08:59 - 2023-01-14 00:28 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2024-04-23 01:36 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-23 01:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-22 06:19 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-21 23:29 - 2022-12-09 03:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-21 22:54 - 2022-12-02 03:41 - 000000000 ___RD C:\Users\David\Security
2024-04-21 22:39 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-21 22:37 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-04-21 22:08 - 2022-12-02 21:20 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-21 22:02 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Resources
2024-04-21 20:24 - 2022-12-22 18:52 - 000000000 ____D C:\Users\David\AppData\Roaming\BitTorrent
2024-04-21 17:26 - 2022-12-02 07:06 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2024-04-21 17:18 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-21 17:02 - 2023-01-15 16:30 - 000910084 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-21 16:55 - 2023-01-15 16:14 - 000438160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-21 16:51 - 2023-12-16 11:37 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-21 16:51 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-21 16:50 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-04-21 16:50 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-21 16:49 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-21 16:40 - 2022-11-09 13:15 - 000416842 __RSH C:\bootmgr
2024-04-21 16:39 - 2023-01-15 16:18 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-21 16:01 - 2023-01-17 12:25 - 000000000 ____D C:\Program Files\dotnet
2024-04-21 16:00 - 2022-12-02 06:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-21 15:55 - 2022-12-04 09:58 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-21 14:46 - 2022-12-02 03:58 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-21 14:33 - 2023-01-17 11:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2024-03-28 08:24 - 2023-01-27 19:21 - 000000000 ___RD C:\Users\David\Explorer
2024-03-27 21:13 - 2024-01-23 21:16 - 000000000 ____D C:\Users\David\AppData\Roaming\audacity
2024-03-27 19:09 - 2023-01-14 00:25 - 000000000 ____D C:\Users\David\AppData\Temp
2024-03-27 19:09 - 2022-12-02 23:24 - 000000000 __SHD C:\ProgramData\WlndowsDefenderTooI
2024-03-27 16:42 - 2022-12-03 00:11 - 000000396 _____ C:\WINDOWS\system32\.crusader
2024-03-27 05:21 - 2022-12-09 08:56 - 000000000 ____D C:\Users\David\AppData\Local\PlaceholderTileLogoFolder
2024-03-27 05:21 - 2022-12-09 03:55 - 000000000 ____D C:\Users\David\AppData\Local\Packages
2024-03-26 21:25 - 2022-12-02 03:43 - 000000000 ____D C:\Users\David\Documents\Recipes
2024-03-25 12:00 - 2023-03-16 18:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-03-25 12:00 - 2022-12-03 08:55 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-03-25 12:00 - 2022-12-03 08:55 - 000000000 ____D C:\Program Files\Realtek
==================== Files in the root of some directories ========
2022-12-02 14:05 - 2023-12-13 16:33 - 000000202 _____ () C:\Users\David\AppData\Roaming\AX.settings
2023-01-14 01:47 - 2023-01-14 01:47 - 000000039 _____ () C:\Users\David\AppData\Roaming\epm_user.ini
2024-04-24 03:11 - 2024-04-24 03:11 - 000211827 _____ (Microsoft) C:\Users\David\AppData\Local\icsys.icn.exe
2022-12-07 02:27 - 2023-02-12 09:58 - 000000615 _____ () C:\Users\David\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by David (24-04-2024 03:14:42)
Running from c:\Users\David\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) (2023-01-15 23:37:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3042316109-2743702496-2181490592-500 - Administrator - Disabled)
David (S-1-5-21-3042316109-2743702496-2181490592-1000 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-3042316109-2743702496-2181490592-503 - Limited - Disabled)
Guest (S-1-5-21-3042316109-2743702496-2181490592-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3042316109-2743702496-2181490592-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3042316109-2743702496-2181490592-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3RVX (HKLM-x32\...\{400A8514-5440-410A-B318-44061BD7EE8E}) (Version: 2.9.2.0 - Matthew Malensek)
5.0 (HKLM-x32\...\{9FAB5EAB-5D79-499C-864D-858CBD1E4AB6}_is1) (Version: - Peter Fox)
7-Zip 22.01 (HKLM-x32\...\7-Zip) (Version: 22.01 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
ABBYY FineReader PDF 15.0.114.4683 (HKLM-x32\...\ABBYY FineReader PDF_is1) (Version: 15.0.114.4683 - ABBY Production LLC.)
Active@ UNDELETE Ultimate 16 (HKLM\...\{9F0B916A-F7DD-4335-923E-397979C6AE1B}_is1) (Version: 16 - LSoft Technologies Inc)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_1_1) (Version: 11.1.1 - Adobe Inc.)
Adobe Dreamweaver 2021 (HKLM-x32\...\DRWV_21_0) (Version: 21.0 - Adobe Inc.)
Adobe Media Encoder 2023 (HKLM-x32\...\AME_23_5) (Version: 23.5 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Inc.)
Adobe Premiere Pro 2021 (HKLM-x32\...\PPRO_15_2) (Version: 15.2 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: 7.1.2 - AOMEI International Network Limited.)
AOMEI Partition Assistant 9.10.0 (HKLM-x32\...\{04F850ED-FD0F-4ED1-AE1B-4498165BF3D2}_is1) (Version: 9.10.0 - AOMEI International Network Limited.)
Apache HTTP Server 2.2.25 (HKLM-x32\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.25 - Apache Software Foundation)
Apowersoft Screen Recorder Pro V2.4.1.2 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.4.1.2 - APOWERSOFT LIMITED)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
AquaSnap 1.23.3 (HKLM-x32\...\{6E01214F-2970-45D9-A160-9436E955454A}) (Version: 1.23.3 - Nurgo Software)
Atomic Alarm Clock 6.3 beta (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company)
Audacity 3.4.2 (HKLM\...\Audacity_is1) (Version: 3.4.2 - Audacity Team)
Belarc Advisor 11.1 (HKLM-x32\...\Belarc Advisor) (Version: 11.1.0.0 - Belarc, Inc.)
Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.5 build 50 - Convivea Inc.)
BlueStacks (64-bit) (HKLM\...\BlueStacks_bgp64) (Version: 4.280.4.4002 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.15.1.52 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon TS700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS700_series) (Version: - Canon Inc.)
Caprine 2.55.4 (HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\b6c4192c-4ca1-5b79-a36d-5069848f8197) (Version: 2.55.4 - Sindre Sorhus)
CCleaner (HKLM\...\CCleaner) (Version: 6.11 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
FileLocator Pro/Lite (HKLM\...\{43AE6AA7-FDA0-4726-B218-23CB40C539A3}) (Version: 8.5.2858.1 - Mythicsoft Ltd)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 5.2.0.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.61 - Google LLC)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
LockHunter 3.4, 32/64 bit (HKLM\...\LockHunter_is1) (Version: 3.4.3.146 - Crystal Rich Ltd)
Malwarebytes version 5.1.2.109 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.2.109 - Malwarebytes)
Microsoft .NET Host - 6.0.29 (x64) (HKLM\...\{E7C485FB-3329-43E3-965B-3DE4B863E1D9}) (Version: 48.116.12053 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.29 (x64) (HKLM\...\{724B2734-4B1A-46E2-9333-6D3B83351D02}) (Version: 48.116.12053 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.29 (x64) (HKLM\...\{014E0350-0B29-483B-9252-8780DEBA0856}) (Version: 48.116.12053 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Excel MUI (English) 2016 (HKLM\...\{90160000-0016-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2016 (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusVolume - en-us) (Version: 16.0.14332.20685 - Microsoft Corporation)
Microsoft Office Shared 32-bit MUI (English) 2016 (HKLM\...\{90160000-00C1-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2016 (HKLM\...\{90160000-006E-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2016 (HKLM\...\{90160000-001A-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2016 (HKLM\...\{90160000-0018-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Security Client (HKLM\...\{2AA3C13E-0531-41B8-AE48-AE28C940A809}) (Version: 4.10.0209.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.32919 (HKLM-x32\...\{68c77bab-8435-4d15-ae03-fd4f6e158317}) (Version: 14.38.32919.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.32919 (HKLM-x32\...\{5F0295FE-3DAA-4C04-94A6-2AFC6D739D34}) (Version: 14.38.32919 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.32919 (HKLM-x32\...\{2F7F071D-83D0-4994-8237-7B0579452FD4}) (Version: 14.38.32919 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.29 (x64) (HKLM\...\{A0DA3EDD-9C41-491F-A77E-5F90AFDB64B2}) (Version: 48.116.12057 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.29 (x64) (HKLM-x32\...\{54679abd-8ed9-4bd3-8400-7684dd7c6f03}) (Version: 6.0.29.33521 - Microsoft Corporation)
Microsoft Word MUI (English) 2016 (HKLM\...\{90160000-001B-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Miranda NG (HKLM-x32\...\Miranda NG_is1) (Version: 0.96.1 - Miranda NG team)
MySQL Connector C++ 8.0 (HKLM\...\{BEE35F1E-6750-452B-AB29-8D2337119A6C}) (Version: 8.0.32 - Oracle Corporation)
MySQL Connector J (HKLM-x32\...\{8A9B23F6-9C1D-4DB2-8254-EAB70EF4325B}) (Version: 5.1.36 - Oracle Corporation)
MySQL Connector NET 8.0.32 (HKLM-x32\...\{F7D3A87C-7CA0-4B79-A5FF-97BF3E18710B}) (Version: 8.0.32 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version: 6.1.6 - Oracle Corporation)
MySQL Connector/ODBC 8.0 (HKLM\...\{3BF88A07-3688-450A-87B2-C7C26AF51FC9}) (Version: 8.0.32 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{919DC950-1D2C-4D82-96D6-3615135BDEB6}) (Version: 5.6.51 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{980D81BF-AF30-45B4-9647-006D327B92E3}) (Version: 5.6.51 - Oracle Corporation)
MySQL Fabric 1.5.4 & MySQL Utilities 1.5.4 (HKLM-x32\...\{1F7D4F80-DF56-48DD-9FC5-220720F7517C}) (Version: 1.5.4 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{5848D524-F8CF-4A46-A3E4-B9BDB979A0FE}) (Version: 1.4.8.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle)
MySQL Server 5.6 (HKLM\...\{E4B936B1-9A24-4C70-9DB8-2E6A94FAD288}) (Version: 5.6.51 - Oracle Corporation)
MySQL Workbench 8.0 CE (HKLM\...\{5345D70A-6E66-4AF7-9A18-547E97DD538C}) (Version: 8.0.32 - Oracle Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6.2 - Notepad++ Team)
NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20685 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20685 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 7.0.10 (HKLM\...\{D989F957-5A0B-4C36-BF71-38BD1A35C2F1}) (Version: 7.0.10 - Oracle and/or its affiliates)
PHP 5.3.9 (HKLM-x32\...\{95505508-5E3F-40D6-A1EA-008C75886E21}) (Version: 5.3.9 - The PHP Group)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 240315 - Kakao Corp.)
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.1 - Canon Inc.)
PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM-x32\...\{345E25C8-EC20-45D5-A088-C5891FC603D4}) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM-x32\...\{B622A8BB-C77B-4F03-B512-8B70A6760BD9}) (Version: 1.0.17.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (64 bit) (HKLM\...\{72383075-FF31-4B87-BD94-8CFC347A1C19}) (Version: 1.0.17.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.7.0.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.7.0.0 - Ardfry Imaging, LLC)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)
Snagit 2024 (HKLM\...\{353C1D13-E288-4F38-A3FD-5949F1172CB3}) (Version: 24.0.4 - TechSmith Corporation) Hidden
Snagit 2024 (HKLM-x32\...\{f6c88682-25b7-4c7f-b273-d4cab7cdb32a}) (Version: 24.0.4.1148 - TechSmith Corporation)
TrayStatus 2.0 (HKLM-x32\...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 2.0.0.0 - Binary Fortress Software)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.13.1 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 1.55.0.0 - Winaero)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-08-31] (Adobe Systems Incorporated)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-03-20] (Microsoft Corporation)
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe [2024-02-15] (Microsoft Corporation)
MP3Skull Free Mp3 Music Downloader -> C:\Program Files\WindowsApps\64932DatLeThanh.MP3SkullFreeMp3MusicDownloader_2.0.7.0_x64__yzq4m1tm1yc56 [2024-03-27] (Dat Le Thanh)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-08-31] (Microsoft Corporation)
SMS Verification - Temporary PhoneNumber -> C:\Program Files\WindowsApps\14184MeetmeXMTechnologyCo.SMSVerification-Temporar_1.0.0.0_x64__8712n5bmjvf8t [2023-12-28] (MeetmeXM Technology Co., Ltd)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2412.4.0_x64__cv1g1gvanyjgm [2024-03-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\contextMenu\NppShell.dll [2024-01-13] (Notepad++ -> Bjarke I. Pedersen [email protected])
ContextMenuHandlers1: [FineReader15ContextMenu] -> {53339754-4DD1-438B-8D24-0D0730F1A591} => C:\Program Files (x86)\ABBYY FineReader 15\x64\FRIntegration.x64.dll [2020-06-15] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2021-06-24] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2021-06-24] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\mbshlext.dll [2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2021-06-24] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-11-05] (Adobe Inc. -> )
ContextMenuHandlers6: [FineReader15ContextMenu] -> {53339754-4DD1-438B-8D24-0D0730F1A591} => C:\Program Files (x86)\ABBYY FineReader 15\x64\FRIntegration.x64.dll [2020-06-15] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\mbshlext.dll [2024-04-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers2_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => C:\Program Files\FileLocator Pro\ShellExt.dll [2018-10-24] (Mythicsoft Ltd -> Mythicsoft Ltd)
ContextMenuHandlers4_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => C:\Program Files\FileLocator Pro\ShellExt.dll [2018-10-24] (Mythicsoft Ltd -> Mythicsoft Ltd)
ContextMenuHandlers5_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => C:\Program Files\FileLocator Pro\ShellExt.dll [2018-10-24] (Mythicsoft Ltd -> Mythicsoft Ltd)
ContextMenuHandlers6_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => C:\Program Files\FileLocator Pro\ShellExt.dll [2018-10-24] (Mythicsoft Ltd -> Mythicsoft Ltd)
ContextMenuHandlers2_S-1-5-21-3042316109-2743702496-2181490592-1000: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => C:\Program Files\FileLocator Pro\ShellExt.dll [2018-10-24] (Mythicsoft Ltd -> Mythicsoft Ltd)
ContextMenuHandlers4_S-1-5-21-3042316109-2743702496-2181490592-1000: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => C:\Program Files\FileLocator Pro\ShellExt.dll [2018-10-24] (Mythicsoft Ltd -> Mythicsoft Ltd)
ContextMenuHandlers5_S-1-5-21-3042316109-2743702496-2181490592-1000: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => C:\Program Files\FileLocator Pro\ShellExt.dll [2018-10-24] (Mythicsoft Ltd -> Mythicsoft Ltd)
ContextMenuHandlers6_S-1-5-21-3042316109-2743702496-2181490592-1000: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => C:\Program Files\FileLocator Pro\ShellExt.dll [2018-10-24] (Mythicsoft Ltd -> Mythicsoft Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\David\Security\CHKDSK results.lnk -> C:\Users\David\Backups\BAT files\CHKDSK_WININIT_Results.bat ()
Shortcut: C:\Users\David\Security\Create CBS Log.lnk -> C:\Users\David\Backups\BAT files\CBS_Errors_TODAY.bat ()
Shortcut: C:\Users\David\Security\Run SFC.lnk -> C:\Users\David\Backups\BAT files\SFC.bat ()
Shortcut: C:\Users\David\Backups\AquaSnap\AquaSnap Restart.lnk -> C:\Users\David\Backups\AquaSnap\AquaSnap Restart.bat ()
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\David\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\David\Desktop\daivddd - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\David - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\buscompanerajar - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"
==================== Loaded Modules (Whitelisted) =============
2013-02-27 18:42 - 2013-02-27 18:42 - 000081983 _____ () [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\zlib1.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000097792 _____ () [File not signed] C:\Program Files (x86)\PHP\LIBPQ.dll
2023-12-18 21:58 - 2016-08-09 13:57 - 001886720 _____ () [File not signed] C:\Program Files\Atomic Alarm Clock\Clock.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000022528 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdautoaway.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000029184 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdaway.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000035328 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdcrypt.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000014336 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdemail.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000071168 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdfile.dll
2022-12-23 18:37 - 2023-03-31 12:28 - 000062976 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stdpopup.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000020480 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stduihist.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000059904 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stduserinfo.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000014848 _____ () [File not signed] C:\Program Files\Miranda NG\Core\stduseronline.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 001181696 _____ () [File not signed] C:\Program Files\Miranda NG\libs\FreeImage.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000075776 _____ () [File not signed] C:\Program Files\Miranda NG\libs\libjson.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000100352 _____ () [File not signed] C:\Program Files\Miranda NG\libs\Pcre16.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000684544 _____ () [File not signed] C:\Program Files\Miranda NG\libs\sqlite3.mir
2022-12-23 18:37 - 2023-03-31 12:24 - 000101376 _____ () [File not signed] C:\Program Files\Miranda NG\libs\zlib.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000079872 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\AVS.dll
2022-12-23 18:37 - 2023-03-31 12:26 - 000479232 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Clist_modern.dll
2023-05-06 08:46 - 2023-03-31 12:26 - 000061952 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Db_autobackups.dll
2022-12-23 18:37 - 2023-03-31 12:29 - 000036352 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\DbChecker.dll
2022-12-23 18:37 - 2023-03-31 12:28 - 000044032 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Dbx_sqlite.dll
2022-12-23 18:37 - 2023-03-31 12:29 - 000070656 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Facebook.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000096256 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Import.dll
2022-12-23 18:37 - 2023-03-31 12:27 - 000087552 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\PluginUpdater.dll
2022-12-23 18:37 - 2023-03-31 12:27 - 000014336 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\Restart.dll
2022-12-23 18:37 - 2023-03-31 12:26 - 000053248 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\SeenPlugin.dll
2023-03-13 14:44 - 2023-03-31 12:26 - 000104448 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\SmileyAdd.dll
2022-12-23 18:37 - 2023-03-31 12:27 - 000020480 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\StartPosition.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000495616 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\TabSRMM.dll
2022-12-23 18:37 - 2023-03-31 12:26 - 000051712 _____ () [File not signed] C:\Program Files\Miranda NG\Plugins\TopToolBar.dll
2024-03-16 16:05 - 2022-03-20 09:52 - 002812416 _____ () [File not signed] C:\Users\David\AppData\Local\Programs\caprine\ffmpeg.dll
2024-03-16 16:05 - 2022-03-20 09:52 - 000438784 _____ () [File not signed] C:\Users\David\AppData\Local\Programs\caprine\libegl.dll
2024-03-16 16:05 - 2022-03-20 09:52 - 009659392 _____ () [File not signed] C:\Users\David\AppData\Local\Programs\caprine\libglesv2.dll
2013-07-10 00:53 - 2013-07-10 00:53 - 000139347 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\libapr-1.dll
2013-07-10 00:53 - 2013-07-10 00:53 - 000036958 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\libapriconv-1.dll
2013-07-10 00:53 - 2013-07-10 00:53 - 000208988 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\libaprutil-1.dll
2013-07-10 02:52 - 2013-07-10 02:52 - 000278600 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\libhttpd.dll
2013-07-10 02:52 - 2013-07-10 02:52 - 000024667 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_actions.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024665 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_alias.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024667 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_asis.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024666 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_auth_basic.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024669 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authn_default.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024666 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authn_file.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024669 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authz_default.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024671 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authz_groupfile.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024666 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authz_host.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024666 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_authz_user.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000032864 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_autoindex.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000028762 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_cgi.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024663 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_dir.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024664 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_env.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000041051 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_include.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000032860 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_isapi.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000028766 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_log_config.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000028757 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_mime.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000036959 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_negotiation.so
2013-07-10 02:52 - 2013-07-10 02:52 - 000024669 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\modules\mod_setenvif.so
2022-12-02 13:36 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2022-12-02 13:36 - 2012-04-16 05:00 - 000030208 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\CNMPDBA.DLL
2024-04-24 03:11 - 2024-04-24 03:11 - 002394112 ___SH (Farbar) [File not signed] c:\users\david\desktop\frst64.exe
2022-07-15 20:00 - 2022-07-15 20:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-12-03 08:54 - 2010-11-21 01:33 - 000271360 ____R (Microsoft Corporation) [File not signed] C:\Windows\System32\oobe\wdscore.dll
2023-01-15 16:22 - 2023-01-15 16:22 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2022-12-23 18:37 - 2023-03-31 12:25 - 000970240 _____ (Miranda NG team) [File not signed] C:\Program Files\Miranda NG\libs\mir_app.mir
2022-12-23 18:37 - 2023-03-31 12:25 - 000228864 _____ (Miranda NG team) [File not signed] C:\Program Files\Miranda NG\libs\mir_core.mir
2023-01-17 11:18 - 2018-03-23 16:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2023-01-17 11:18 - 2018-03-23 16:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2013-02-27 18:47 - 2013-02-27 18:47 - 001077327 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\LIBEAY32.dll
2013-02-27 18:47 - 2013-02-27 18:47 - 000225359 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\SSLEAY32.dll
2022-12-23 18:37 - 2023-02-08 19:13 - 003428864 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Miranda NG\libs\libcrypto-1_1.mir
2022-12-23 18:37 - 2023-02-08 19:14 - 000686592 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Miranda NG\libs\libssl-1_1.mir
2012-01-10 17:23 - 2012-01-10 17:23 - 000060928 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_bz2.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000444928 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_curl.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000044544 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_exif.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 001057280 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_gd2.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000039936 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_gettext.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000196608 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_gmp.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000818688 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_imap.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 002062336 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_mbstring.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000035328 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_mysql.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000088064 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_mysqli.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000077312 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_openssl.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000024064 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_pdo_mysql.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000022016 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_pdo_odbc.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000514560 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_pdo_sqlite.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000092160 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_pgsql.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000252416 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_soap.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000034304 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_sockets.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000526848 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_sqlite3.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000227328 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_tidy.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000063488 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\ext\php_xmlrpc.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 000026624 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\php5apache2_2.dll
2012-01-10 17:23 - 2012-01-10 17:23 - 005910528 _____ (The PHP Group) [File not signed] C:\Program Files (x86)\PHP\php5ts.dll
2023-12-18 21:58 - 2013-02-19 19:16 - 000223744 _____ (Un4seen Developments) [File not signed] C:\Program Files\Atomic Alarm Clock\bass.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21949980.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21949980.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKU\S-1-5-21-3042316109-2743702496-2181490592-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2021-09-13] (Belarc, Inc. -> Belarc, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2020-07-05 14:55 - 2024-04-21 22:00 - 000001618 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 license.piriform.com
0.0.0.0 license-api.ccleaner.com
0.0.0.0 www.ccleaner.com
0.0.0.0 serius.mwbsys.com
0.0.0.0 keystone.mwbsys.com
127.0.0.1 keystone.mwbsys.com
127.0.0.1 telemetry.malwarebytes.com
74.86.5.247 apowersoft.com
127.0.0.1 apowersoft.com
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 easeus.com.cn
127.0.0.1 www.easeus.com.cn
127.0.0.1 track.easeus.com
127.0.0.1 track.easeus.com.cn
127.0.0.1 api.easeus.com
127.0.0.1 update.easeus.com
127.0.0.1 map2.hwcdn.net
127.0.0.1 easeusinfo.us-east-1.log.aliyuncs.com
127.0.0.1 aaa100cd68bbe03f3.awsglobalaccelerator.com
127.0.0.1 uompro.easeus.com
127.0.0.1 order.easeus.com
127.0.0.1 curl.haxx.se
127.0.0.1 buy.easeus.com
127.0.0.1 v2api-uoss.easeus.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm-prd-da1.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip4.adobe.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\PHP\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2;C:\Program Files\dotnet\;C:\Program Files (x86)\MySQL\MySQL Fabric 1.5.4 & MySQL Utilities 1.5.4 1.5\;C:\Program Files (x86)\MySQL\MySQL Fabric 1.5.4 & MySQL Utilities 1.5.4 1.5\Doctrine extensions for PHP\
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: Backupper Service => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
HKLM\...\StartupApproved\StartupFolder: => "Monitor Apache Servers.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Explorer"
HKLM\...\StartupApproved\Run32: => "Svchost"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "AtomicAlarmClock6"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "MySQL Notifier"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "ApowersoftScreenRecorder"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "FreeAC"
HKU\S-1-5-21-3042316109-2743702496-2181490592-1000\...\StartupApproved\Run: => "Emceed"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{BC717EF5-4E4D-445A-AF0D-EECD83B84C49}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{38A45111-F394-43CC-8464-B7A0421A4D4C}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{79ED041A-5102-43BC-B52A-84844E87900F}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{A264A7FB-062C-4BA3-B3E8-3C02FA78DF98}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [TCP Query User{3C14E09E-91F0-46A5-808F-FC5DE4B52580}C:\users\david\backups\bittorrent-7.2--no ads.exe ] => (Allow) C:\users\david\backups\bittorrent-7.2--no ads.exe* () [File not signed]
FirewallRules: [UDP Query User{519EAD72-57C4-4E5B-BF67-9E3CB4683483}C:\users\david\backups\bittorrent-7.2--no ads.exe ] => (Allow) C:\users\david\backups\bittorrent-7.2--no ads.exe* () [File not signed]
FirewallRules: [TCP Query User{81CB440D-EBF3-4297-8FDC-AD60CC3B1DDA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [UDP Query User{01BF1D5E-B27E-45C8-A2AB-94959D1B2F19}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [{7D16D042-2AA6-4078-B6DB-FFB5B2CE454D}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{1FB1C82B-3150-4A1D-BDBB-A0CF4D044BF5}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.1.2\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{5D105ECB-33EA-4EFE-9D2A-0C5C1E32FBFF}] => (Allow) LPort=3306
FirewallRules: [{A59A7B8F-5A8F-4A8C-9BE8-A268AF98A708}] => (Allow) LPort=3306
FirewallRules: [TCP Query User{7B1F07A4-5581-4996-824B-479B60ACE190}C:\users\david\appdata\local\programs\caprine\caprine.exe] => (Block) C:\users\david\appdata\local\programs\caprine\caprine.exe (Sindre Sorhus) [File not signed]
FirewallRules: [UDP Query User{EE2677DB-22A9-4AD6-A467-D880085C3CE8}C:\users\david\appdata\local\programs\caprine\caprine.exe] => (Block) C:\users\david\appdata\local\programs\caprine\caprine.exe (Sindre Sorhus) [File not signed]
FirewallRules: [TCP Query User{7C20B2B4-F8D7-4281-8EFB-426C4D7AA9CE}C:\program files\adobe\adobe dreamweaver 2021\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2021\node\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [UDP Query User{FDDC573F-4318-4EE1-A65A-BE8E46F8A64E}C:\program files\adobe\adobe dreamweaver 2021\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2021\node\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [{FFA90848-F4C8-49FE-84D5-B5D182BF780F}] => (Block) C:\Program Files\Adobe\Adobe Bridge 2021\Bridge.exe (Adobe Inc. -> Adobe Inc) [File not signed]
FirewallRules: [{033999A1-5307-415C-879B-B8A77D7EB66E}] => (Block) C:\Program Files\Adobe\Adobe Dreamweaver 2021\Dreamweaver.exe (Adobe Inc. -> Adobe Inc.) [File not signed]
FirewallRules: [{217C5032-88E1-4226-A8D5-A9E25AC77195}] => (Block) C:\Program Files\Adobe\Adobe Premiere Pro 2021\Adobe Premiere Pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [{CC77477F-C14D-4F21-AC00-899935DCD935}] => (Allow) C:\Program Files\BlueStacks_bgp64\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{F832E24A-1AE1-4FBF-87AC-B01F3DBFCB98}] => (Allow) C:\Program Files (x86)\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{9BA37EA8-6BF9-4137-B1D3-5D1B88761D64}] => (Allow) C:\Program Files (x86)\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{D40C6901-FFF3-40F9-8B83-20CBFD090A1A}] => (Allow) LPort=8300
FirewallRules: [TCP Query User{30EF558A-2073-4D82-8310-75878CFFC8F6}C:\users\david\backups\bittorrent-7.2--no ads.exe ] => (Allow) C:\users\david\backups\bittorrent-7.2--no ads.exe* () [File not signed]
FirewallRules: [UDP Query User{7BAAF638-8C7A-4EA6-AF9C-92B24D8F4190}C:\users\david\backups\bittorrent-7.2--no ads.exe ] => (Allow) C:\users\david\backups\bittorrent-7.2--no ads.exe* () [File not signed]
FirewallRules: [{AB260CD8-710C-499C-AF77-9B1CD754FA9A}] => (Block) C:\Program Files (x86)\4uKey for Android\4uKeyForAndroid.exe (Tenorshare Co.,Ltd. -> )
FirewallRules: [{75CDFCFE-A0DC-45E7-B8F7-D958E1A16326}] => (Allow) C:\Program Files\FileLocator Pro\FileLocatorPro.exe (Microsoft) [File not signed]
FirewallRules: [{7B79C9CA-E79F-4644-B822-238B28DBBD15}] => (Allow) C:\Program Files\FileLocator Pro\FileLocatorPro.exe (Microsoft) [File not signed]
FirewallRules: [{29C6B7CD-F060-44EE-924D-A941D30C0912}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
23-04-2024 10:02:54 Removed FileLocator Pro/Lite
23-04-2024 10:21:33 Installed FileLocator Pro/Lite
==================== Faulty Device Manager Devices ============
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/24/2024 03:12:50 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} [0x80070424, The specified service does not exist as an installed service.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Delete Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/24/2024 03:12:50 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Delete Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/24/2024 03:12:50 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} [0x80070424, The specified service does not exist as an installed service.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Get Shadow Copy Properties
Delete Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Execution Context: Coordinator
Error: (04/24/2024 03:12:50 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Get Shadow Copy Properties
Delete Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Execution Context: Coordinator
Error: (04/24/2024 03:12:50 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} [0x80070424, The specified service does not exist as an installed service.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/24/2024 03:12:50 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/24/2024 03:12:49 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} [0x80070424, The specified service does not exist as an installed service.
].
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
Error: (04/24/2024 03:12:49 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e5b50e88-1fd9-4123-bdad-d0e79026fa55} and name SW_PROV cannot be started. [0x80070424, The specified service does not exist as an installed service.]
Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies
Context:
Provider ID: {02029a6e-d74a-4ecd-ba26-c12be9323128}
Class ID: {e5b50e88-1fd9-4123-bdad-d0e79026fa55}
Snapshot Context: -1
Snapshot Context: -1
Execution Context: Coordinator
System errors:
=============
Error: (04/23/2024 04:42:14 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/23/2024 02:38:37 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/23/2024 02:38:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:13:01 AM on 4/23/2024 was unexpected.
Error: (04/23/2024 11:13:00 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/23/2024 11:02:04 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL failed to load with error 87. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
Error: (04/23/2024 11:00:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
%%2147943515 = A system shutdown is in progress.
Error: (04/23/2024 11:00:32 AM) (Source: DCOM) (EventID: 10010) (User: daivddd)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (04/23/2024 10:39:35 AM) (Source: DCOM) (EventID: 10010) (User: daivddd)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2024-03-20 02:58:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-02-19 17:26:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-24 19:20:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-24 19:09:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-24 18:55:44
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-04-23 10:37:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.409.436.0;1.409.436.0
Engine Version: 1.1.24030.4
Date: 2024-04-23 09:10:28
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.409.436.0;1.409.436.0
Engine Version: 1.1.24030.4
Date: 2024-04-21 22:20:55
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.409.436.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24030.4
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2024-04-21 16:53:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.565.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x8007045b
Error description: A system shutdown is in progress.
Date: 2024-03-28 17:28:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.407.565.0;1.407.565.0
Engine Version: 1.1.24020.9
CodeIntegrity:
===============
Date: 2024-04-24 03:16:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 6.16 09/15/2011
Motherboard: PEGATRON CORPORATION 2A86
Processor: Intel® Core™ i7 CPU X 990 @ 3.47GHz
Percentage of memory in use: 22%
Total physical RAM: 24567.06 MB
Available physical RAM: 18943.9 MB
Total Virtual: 49143.06 MB
Available Virtual: 40548.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:929.5 GB) (Free:739.29 GB) (Model: Hitachi HDS721010CLA332) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:368.71 GB) (Model: Hitachi HDS721010CLA332) NTFS
Drive f: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2BA839C3)
Partition 1: (Active) - (Size=929.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DC7D382E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Sign In
Create Account
