Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Is my PC infected?


  • Please log in to reply

#1
BerDov

BerDov

    Member

  • Member
  • PipPipPip
  • 225 posts

Happy New Year to all

 

I suspect my PC may be infected. So, I ran < FRST64.exe> as instructed on geekstogo.com. The logs are below. What's next? Any help is appreciated.

 

*

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-12-2022
Ran by DovBer (administrator) on COMPAQ (HP HP ProDesk 400 G3 MT) (19-12-2022 13:25:08)
Running from C:\Users\DovBer\Desktop
Loaded Profiles: DovBer
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
(explorer.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe
(explorer.exe ->) (High Criteria Inc -> High Criteria inc.) C:\Program Files (x86)\HighCriteria\TotalRecorder\TotalRecorder.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(explorer.exe ->) (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Expression\Web 3\ExpressionWeb.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderConnectedPDFService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <18>
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(services.exe ->) (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe
(services.exe ->) (GFI Software Development Ltd. -> GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(taskeng.exe ->) (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-04-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-08-18] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [EPSON Stylus Photo R1800] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE [211968 2007-01-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [GFI BackUp Freeware] => C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe [2318704 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [Chromium] => "c:\users\dovber\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (No File)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe (No File)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123150712 2022-11-28] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\MountPoints2: {b2b0d526-add8-11e7-bdc1-806e6f6e6963} - D:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
HKLM\...\Windows x64\Print Processors\Canon PRO-100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBD.DLL [30208 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor PRO-100 series: C:\Windows\system32\CNMLMBD.DLL [406528 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor PRO-100 series XPS: C:\Windows\system32\CNMXLMBD.DLL [409088 2014-10-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [375296 2014-07-11] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CutePDF Writer Monitor v3.2: C:\Windows\system32\cpwmon64_v32.dll [90096 2017-05-26] (Acro Software Inc -> )
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2009-07-13] (Microsoft Windows -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Stylus Photo R1800 64MonitorBA: C:\Windows\system32\E_ILM9LA.DLL [129536 2006-12-08] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {59853111-0854-4911-ABC5-556E82A3F35F} - System32\Tasks\{92030B0C-3E3D-47D3-ACC9-FE5D6D53C478} => C:\Windows\system32\pcalua.exe -a C:\epson\epson12333_R1800_printer_driver_65cas\SETUP\SETUP64.EXE -d C:\epson\epson12333_R1800_printer_driver_65cas\SETUP
Task: {91E4F216-2C51-426F-8DA1-5888D4ED1316} - System32\Tasks\CCleanerSkipUAC - DovBer => C:\Program Files\CCleaner\CCleaner.exe [32602448 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {98D3A401-4531-4C50-9077-9CCD08911062} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {A1430AE4-8476-4827-BFD6-82F0AB23B5DB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-956995889-4081865807-2724082783-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746880 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Task: {A277452E-2321-47FC-90B9-BEA9C769D398} - System32\Tasks\AdobeAAMUpdater-1.0-Compaq-DovBer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AB1ABDA9-3674-4D49-973B-8770248080DB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-12-09] (Piriform Software Ltd -> Piriform)
Task: {D8DC930D-B5A0-4BAB-9B79-4BB51641C37E} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4669264 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "a8f2e377-022b-4626-83e1-be7a12439d7e" --version "6.07.10191" --silent
Task: {DA1FE4A1-9456-4532-B27B-EEE8CA06B4FF} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_DovBer => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5545552 2019-03-19] (Janos Mathe -> H.D.S. Hungary)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0A63B09D-5A87-4170-8171-E2004804DE9F}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF DefaultProfile: e4s05sqm.default
FF ProfilePath: C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default [2022-12-19]
FF DownloadDir: G:\DATA\__message_boards
FF Homepage: Mozilla\Firefox\Profiles\e4s05sqm.default -> hxxp://www.bfcollection.net/
FF Extension: (F.B Purity - Cleans up Facebook) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-12-11] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-12-12]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-08-22]
FF Extension: (uBlock Origin) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-11-15]
FF Extension: (Avast Online Security & Privacy) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-11-16]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default [2021-03-26]
CHR DownloadDir: G:\DATA\__message_boards
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-03]
CHR Extension: (Docs) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-03]
CHR Extension: (Google Drive) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-26]
CHR Extension: (YouTube) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-10]
CHR Extension: (Sheets) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-03]
CHR Extension: (Google Docs Offline) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-26]
CHR Extension: (Avast Online Security) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-03-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-26]
CHR Extension: (Gmail) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\DovBer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-26]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 GFIBckFAtt; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe [1011056 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
R2 GFIBckFSched; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe [2664816 2012-01-12] (GFI Software Development Ltd. -> GFI Software Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8892256 2022-12-17] (Malwarebytes Inc. -> Malwarebytes)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-05-13] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-05-13] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [95432 2014-05-23] (LSI Corporation -> LSI Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [52048 2013-02-06] (LSI Corporation -> LSI Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nvme; C:\Windows\system32\drivers\nvme.sys [70208 2015-06-02] (Samsung Electronics Co., Ltd. -> Samsung Electronic Co., Ltd)
R3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [171768 2022-05-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2020-11-18] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [126080 2015-10-20] (High Criteria Inc -> High Criteria inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-19 13:25 - 2022-12-19 13:27 - 000023032 _____ C:\Users\DovBer\Desktop\FRST.txt
2022-12-19 13:24 - 2022-12-19 13:26 - 000000000 ____D C:\FRST
2022-12-19 13:24 - 2022-12-19 13:24 - 000000000 ____D C:\Users\DovBer\Desktop\FRST-OlderVersion
2022-12-19 13:23 - 2022-12-19 13:24 - 002375680 _____ (Farbar) C:\Users\DovBer\Desktop\FRST64.exe
2022-12-17 14:54 - 2022-12-17 14:54 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-11-22 16:00 - 2022-11-22 16:00 - 000004096 ____H C:\Users\DovBer\AppData\Local\keyfile3.drm

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-19 13:26 - 2009-07-13 23:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-12-19 13:26 - 2009-07-13 23:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-12-19 10:58 - 2022-09-21 14:20 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2022-12-19 10:58 - 2018-01-02 09:40 - 000000000 ____D C:\Program Files\CCleaner
2022-12-19 10:36 - 2022-03-20 08:25 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-12-19 10:35 - 2017-10-10 15:37 - 000000000 ____D C:\Users\DovBer\AppData\LocalLow\Mozilla
2022-12-14 16:28 - 2017-10-11 15:49 - 000000000 ____D C:\Users\DovBer\AppData\Local\CutePDF Writer
2022-12-14 13:31 - 2019-03-06 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-12-14 10:58 - 2022-09-21 14:20 - 000003350 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2022-12-14 10:58 - 2018-01-02 09:40 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-12-12 21:34 - 2017-10-14 19:00 - 000000000 ____D C:\Users\DovBer\AppData\Roaming\vlc
2022-12-12 15:52 - 2009-07-14 00:13 - 000787674 _____ C:\Windows\system32\PerfStringBackup.INI
2022-12-12 15:52 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2022-12-11 10:40 - 2017-10-10 14:29 - 000000000 __SHD C:\Users\DovBer\IntelGraphicsProfiles
2022-12-11 10:39 - 2017-10-10 15:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-12-11 10:39 - 2017-10-10 15:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-12-11 10:39 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

==================== Files in the root of some directories ========

2017-11-25 16:39 - 2002-11-20 03:08 - 000681984 _____ (1-4a Rename) C:\Program Files\rename.exe
2020-09-10 07:25 - 2020-09-10 07:25 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe BMP Format CS5 Prefs
2022-01-20 22:03 - 2022-11-08 12:00 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe PNG Format CS5 Prefs
2021-07-01 08:25 - 2021-07-01 08:25 - 000000132 _____ () C:\Users\DovBer\AppData\Roaming\Adobe Targa Format CS5 Prefs
2018-08-01 07:56 - 2022-11-01 09:02 - 000012964 _____ () C:\Users\DovBer\AppData\Roaming\Microsoft Excel 97-2003.CAL
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\PrintingModule
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\PrintsService
2018-12-21 12:06 - 2018-12-21 12:06 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\Profiles
2018-12-21 12:05 - 2018-12-21 12:05 - 000000268 ___RH () C:\Users\DovBer\AppData\Roaming\Rule Actions
2017-12-01 08:59 - 2018-07-01 13:33 - 000012971 _____ () C:\Users\DovBer\AppData\Roaming\Tab Separated Values (DOS).CAL
2018-05-18 13:04 - 2018-06-06 23:38 - 000000174 _____ () C:\Users\DovBer\AppData\Roaming\WB.CFG
2019-03-11 08:49 - 2019-03-11 08:49 - 000003584 _____ () C:\Users\DovBer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-11-22 16:00 - 2022-11-22 16:00 - 000004096 ____H () C:\Users\DovBer\AppData\Local\keyfile3.drm
2020-06-18 16:24 - 2020-06-18 16:24 - 000002084 _____ () C:\Users\DovBer\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-12-13 00:15
==================== End of FRST.txt ========================

 

*

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2022
Ran by DovBer (19-12-2022 13:27:14)
Running from C:\Users\DovBer\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X64) (2017-10-10 21:43:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-956995889-4081865807-2724082783-500 - Administrator - Disabled)
DovBer (S-1-5-21-956995889-4081865807-2724082783-1000 - Administrator - Enabled) => C:\Users\DovBer
Guest (S-1-5-21-956995889-4081865807-2724082783-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-956995889-4081865807-2724082783-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.5 (HKLM\...\{180B9AE1-F87B-4107-8C68-4265E927D6A8}) (Version: 4.5.0.2482 - Open Media LLC)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
Adobe AIR (HKLM-x32\...\{A2BCA9F1-566C-4805-97D1-7FDC93386723}) (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.87 - Hulubulu Software)
Amazon Kindle (HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version:  - )
BookSmart® 3.5.0 3.5.0 (HKLM-x32\...\BookSmart® 3.5.0 3.5.0) (Version:  - Blurb, Inc)
BookWright version 1.2.175 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.2.175 - Blurb, Inc.)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon PowerShot G1 X Camera User Guide (HKLM-x32\...\CameraUserGuide-PSG1X) (Version: 1.0.0.5 - Canon Inc.)
Canon PRO-100 series On-screen Manual (HKLM-x32\...\Canon PRO-100 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon PRO-100 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_PRO-100_series) (Version:  - Canon Inc.)
Canon PRO-100 series User Registration (HKLM-x32\...\Canon PRO-100 series User Registration) (Version:  - Canon Inc.‎)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\DPP) (Version: 3.11.3.10 - Canon Inc.)
Capture NX-D (HKLM\...\{2D088846-B670-47AF-91C3-76E0B3E887C3}) (Version: 1.4.7 - Nikon Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 6.07 - Piriform)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.8 - Ursa Minor Ltd)
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
Easy Photo Scan (HKLM-x32\...\{F2132D5C-4C3F-41A9-865B-68966A06B01C}) (Version: 1.00.0000 - Seiko Epson Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.0.1343 - Software MacKiev)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.5.0.20723 - Foxit Software Inc.)
FreeFileSync 10.13 (HKLM-x32\...\FreeFileSync_is1) (Version: 10.13 - FreeFileSync.org)
GFI BackUp Freeware (HKLM-x32\...\GFI BackUp Freeware) (Version: 4.0 - GFI Software Ltd.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.40 - Janos Mathe)
HL-L2340D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP SoftPaq Download Manager (HKLM-x32\...\{BB51845C-10A6-457F-A215-9B2D3E130889}) (Version: 3.6.2.0 - Hewlett-Packard Company)
inst (HKLM-x32\...\{EC5B556B-32A8-4D68-83CC-5356380FD889}) (Version: 1.0.0.0 - Creative Software Solutions GmbH)
Intel® Chipset Device Software (HKLM\...\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}) (Version: 10.1.1.9 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{A5536A08-5A7F-4330-8947-0372B500A3BD}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{C6C06C9F-B452-4C7A-AB83-F5931AB9B372}) (Version: 11.0.0.1163 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{94BC10B9-159A-44E8-BEA1-34BF765FEA58}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4821 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.1.1030 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{E4945B75-A983-48E7-9AB6-B84AF13AF9B3}) (Version: 14.6.1.1030 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
IrfanView 4.59 (64-bit) (HKLM\...\IrfanView64) (Version: 4.59 - Irfan Skiljan)
ITK-SNAP (HKLM-x32\...\ITK-SNAP 3.8) (Version: 0.1.1 - Humanity)
Malwarebytes version 4.5.19.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.19.229 - Malwarebytes)
MicroDicom DICOM viewer 2022.1 (HKLM-x32\...\MicroDicom) (Version: 2022.1 - MicroDicom)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
Microsoft Corporation (HKLM\...\{9C5A08BF-BB99-4998-81BD-F6CC32483B34}) (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (HKLM-x32\...\{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}) (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{0E837AF0-4C92-4077-83F0-D022073F17C0}) (Version: 1.0.1327.0 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM-x32\...\{44F7BA74-C11A-49FC-B2FC-1B827C491F74}) (Version: 3.0.1061.0 - Microsoft Corporation) Hidden
Microsoft Expression Studio 3 (HKLM-x32\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Expression Web 3 (HKLM-x32\...\{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}) (Version: 3.0.1762.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 3 (HKLM-x32\...\Web_3.0.1762.0) (Version: 3.0.1762.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (HKLM\...\{3C28BFD4-90C7-3138-87EF-418DC16E9598}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (HKLM\...\{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (HKLM-x32\...\{6C772996-BFF3-3C8C-860B-B3D48FF05D65}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (HKLM-x32\...\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}) (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 106.0.3 (x64 en-US)) (Version: 106.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.2 - Notepad++ Team)
OpenShot Video Editor version 2.4.3 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.3 - OpenShot Studios, LLC)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Perfection V550 User’s Guide version 1.0 (HKLM-x32\...\UsersGuidePerfection V550 User’s Guide_is1) (Version: 1.0 - )
Picture Control Utility 2 (HKLM\...\{46BEAB85-B86A-4AAB-B085-136ECA032CF4}) (Version: 2.3.1 - Nikon Corporation)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.15 - Nikon)
PTAssembler (HKLM-x32\...\PTAssembler_is1) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.)
Russian Phonetic YaZHert - WinRus.com (HKLM\...\{DE3C0FDB-6BCC-4D98-A928-923A70A41670}) (Version: 1.0.3.40 - personal)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.56.0 - Samsung Electronics Co., Ltd.)
Skype version 8.92 (HKLM-x32\...\Skype_is1) (Version: 8.92 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Total Recorder 8.6 Professional Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
UltraFileSearch Std (HKLM-x32\...\{EC1DFA01-BA25-4E1C-A101-A8C8EDD821B2}) (Version: 6.1.0.21193 - Stegisoft) Hidden
UltraFileSearch Std (HKLM-x32\...\UltraFileSearch Std) (Version:  - Stegisoft)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.2 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WPF Toolkit June 2009 (Version 3.5.40619.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.40619.1 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-01-29] (Notepad++ -> )
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {C0E10002-0028-0002-C0E1-C0E1C0E1C0E1} => C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfse90.dll [1999-03-29] (Novell, Inc., c/o Corel Corporation Limited) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {C0E10002-0028-0002-C0E1-C0E1C0E1C0E1} => C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfse90.dll [1999-03-29] (Novell, Inc., c/o Corel Corporation Limited) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2009-07-15 10:02 - 2009-07-15 10:02 - 000577536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\en\Microsoft.Expression.Framework.resources.dll
2009-07-15 10:02 - 2009-07-15 10:02 - 001093632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\en\Microsoft.Expression.Web.resources.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 000049152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Microsoft.Expression.Web.PageAnalysis.Preview.Firefox.dll
2017-12-04 15:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-10-11 11:30 - 1999-03-29 11:58 - 000057344 ____N () [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\axcntrls.dll
2019-05-28 14:51 - 2019-05-28 14:51 - 003594240 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\02dd01326c663b251f86e5986647deee\Microsoft.Expression.Framework.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000258048 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\030cce4277461b863fc2a786b051e492\Microsoft.Expression.Web.PageAnalysis.Preview.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000279040 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\108ecff0260213e0d24a9f5e7f776db7\Microsoft.Expression.Web.PageAnalysis.Preview.InternetExplorer.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 001221632 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\49205e10f10f4dcb1376072b570df9d3\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.ni.dll
2019-05-28 14:51 - 2019-05-28 14:51 - 002527232 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\89dbb47c60112f05041771472dc8923a\Microsoft.Expression.Web.PageAnalysis.Preview.Controls.resources.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000266240 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\95520d579580ceca4de3a1d03400155a\Microsoft.Expression.Web.External.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000397312 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\ba116d5a4d7e601d295435fc56338b39\Microsoft.Expression.Web.PageAnalysis.Core.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 001203200 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\d9283bd31f144984d7fb8114b6a94677\Microsoft.Expression.Web.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000143872 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\e3dc4aa93241a16350e92e763cc12eb1\Microsoft.Expression.Web.Interop.ProtocolsInternal.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000143872 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Expressio#\fa0cddec2fb7c76d3ef9f10bd4aea006\Microsoft.Expression.Web.PageAnalysis.Sdk.ni.dll
2019-05-28 14:52 - 2019-05-28 14:52 - 000712192 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Web.Autho#\538e01ed29831a45522184fa81e81032\Microsoft.Web.Authoring.ni.dll
2019-05-28 14:37 - 2019-05-28 14:37 - 000039424 _____ (Adobe Systems Incorporated) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\c8b89ec3dcb1a33d6e9a765fd4a0750f\PresentationCFFRasterizer.ni.dll
2017-12-04 15:16 - 2013-06-12 19:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-12-20 13:43 - 2014-07-11 03:50 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2017-10-11 11:30 - 1999-03-29 09:29 - 000405504 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\Shared\Writing Tools\9.0\WT9LDEN.DLL
2017-10-11 11:30 - 1999-03-29 09:25 - 000782336 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\Shared\Writing Tools\9.0\wt9li.dll
2017-10-11 11:30 - 1999-03-29 11:57 - 000274432 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\Gi90.dll
2017-10-11 11:30 - 1999-03-29 12:05 - 000643072 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfbc90.pfc
2017-10-11 11:30 - 1999-03-29 12:13 - 000114688 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfdt90.pfc
2017-10-11 11:30 - 1999-03-29 12:11 - 000102400 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfdt90en.dll
2017-10-11 11:30 - 1999-03-29 12:40 - 001056768 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFIT90.dll
2017-10-11 11:30 - 1999-03-29 12:30 - 001789952 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFIT90EN.DLL
2017-10-11 11:30 - 1999-03-29 12:06 - 000471040 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\pfob90.pfc
2017-10-11 11:30 - 1999-03-29 12:10 - 000765952 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFPI90.PFC
2017-10-11 11:30 - 1999-03-29 13:02 - 000040960 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFTB90.PFC
2017-10-11 11:30 - 1999-03-29 12:53 - 002187264 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\Suite9.dll
2017-10-11 11:30 - 1999-03-29 12:54 - 000266240 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\Suite9EN.dll
2017-10-11 11:30 - 1999-03-29 14:43 - 003825664 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwpEN.dll
2017-10-11 11:30 - 1999-03-29 12:04 - 000229376 ____N (Corel Corporation Limited) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\WStr9.dll
2017-10-11 11:30 - 1999-03-29 09:34 - 000753664 ____N (Corel Corporation) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\CRLCTL90.dll
2017-10-11 11:30 - 1999-03-29 09:42 - 001003520 ____N (Corel Corporation) [File not signed] C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\CRLUI90.dll
2015-08-18 16:20 - 2015-08-18 16:20 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2015-08-18 16:19 - 2015-08-18 16:19 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 000052224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Microsoft.Expression.Licensing.dll
2009-07-15 10:02 - 2009-07-15 10:02 - 006981632 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Microsoft Expression\Web 3\Webber.dll
2022-09-01 16:21 - 2022-09-01 16:21 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2008-04-11 12:54 - 2008-04-11 12:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2009-07-15 10:01 - 2009-07-15 10:01 - 002514432 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Expression\Web 3\Protocols.dll
2006-10-13 18:51 - 2006-10-13 18:51 - 000503296 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Office\Office12\USP10.DLL
2017-10-11 15:48 - 2006-11-02 05:18 - 000850432 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PS5UI.DLL
2017-10-11 15:48 - 2006-11-02 05:18 - 000628736 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PSCRIPT5.DLL
2019-01-02 07:52 - 2019-01-02 07:52 - 001105920 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
2019-01-02 07:51 - 2019-01-02 07:51 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\MFC80ENU.DLL
2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2012-04-02 11:15 - 2012-04-02 11:15 - 000110080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-956995889-4081865807-2724082783-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-01-04 04:33 - 000002103 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Corel Registration.lnk => C:\Windows\pss\Corel Registration.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK => C:\Windows\pss\CorelCENTRAL 9.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK => C:\Windows\pss\CorelCENTRAL Alarms.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Application Director 9.LNK => C:\Windows\pss\Desktop Application Director 9.LNK.CommonStartup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DB0B8916-C1B0-4C8F-A69B-B762EE38C77D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ED16AD2A-1771-4FD0-8AFA-DBD19F46E2A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9AF3BF05-3061-4DC8-9A9E-E5BB404CFE9A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{F4FAE521-7008-44A5-BB6A-9FDE3B10C5D9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{2D49C024-4D52-4B7A-8D46-0B7AB3ABC69D}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [UDP Query User{EC17843C-4678-4931-9010-4D9034AF3CA7}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [TCP Query User{8AD605BD-7624-407F-96DA-4E9FF7B1F105}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [UDP Query User{923EDE2B-6459-48BB-A83B-6F5A45934A87}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{21A67E92-7F93-4CC7-9937-B8E9EC2C4F69}] => (Block) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{11AA0C33-8F84-42DC-8980-62A731D60FF7}] => (Block) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [TCP Query User{34F2F3BC-EA22-41CB-8325-8E924F76ABCA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{49B772CD-81BE-4DC9-B364-FABC25C1C039}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{B1EF8B52-68CE-4B1C-BEED-38A922B8C5CF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{F4AF4816-CE35-400F-82DF-32FC130A1231}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{70F85D6B-BF8C-405F-92A2-7379C2818785}] => (Allow) C:\Users\DovBer\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{56F9C3F0-4236-4C4F-8F85-8828E94FAC0D}] => (Allow) C:\Users\DovBer\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{E5EB4E94-6D3C-4920-9052-F4C95D98B52A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.8.0\ABService.exe => No File
FirewallRules: [{8595ABEF-A939-4DE2-B3EF-BE531D57BCB7}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.8.0\ABService.exe => No File
FirewallRules: [{DA8A8937-D425-4C1F-BC2A-58B02F158C15}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{9D508CAC-EA65-477A-B4EA-265FD1C709BA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{D8F7F4AD-5CF8-4D24-A138-EBFFFEDB7A91}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{233B29BD-0C9B-4AE1-8656-BCB6F73DA51C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{EC42D60D-C2E2-4983-8AAE-500FE44DB28B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3CEAE103-184D-45AF-87F8-9BC0645BDB99}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1FBA508E-E88A-4D6A-BB7C-1FAEAEA089E8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CF3F83D5-3453-44CA-B7AF-586066BB3CB4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{40A8928A-05B0-46EE-985E-6284477DA008}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3FA800EA-9B4A-4888-B457-F4FFBC8F460C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

23-11-2022 00:00:01 Scheduled Checkpoint
11-12-2022 13:16:06 Scheduled Checkpoint
19-12-2022 00:00:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Network Controller
Description: Network Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/11/2022 10:41:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/25/2022 08:48:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/24/2022 08:58:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2022 12:39:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpwin9.exe, version: 9.0.0.528, time stamp: 0x3702645c
Faulting module name: PFPI90.PFC, version: 9.0.0.528, time stamp: 0x370078f8
Exception code: 0xc0000005
Fault offset: 0x0004d7d7
Faulting process id: 0x189c
Faulting application start time: 0x01d8e0b317dd623c
Faulting application path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
Faulting module path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFPI90.PFC
Report Id: ab65ffb0-4e42-11ed-aa1e-3464a9311ce3

Error: (10/15/2022 11:23:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2022 03:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpwin9.exe, version: 9.0.0.528, time stamp: 0x3702645c
Faulting module name: PFPI90.PFC, version: 9.0.0.528, time stamp: 0x370078f8
Exception code: 0xc0000005
Fault offset: 0x0004d7d7
Faulting process id: 0x29e0
Faulting application start time: 0x01d8d2758940c6c0
Faulting application path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
Faulting module path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\PFPI90.PFC
Report Id: 5b9529a1-4bfb-11ed-b606-3464a9311ce3

Error: (10/07/2022 10:13:03 AM) (Source: Microsoft Office 12) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (09/11/2022 07:11:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144
Faulting module name: ntdll.dll, version: 6.1.7601.24441, time stamp: 0x5cb9356e
Exception code: 0xc0000005
Fault offset: 0x0000000000022618
Faulting process id: 0xc78
Faulting application start time: 0x01d8c155bd7e6db5
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6a3c93c3-322f-11ed-b606-3464a9311ce3


System errors:
=============
Error: (12/19/2022 01:31:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (12/19/2022 01:08:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/19/2022 01:08:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/18/2022 11:30:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/17/2022 09:03:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/17/2022 09:03:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (12/17/2022 04:12:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/17/2022 10:22:19 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


==================== Memory info ===========================

BIOS: HP N03 Ver. 02.01 10/13/2015
Motherboard: HP 8061
Processor: Intel® Core™ i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 91%
Total physical RAM: 8057.43 MB
Available physical RAM: 705.63 MB
Total Virtual: 16113.01 MB
Available Virtual: 6798.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:515.8 GB) (Model: WD      WD10EZEX-60M2NA0 SCSI Disk Device) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:588.45 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS
Drive h: (Backup_Toshiba) (Fixed) (Total:931.51 GB) (Free:603.36 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 048D5FF0)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4E21963C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Hello, BerDov.

 

I see that you are still running with Windows 7, and this is the actual problem here. Windows 7 is no longer supported by Microsoft, and hasn't been since 14th January 2020, so any "exploits" for that operating system are no longer being patched.
 
This leaves your machine vulnerable to attack irrespective of what Anti-Virus and/or Anti_Malware programs are present. And in your logs I don't see any such program installed, which makes things worse. 
 
We can check/clean your system, but you will never be safe/secure, unless you either update to a supported operating system or if you never use this computer online. I gather, that's why there is no reply to your previous topic here. Honestly, I see it as a waste of time, cleaning a non supported system, since no one can say when it will get infected again. 
 
Let me know about your thoughts. 

  • 0

#3
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Hello Dr M,

 

Thank you very much for your response. I accept your points, they all valid. The reason I still use Win 7 is because I was in charge of all updates, while they were available. The PC is pretty stable. I have another, Win 10 machine, which reboots periodically when Microsoft pushes updates or whatever else they push - and I do not like it at all. (I also had many problems installing the OS when bought it, less than two years ago).

 

On the Win 7 machine, I used to have Avast, which was uninstalled a couple years ago, at a suggestion of another "geek". I do have Malwarebytes, and the Firewall is ON.

 

I do not want you to spend the time on this case as there must be others who will benefit from your help. If there is a s/w program you can recommend, in addition to the Firewall and Malwarebytes, I will appreciate it. Also, if there is a procedure I can use to check/clean the system by myself, it will be appreciated as well.


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Hi, BerDov.

 

Unfortunately now even the security support is stopped, so a Windows 7 system is completely vulnerable to any kind of malware, if it used online. Think that even Windows 10 support will end in 2 years, in favor of Windows 11. It's really a security risk to stay with 7.

 

When I said it is a waste of time, I didn't mean to say that for me particularly, but to show you that it doesn't worth it. If, however, you like me to check it for now, I will do that for you, by putting an asterisk for a recommendation to upgrade to Windows 10. 

 

Since it's getting late here (now my time is almost 9 p.m.), I 'll review your logs carefully tomorrow. Well... unless you tell me that you decided to upgrade to Windows 10.   :cheers:


  • 0

#5
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you, Dr M, for your immediate reply.

 

I don't know what's involved in upgrading Win 7 to Win 10, whether it costs and how much. Let me think it over please for a day.

 

My C: drive  contains only the OS and the programs. All data files are on an external drive, for many years now. My biggest concern is that our bill are paid electronically, i.e. we log on to the bank account...


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

My biggest concern is that our bill are paid electronically, i.e. we log on to the bank account...

 
I strongly recommend you not to use this computer for online payments, for the reasons I explained above.
 
As to the upgrade to 10, it is free.
 
This is the procedure:

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to. 
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

 

Think about it and let me know about your decision. 


  • 0

#7
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

!!!

 

Thanks!


  • 1

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Take your time. I'll be here. 


  • 0

#9
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Well, I decided to install Win 10 right away.

Downloaded <MediaCreationTool22H2.exe>, moved it to Desktop, tried to run, immediately got this error msg:

 

 

"... we're unable to run this tool on your PC... Error code: 0x80072F8F - 0x2000"

 

Now what?

 

Also, I thought it was possible to upload/insert an image into the message but could not find how to just now.

 

sorry, figured out; please see below


Edited by BerDov, 10 January 2023 - 01:58 PM.

  • 0

#10
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Well, I decided to install Win 10 right away.

Downloaded <MediaCreationTool22H2.exe>, moved it to Desktop, tried to run, immediately got this error msg:

 

 

20230110_error1.jpg

 

Now what?


  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Seems that the road will have some difficulties. :)

 

Make sure that you right click the tool and run it as Administrator. 

 

If you did that, and you are still getting the same error, then try this:

  1. Right-click on the Media Creation Tool and select Properties.
  2. Make sure you are on the General tab and tick Unblock.
  3. Click Apply > Ok.
  4. Try again to run the Media tool. 

If you are still getting errors, let me know what errors are exactly, as you did before. 


  • 0

#12
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you!

 

Ran as Admin, got the same error;

 

In the Properties, clicked the [Unblock] button; then clicked [Apply] ;

 

Ran as Admin;

The Windows logo flashed for 1-2 sec, then the same exact error, with the same error code.


Edited by BerDov, 10 January 2023 - 02:49 PM.

  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

OK. 

 

Something else to try:

 

Go to Microsoft's page and just click on the Update now button. 

 

Let me know what will happen.

 

P.S. I'll be back to you tomorrow. 


  • 0

#14
BerDov

BerDov

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you, take your time; appreciate the help.

 

 

There is no [update now] button on the referred page;

 

searching the web for "update to windows 10", found this:

 

https://support.micr...sion=Windows_10

 

clicked on [check for windows updates]

 

got this error:

 

"The address wasn’t understood.

Firefox doesn’t know how to open this address, because one of the following protocols (ms-settings) isn’t associated with any program or is not allowed in this context.

    You might need to install other software to open this address."

 

BTW, the updates URL was "ms-settings:windowsupdate?activationSource=SMC-IA-4027667"

 

Decided to try update via Control Panel / Windows update.

 

"5 Important and 61 optional updates available".

 

NOTE. While doing this, it was noticed that some updates failed in 2021:

 

20230110_msg2.jpg

 

clicked on [install updates];  after 5-10 min, got this error msg:

 

20230110_error3.jpg

 

 

Restarted the computer. Windows opened normally. Decided to go through installing updates again. It's possible that one was installed, but one still failed:

 

20230110_error5.jpg

 

At this point, I tried to run the <MediaCreationTool22H2> but received the same error msg as yesterday.

 

Thank you.

 


  • 0

#15
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,687 posts

Hello. 

 

Thank you for all the information given, along with the screenshots. 
 
Let's try to do the best we can in the system, so it can be able to run the updates. 
 
Before we move on, I would like to ask you not to download or run or install or try anything else, except from what I ask you to do.
 
Actually, these are the basic guidelines, during this procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
==================================
 
Moving on.
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [Chromium] => "c:\users\dovber\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (No File)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe (No File)
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-956995889-4081865807-2724082783-1000\...\MountPoints2: {b2b0d526-add8-11e7-bdc1-806e6f6e6963} - D:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\DovBer\AppData\Roaming\Mozilla\Firefox\Profiles\e4s05sqm.default\Extensions\[email protected] [2022-08-22]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2020-11-18] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Toolbar: HKU\S-1-5-21-956995889-4081865807-2724082783-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FirewallRules: [TCP Query User{8AD605BD-7624-407F-96DA-4E9FF7B1F105}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [UDP Query User{923EDE2B-6459-48BB-A83B-6F5A45934A87}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{21A67E92-7F93-4CC7-9937-B8E9EC2C4F69}] => (Block) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{11AA0C33-8F84-42DC-8980-62A731D60FF7}] => (Block) C:\program files (x86)\epubor\ultimate\epuborultimate.exe => No File
FirewallRules: [{56F9C3F0-4236-4C4F-8F85-8828E94FAC0D}] => (Allow) C:\Users\DovBer\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{E5EB4E94-6D3C-4920-9052-F4C95D98B52A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.8.0\ABService.exe => No File
FirewallRules: [{8595ABEF-A939-4DE2-B3EF-BE531D57BCB7}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 5.8.0\ABService.exe => No File
C:\Windows\System32\DRIVERS\SWDUMon.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EC5B556B-32A8-4D68-83CC-5356380FD889}
CMD: SFC /scannow
Hosts:
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP