Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible malware infection


  • Please log in to reply

#1
BerDov

BerDov

    Member

  • Member
  • PipPipPip
  • 225 posts

Greetings to all,

 

Careful as I am, I may have been had just now and would like to check the computer for possible infection. 30 min ago, I received an email with what I thought was my dental x-rays. Downloaded pdf attachment, clicked on OPEN inside the pdf. It produced the file <Summary_3589688_12192022.img> Since I have no programs that open an .img file, I looked again at the email. It was from ['Bethesda' [email protected]]. My dentist is in Bethesda, but their email domain is different.

 

So, I ran < FRST64.exe> as instructed on geekstogo.com. The logs are below. What's next? Any help is appreciated.

 

*

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-12-2022
Ran by DovBer (administrator) on COMPAQ (HP HP ProDesk 400 G3 MT) (19-12-2022 13:25:08)
Running from C:\Users\DovBer\Desktop
Loaded Profiles: DovBer
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
(explorer.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe
(explorer.exe ->) (High Criteria Inc -> High Criteria inc.) C:\Program Files (x86)\HighCriteria\TotalRecorder\TotalRecorder.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(explorer.exe ->) (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Expression\Web 3\ExpressionWeb.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderConnectedPDFService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <18>
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(services.exe ->) (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe
(services.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(taskeng.exe ->) (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-08-18] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [GFI BackUp Freeware] => C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe [2318704 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [Chromium] => "c:\users\dovber\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (No File)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe (No File)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123150712 2022-11-28] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\MountPoints2: {b2b0d526-add8-11e7-bdc1-806e6f6e6963} - D:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
HKLM\...\Windows x64\Print Processors\Canon PRO-100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBD.DLL [30208 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor PRO-100 series: C:\Windows\system32\CNMLMBD.DLL [406528 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor PRO-100 series XPS: C:\Windows\system32\CNMXLMBD.DLL [409088 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [375296 2014-07-11] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CutePDF Writer Monitor v3.2: C:\Windows\system32\cpwmon64_v32.dll [90096 2017-05-26] (Acro Software Inc -> )
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2009-07-13] (Microsoft Windows -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Stylus Photo R1800 64MonitorBA: C:\Windows\system32\E_ILM9LA.DLL [129536 2006-12-08] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {59853111-0854-4911-ABC5-556E82A3F35F} - System32\Tasks\{92030B0C-3E3D-47D3-ACC9-FE5D6D53C478} => C:\Windows\system32\pcalua.exe -a C:\epson\epson12333_R1800_printer_driver_65cas\SETUP\SETUP64.EXE -d C:\epson\epson12333_R1800_printer_driver_65cas\SETUP
Task: {91E4F216-2C51-426F-8DA1-5888D4ED1316} - System32\Tasks\CCleanerSkipUAC - DovBer => C:\Program Files\CCleaner\CCleaner.exe [32602448 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {98D3A401-4531-4C50-9077-9CCD08911062} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A1430AE4-8476-4827-BFD6-82F0AB23B5DB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-956995889-4081865807-2724082783-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746880 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Task: {A277452E-2321-47FC-90B9-BEA9C769D398} - System32\Tasks\AdobeAAMUpdater-1.0-Compaq-DovBer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AB1ABDA9-3674-4D49-973B-8770248080DB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-12-09] (Piriform Software Ltd -> Piriform)
Task: {D8DC930D-B5A0-4BAB-9B79-4BB51641C37E} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4669264 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "a8f2e377-022b-4626-83e1-be7a12439d7e" --version "6.07.10191" --silent
Task: {DA1FE4A1-9456-4532-B27B-EEE8CA06B4FF} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_DovBer => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5545552 2019-03-19] (Janos Mathe -> H.D.S. Hungary)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0A63B09D-5A87-4170-8171-E2004804DE9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF DefaultProfile: e4s05sqm.default
FF ProfilePath: C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default [2022-12-19]
FF DownloadDir: G:\DATA\__message_boards
FF Homepage: Mozilla\Firefox\Profiles\e4s05sqm.default -> hxxp://www.bfcollection.net/
FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-12-11] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-12-12]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-08-22]
FF Extension: (uBlock Origin) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-11-15]
FF Extension: (Avast Online Security & Privacy) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-11-16]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default [2021-03-26]
CHR DownloadDir: G:\DATA\__message_boards
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-03]
CHR Extension: (Docs) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-03]
CHR Extension: (Google Drive) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-26]
CHR Extension: (YouTube) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-10]
CHR Extension: (Sheets) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-03]
CHR Extension: (Google Docs Offline) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-26]
CHR Extension: (Avast Online Security) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-03-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-26]
CHR Extension: (Gmail) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-26]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 GFIBckFAtt; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe [1011056 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
R2 GFIBckFSched; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe [2664816 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8892256 2022-12-17] (Malwarebytes Inc. -> Malwarebytes)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-05-13] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-05-13] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [95432 2014-05-23] (LSI Corporation -> LSI Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [52048 2013-02-06] (LSI Corporation -> LSI Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nvme; C:\Windows\system32\drivers\nvme.sys [70208 2015-06-02] (Samsung Electronics Co., Ltd. -> Samsung Electronic Co., Ltd)
R3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [171768 2022-05-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2020-11-18] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [126080 2015-10-20] (High Criteria Inc -> High Criteria inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-19 13:25 - 2022-12-19 13:27 - 000023032 _____ C:\Users\DovBer\Desktop\FRST.txt
2022-12-19 13:24 - 2022-12-19 13:26 - 000000000 ____D C:\FRST
2022-12-19 13:24 - 2022-12-19 13:24 - 000000000 ____D C:\Users\DovBer\Desktop\FRST-OlderVersion
2022-12-19 13:23 - 2022-12-19 13:24 - 002375680 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe
2022-12-17 14:54 - 2022-12-17 14:54 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-11-22 16:00 - 2022-11-22 16:00 - 000004096 ____H C:\Users\DovBer\AppData\Local\keyfile3.drm

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-19 13:26 - 2009-07-13 23:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-12-19 13:26 - 2009-07-13 23:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-12-19 10:58 - 2022-09-21 14:20 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2022-12-19 10:58 - 2018-01-02 09:40 - 000000000 ____D C:\Program Files\CCleaner
2022-12-19 10:36 - 2022-03-20 08:25 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-12-19 10:35 - 2017-10-10 15:37 - 000000000 ____D C:\Users\DovBer\AppData\LocalLow\Mozilla
2022-12-14 16:28 - 2017-10-11 15:49 - 000000000 ____D C:\Users\DovBer\AppData\Local\CutePDF Writer
2022-12-14 13:31 - 2019-03-06 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-12-14 10:58 - 2022-09-21 14:20 - 000003350 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2022-12-14 10:58 - 2018-01-02 09:40 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-12-12 21:34 - 2017-10-14 19:00 - 000000000 ____D C:\Users\DovBer\AppData\Roaming\vlc
2022-12-12 15:52 - 2009-07-14 00:13 - 000787674 _____ C:\Windows\system32\PerfStringBackup.INI
2022-12-12 15:52 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2022-12-11 10:40 - 2017-10-10 14:29 - 000000000 __SHD C:\Users\DovBer\IntelGraphicsProfiles
2022-12-11 10:39 - 2017-10-10 15:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-12-11 10:39 - 2017-10-10 15:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-12-11 10:39 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories ========

2017-11-25 16:39 - 2002-11-20 03:08 - 000681984 _____ (1-4a Rename) C:\Program Files\rename.exe
2020-09-10 07:25 - 2020-09-10 07:25 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe BMP Format CS5 Prefs
2022-01-20 22:03 - 2022-11-08 12:00 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe PNG Format CS5 Prefs
2021-07-01 08:25 - 2021-07-01 08:25 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe Targa Format CS5 Prefs
2018-08-01 07:56 - 2022-11-01 09:02 - 000012964 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\PrintingModule
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\PrintsService
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\Profiles
2018-12-21 12:05 - 2018-12-21 12:05 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\Rule Actions
2017-12-01 08:59 - 2018-07-01 13:33 - 000012971 _____ () C:\Users\DovBer\AppData\Roaming\Tab Separated Values (DOS).CAL
2018-05-18 13:04 - 2018-06-06 23:38 - 000000174 _____ () C:\Users\DovBer\AppData\Roaming\WB.CFG
2019-03-11 08:49 - 2019-03-11 08:49 - 000003584 _____ () C:\Users\DovBer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-11-22 16:00 - 2022-11-22 16:00 - 000004096 ____H () C:\Users\DovBer\AppData\Local\keyfile3.drm
2020-06-18 16:24 - 2020-06-18 16:24 - 000002084 _____ () C:\Users\DovBer\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-12-13 00:15
==================== End of FRST.txt ========================

 

*

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2022
Ran by DovBer (19-12-2022 13:27:14)
Running from C:\Users\DovBer\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X64) (2017-10-10 21:43:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-956995889-4081865807-2724082783-500 - Administrator - Disabled)
DovBer (S-1-5-21-956995889-4081865807-2724082783-1000 - Administrator - Enabled) => C:\Users\DovBer
Guest (S-1-5-21-956995889-4081865807-2724082783-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-956995889-4081865807-2724082783-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.5 (HKLM\...\{180B9AE1-F87B-4107-8C68-4265E927D6A8}) (Version: 4.5.0.2482 - Open Media LLC)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
Adobe AIR (HKLM-x32\...\{A2BCA9F1-566C-4805-97D1-7FDC93386723}) (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.87 - Hulubulu Software)
Amazon Kindle (HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version:  - )
BookSmart® 3.5.0 3.5.0 (HKLM-x32\...\BookSmart® 3.5.0 3.5.0) (Version:  - Blurb, Inc)
BookWright version 1.2.175 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.2.175 - Blurb, Inc.)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon PowerShot G1 X Camera User Guide (HKLM-x32\...\CameraUserGuide-PSG1X) (Version: 1.0.0.5 - Canon Inc.)
Canon PRO-100 series On-screen Manual (HKLM-x32\...\Canon PRO-100 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon PRO-100 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_PRO-100_series) (Version:  - Canon Inc.)
Canon PRO-100 series User Registration (HKLM-x32\...\Canon PRO-100 series User Registration) (Version:  - Canon Inc.‎)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\DPP) (Version: 3.11.3.10 - Canon Inc.)
Capture NX-D (HKLM\...\{2D088846-B670-47AF-91C3-76E0B3E887C3}) (Version: 1.4.7 - Nikon Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 6.07 - Piriform)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.8 - Ursa Minor Ltd)
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
Easy Photo Scan (HKLM-x32\...\{F2132D5C-4C3F-41A9-865B-68966A06B01C}) (Version: 1.00.0000 - Seiko Epson Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.0.1343 - Software MacKiev)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.5.0.20723 - Foxit Software Inc.)
FreeFileSync 10.13 (HKLM-x32\...\FreeFileSync_is1) (Version: 10.13 - FreeFileSync.org)
GFI BackUp Freeware (HKLM-x32\...\GFI BackUp Freeware) (Version: 4.0 - GFI Software Ltd.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.40 - Janos Mathe)
HL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP SoftPaq Download Manager (HKLM-x32\...\{BB51845C-10A6-457F-A215-9B2D3E130889}) (Version: 3.6.2.0 - Hewlett-Packard Company)
inst (HKLM-x32\...\{EC5B556B-32A8-4D68-83CC-5356380FD889}) (Version: 1.0.0.0 - Creative Software Solutions GmbH)
Intel® Chipset Device Software (HKLM\...\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}) (Version: 10.1.1.9 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{A5536A08-5A7F-4330-8947-0372B500A3BD}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{C6C06C9F-B452-4C7A-AB83-F5931AB9B372}) (Version: 11.0.0.1163 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{94BC10B9-159A-44E8-BEA1-34BF765FEA58}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4821 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{E4945B75-A983-48E7-9AB6-B84AF13AF9B3}) (Version: 14.6.1.1030 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
IrfanView 4.59 (64-bit) (HKLM\...\IrfanView64) (Version: 4.59 - Irfan Skiljan)
ITK-SNAP (HKLM-x32\...\ITK-SNAP 3.8) (Version: 0.1.1 - Humanity)
Malwarebytes version 4.5.19.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.19.229 - Malwarebytes)
MicroDicom DICOM viewer 2022.1 (HKLM-x32\...\MicroDicom) (Version: 2022.1 - MicroDicom)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
Microsoft Corporation (HKLM\...\{9C5A08BF-BB99-4998-81BD-F6CC32483B34}) (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (HKLM-x32\...\{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}) (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{0E837AF0-4C92-4077-83F0-D022073F17C0}) (Version: 1.0.1327.0 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM-x32\...\{44F7BA74-C11A-49FC-B2FC-1B827C491F74}) (Version: 3.0.1061.0 - Microsoft Corporation) Hidden
Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Expression Web 3 (HKLM-x32\...\{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}) (Version: 3.0.1762.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 3 (HKLM-x32\...\Web_3.0.1762.0) (Version: 3.0.1762.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (HKLM\...\{3C28BFD4-90C7-3138-87EF-418DC16E9598}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (HKLM\...\{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (HKLM-x32\...\{6C772996-BFF3-3C8C-860B-B3D48FF05D65}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (HKLM-x32\...\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 106.0.3 (x64 en-US)) (Version: 106.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.2 - Notepad++ Team)
OpenShot Video Editor version 2.4.3 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.3 - OpenShot Studios, LLC)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Perfection V550 User’s Guide version 1.0 (HKLM-x32\...\UsersGuidePerfection V550 User’s Guide_is1) (Version: 1.0 - )
Picture Control Utility 2 (HKLM\...\{46BEAB85-B86A-4AAB-B085-136ECA032CF4}) (Version: 2.3.1 - Nikon Corporation)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.15 - Nikon)
PTAssembler (HKLM-x32\...\PTAssembler_is1) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.)
Russian Phonetic YaZHert - WinRus.com (HKLM\...\{DE3C0FDB-6BCC-4D98-A928-923A70A41670}) (Version: 1.0.3.40 - personal)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.56.0 - Samsung Electronics Co., Ltd.)
Skype version 8.92 (HKLM-x32\...\Skype_is1) (Version: 8.92 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Total Recorder 8.6 Professional Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
UltraFileSearch Std (HKLM-x32\...\{EC1DFA01-BA25-4E1C-A101-A8C8EDD821B2}) (Version: 6.1.0.21193 - Stegisoft) Hidden
UltraFileSearch Std (HKLM-x32\...\UltraFileSearch Std) (Version:  - Stegisoft)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.2 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WPF Toolkit June 2009 (Version 3.5.40619.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.40619.1 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-01-29] (Notepad++ -> )
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {C0E10002-0028-0002-C0E1-C0E1C0E1C0E1} => C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfse90.dll [1999-03-29] (Novell, Inc., c/o Corel Corporation Limited) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {C0E10002-0028-0002-C0E1-C0E1C0E1C0E1} => C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfse90.dll [1999-03-29] (Novell, Inc., c/o Corel Corporation Limited) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2009-07-15 10:02 - 2009-07-15 10:02 - 000577536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\en\Microsoft.Expression.Framework.resources.dll
2009-07-15 10:02 - 2009-07-15 10:02 - 001093632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\en\Microsoft.Expression.Web.resources.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 000049152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Microsoft.Expression.Web.PageAnalysis.Preview.Firefox.dll
2017-12-04 15:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-10-11 11:30 - 1999-03-29 11:58 - 000057344 ____N () [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\axcntrls.dll
2019-05-28 14:51 - 2019-05-28 14:51 - 003594240 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\02dd01326c663b251f86e5986647deee\Microsoft.Expression.Framework.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000258048 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\030cce4277461b863fc2a786b051e492\Microsoft.Expression.Web.PageAnalysis.Preview.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000279040 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\108ecff0260213e0d24a9f5e7f776db7\Microsoft.Expression.Web.PageAnalysis.Preview.InternetExplorer.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 001221632 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\49205e10f10f4dcb1376072b570df9d3\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.ni.dll
2019-05-28 14:51 - 2019-05-28 14:51 - 002527232 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\89dbb47c60112f05041771472dc8923a\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.resources.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000266240 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\95520d579580ceca4de3a1d03400155a\Microsoft.Expression.Web.External.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000397312 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\ba116d5a4d7e601d295435fc56338b39\Microsoft.Expression.Web.PageAnalysis.Core.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 001203200 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\d9283bd31f144984d7fb8114b6a94677\Microsoft.Expression.Web.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000143872 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\e3dc4aa93241a16350e92e763cc12eb1\Microsoft.Expression.Web.Interop.ProtocolsInternal.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000143872 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\fa0cddec2fb7c76d3ef9f10bd4aea006\Microsoft.Expression.Web.PageAnalysis.Sdk.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000712192 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Autho#\538e01ed29831a45522184fa81e81032\Microsoft.Web.Authoring.ni.dll
2019-05-28 14:37 - 2019-05-28 14:37 - 000039424 _____ (Adobe Systems Incorporated) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8b89ec3dcb1a33d6e9a765fd4a0750f\PresentationCFFRasterizer.ni.dll
2017-12-04 15:16 - 2013-06-12 19:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-12-20 13:43 - 2014-07-11 03:50 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2017-10-11 11:30 - 1999-03-29 09:29 - 000405504 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\Shared\Writing Tools\9.0\WT9LDEN.DLL
2017-10-11 11:30 - 1999-03-29 09:25 - 000782336 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\Shared\Writing Tools\9.0\wt9li.dll
2017-10-11 11:30 - 1999-03-29 11:57 - 000274432 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\Gi90.dll
2017-10-11 11:30 - 1999-03-29 12:05 - 000643072 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfbc90.pfc
2017-10-11 11:30 - 1999-03-29 12:13 - 000114688 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfdt90.pfc
2017-10-11 11:30 - 1999-03-29 12:11 - 000102400 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfdt90en.dll
2017-10-11 11:30 - 1999-03-29 12:40 - 001056768 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFIT90.dll
2017-10-11 11:30 - 1999-03-29 12:30 - 001789952 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFIT90EN.DLL
2017-10-11 11:30 - 1999-03-29 12:06 - 000471040 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfob90.pfc
2017-10-11 11:30 - 1999-03-29 12:10 - 000765952 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFPI90.PFC
2017-10-11 11:30 - 1999-03-29 13:02 - 000040960 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFTB90.PFC
2017-10-11 11:30 - 1999-03-29 12:53 - 002187264 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\Suite9.dll
2017-10-11 11:30 - 1999-03-29 12:54 - 000266240 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\Suite9EN.dll
2017-10-11 11:30 - 1999-03-29 14:43 - 003825664 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwpEN.dll
2017-10-11 11:30 - 1999-03-29 12:04 - 000229376 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\WStr9.dll
2017-10-11 11:30 - 1999-03-29 09:34 - 000753664 ____N (Corel Corporation) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\CRLCTL90.dll
2017-10-11 11:30 - 1999-03-29 09:42 - 001003520 ____N (Corel Corporation) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\CRLUI90.dll
2015-08-18 16:20 - 2015-08-18 16:20 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2015-08-18 16:19 - 2015-08-18 16:19 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 000052224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Microsoft.Expression.Licensing.dll
2009-07-15 10:02 - 2009-07-15 10:02 - 006981632 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Webber.dll
2022-09-01 16:21 - 2022-09-01 16:21 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 002514432 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Expression\Web 3\Protocols.dll
2006-10-13 18:51 - 2006-10-13 18:51 - 000503296 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Office\Office12\USP10.DLL
2017-10-11 15:48 - 2006-11-02 05:18 - 000850432 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PS5UI.DLL
2017-10-11 15:48 - 2006-11-02 05:18 - 000628736 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PSCRIPT5.DLL
2019-01-02 07:52 - 2019-01-02 07:52 - 001105920 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
2019-01-02 07:51 - 2019-01-02 07:51 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\MFC80ENU.DLL
2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2012-04-02 11:15 - 2012-04-02 11:15 - 000110080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-956995889-4081865807-2724082783-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-01-04 04:33 - 000002103 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Corel Registration.lnk => C:\Windows\pss\Corel Registration.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK => C:\Windows\pss\CorelCENTRAL 9.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK => C:\Windows\pss\CorelCENTRAL Alarms.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Application Director 9.LNK => C:\Windows\pss\Desktop Application Director 9.LNK.CommonStartup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DB0B8916-C1B0-4C8F-A69B-B762EE38C77D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ED16AD2A-1771-4FD0-8AFA-DBD19F46E2A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9AF3BF05-3061-4DC8-9A9E-E5BB404CFE9A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{F4FAE521-7008-44A5-BB6A-9FDE3B10C5D9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{2D49C024-4D52-4B7A-8D46-0B7AB3ABC69D}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [UDP Query User{EC17843C-4678-4931-9010-4D9034AF3CA7}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [TCP Query User{8AD605BD-7624-407F-96DA-4E9FF7B1F105}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [UDP Query User{923EDE2B-6459-48BB-A83B-6F5A45934A87}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{21A67E92-7F93-4CC7-9937-B8E9EC2C4F69}] => (Block) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{11AA0C33-8F84-42DC-8980-62A731D60FF7}] => (Block) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [TCP Query User{34F2F3BC-EA22-41CB-8325-8E924F76ABCA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{49B772CD-81BE-4DC9-B364-FABC25C1C039}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{B1EF8B52-68CE-4B1C-BEED-38A922B8C5CF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{F4AF4816-CE35-400F-82DF-32FC130A1231}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{70F85D6B-BF8C-405F-92A2-7379C2818785}] => (Allow) C:\Users\DovBer\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{56F9C3F0-4236-4C4F-8F85-8828E94FAC0D}] => (Allow) C:\Users\DovBer\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{E5EB4E94-6D3C-4920-9052-F4C95D98B52A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.8.0\ABService.exe => No File
FirewallRules: [{8595ABEF-A939-4DE2-B3EF-BE531D57BCB7}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.8.0\ABService.exe => No File
FirewallRules: [{DA8A8937-D425-4C1F-BC2A-58B02F158C15}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{9D508CAC-EA65-477A-B4EA-265FD1C709BA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{D8F7F4AD-5CF8-4D24-A138-EBFFFEDB7A91}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{233B29BD-0C9B-4AE1-8656-BCB6F73DA51C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{EC42D60D-C2E2-4983-8AAE-500FE44DB28B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3CEAE103-184D-45AF-87F8-9BC0645BDB99}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1FBA508E-E88A-4D6A-BB7C-1FAEAEA089E8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CF3F83D5-3453-44CA-B7AF-586066BB3CB4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{40A8928A-05B0-46EE-985E-6284477DA008}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3FA800EA-9B4A-4888-B457-F4FFBC8F460C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

23-11-2022 00:00:01 Scheduled Checkpoint
11-12-2022 13:16:06 Scheduled Checkpoint
19-12-2022 00:00:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/11/2022 10:41:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/25/2022 08:48:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2022 08:58:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2022 12:39:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpwin9.exe, version: 9.0.0.528, time stamp: 0x3702645c
Faulting module name: PFPI90.PFC, version: 9.0.0.528, time stamp: 0x370078f8
Exception code: 0xc0000005
Fault offset: 0x0004d7d7
Faulting process id: 0x189c
Faulting application start time: 0x01d8e0b317dd623c
Faulting application path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
Faulting module path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFPI90.PFC
Report Id: ab65ffb0-4e42-11ed-aa1e-3464a9311ce3

Error: (10/15/2022 11:23:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2022 03:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpwin9.exe, version: 9.0.0.528, time stamp: 0x3702645c
Faulting module name: PFPI90.PFC, version: 9.0.0.528, time stamp: 0x370078f8
Exception code: 0xc0000005
Fault offset: 0x0004d7d7
Faulting process id: 0x29e0
Faulting application start time: 0x01d8d2758940c6c0
Faulting application path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
Faulting module path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFPI90.PFC
Report Id: 5b9529a1-4bfb-11ed-b606-3464a9311ce3

Error: (10/07/2022 10:13:03 AM) (Source: Microsoft Office 12) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (09/11/2022 07:11:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: ntdll.dll, version: 6.1.7601.24441, time stamp: 0x5cb9356e
Exception code: 0xc0000005
Fault offset: 0x0000000000022618
Faulting process id: 0xc78
Faulting application start time: 0x01d8c155bd7e6db5
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6a3c93c3-322f-11ed-b606-3464a9311ce3


System errors:
=============
Error: (12/19/2022 01:31:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (12/19/2022 01:08:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/19/2022 01:08:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/18/2022 11:30:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/17/2022 09:03:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/17/2022 09:03:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/17/2022 04:12:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/17/2022 10:22:19 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


==================== Memory info ===========================

BIOS: HP N03 Ver. 02.01 10/13/2015
Motherboard: HP 8061
Processor: Intel® Core™ i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 91%
Total physical RAM: 8057.43 MB
Available physical RAM: 705.63 MB
Total Virtual: 16113.01 MB
Available Virtual: 6798.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:515.8 GB) (Model: WD      WD10EZEX-60M2NA0 SCSI Disk Device) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:588.45 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS
Drive h: (Backup_Toshiba) (Fixed) (Total:931.51 GB) (Free:603.36 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 048D5FF0)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4E21963C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP