Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2021 Ran by grand (08-10-2021 13:02:14) Running from C:\Users\grand\Downloads Windows 10 Home Version 21H1 19043.1266 (X64) (2021-09-04 14:01:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-552959180-971348328-798598736-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-552959180-971348328-798598736-503 - Limited - Disabled) grand (S-1-5-21-552959180-971348328-798598736-1001 - Administrator - Enabled) => C:\Users\grand Guest (S-1-5-21-552959180-971348328-798598736-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-552959180-971348328-798598736-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.08.17.735 - Advanced Micro Devices, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.5.2 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{491043b2-acc5-4890-a5f2-1f5e3cc4427a}) (Version: 3.08.17.735 - Advanced Micro Devices, Inc.) Hidden Ashampoo WinOptimizer 19 (HKLM-x32\...\{4209F371-A9E3-7DD2-C1E5-04BB2B081219}_is1) (Version: 19.00.13 - Ashampoo GmbH & Co. KG) Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.2.0 - Canon Inc.) Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.01 - Canon Inc.) Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform) CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 94.0.12309.64 - Piriform Software) CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden CyberLink PowerDVD 21 (HKLM-x32\...\{9BD348A7-CED8-4814-963B-B611CB925176}) (Version: 21.0.2106.62 - CyberLink Corp.) CyberLink YouCam 8 (HKLM-x32\...\{704F43D3-B221-4379-A878-355DFED0FC2B}) (Version: 8.0.1708.0 - CyberLink Corp.) CyberLink YouCam 9 (HKLM-x32\...\{689DAD27-0634-4e5d-B726-E951371AE338}) (Version: 9.1.1927.0 - CyberLink Corp.) Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.71 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.) HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.) HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{FF81F9EB-61C1-48A4-8EE5-45C5D61BC0E0}) (Version: 12.19.53.13 - HP Inc.) HP System Event Utility (HKLM-x32\...\{9DD60999-A4F0-4333-9D00-E45C718EA6C1}) (Version: 1.4.30 - HP Inc.) Malwarebytes version 4.4.7.134 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.7.134 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.38 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-552959180-971348328-798598736-1001\...\OneDriveSetup.exe) (Version: 21.180.0905.0007 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.80 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31248 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.105 - REALTEK Semiconductor Corp.) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.19 - WildTangent) WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 5.0.0.290 - WildTangent) Hidden YouCam 9.0 (HKLM-x32\...\{689DAD27-0634-4e5d-B726-E951371AE338}_is1) (Version: 9.0 - CyberLink) Hidden Packages: ========= Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-09-04] (Canon Inc.) Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-09-28] (Facebook Inc) HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.464.0_x86__v10z8vjag6ke6 [2019-12-08] (HP Inc.) Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1250.4.118.0_x64__8xx8rvfyw5nnt [2021-10-06] (Facebook Inc) [Startup Task] Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-02] (Microsoft Corporation) Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-02] (Microsoft Corporation) Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-02] (Microsoft Corporation) Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-02] (Microsoft Corporation) Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-02] (Microsoft Corporation) Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-02] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-09-05] (Microsoft Studios) [MS Ad] Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14430.20234.0_x86__8wekyb3d8bbwe [2021-10-02] (Microsoft Corporation) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-09-04] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-08] (Microsoft Corporation) Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\cyberlinkcorp.hs.powermediaplayer14forhpconsumerpc_14.2.9528.0_x86__06qsbagp91rvg [2019-12-08] (CYBERLINKCOM CORP) Rechner + -> C:\Program Files\WindowsApps\14385JonasZoche.Rechner_4.1.7855.0_x64__7yjengah4ymn8 [2021-09-04] (Jonas Zoche) Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.3.1.0_x64__kx24dqmazqk8j [2021-09-11] (Random Salad Games LLC) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0 [2021-10-02] (Spotify AB) [Startup Task] WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2021-09-04] (WildTangent Games) Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_2.0.4.0_x86__1crh1k73ty8mg [2021-09-04] (Media Life) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [$PowerDVD21] -> {20B7D826-CC5F-49AB-B080-12E6116A2C2A} => C:\ProgramData\CyberLink\PowerDVD21\OpenWith\PDVD_Shell64.dll [2021-09-06] (CyberLink Corp. -> CyberLink Corp.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-07] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-07] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\grand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ==================== Loaded Modules (Whitelisted) ============= 2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2020-03-19 06:40 - 2020-03-19 06:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll 2020-03-19 06:40 - 2020-03-19 06:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll 2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll 2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll 2021-10-03 06:23 - 2021-10-03 06:23 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\47dd482baab12dc07e34857f12533e97\BRIDGECommon.ni.dll 2021-10-03 06:29 - 2021-10-03 06:29 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\e612546bdebb6b2e5d5e511e3c3c29b5\BridgeExtension.ni.dll 2021-10-03 06:29 - 2021-10-03 06:29 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\c8fc7bfce790d1ec253c8b4d86d5d1ba\CleanStartController.ni.dll 2021-10-03 06:31 - 2021-10-03 06:31 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\92637a3c2065a1153c4f965968887fe1\Interop.IWshRuntimeLibrary.ni.dll 2021-10-03 06:29 - 2021-10-03 06:29 - 000079872 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\5503a51826cab385f1379caabb050ab4\NativeInterop.ni.dll 2021-10-03 06:29 - 2021-10-03 06:29 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\104d229b06c27b3cc4d085a413c162d9\RegistrationUtilities.ni.dll 2021-10-03 06:31 - 2021-10-03 06:31 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\5f1fd4492ede1ca24611f23f2df7e520\Hardcodet.Wpf.TaskbarNotification.ni.dll 2021-10-03 06:29 - 2021-10-03 06:29 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\8209b879afce6614e9129aa77843934a\CommonPortable.ni.dll 2021-10-03 06:31 - 2021-10-03 06:31 - 001701888 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\3261e6eb39c8964c36ff26b92e490c1f\NAudio.ni.dll 2021-10-03 06:31 - 2021-10-03 06:31 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\030e697f36d1cf7be451e81623dd8262\Newtonsoft.Json.ni.dll 2021-10-03 06:25 - 2021-10-03 06:25 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\6315237efcbff0bc3974b0bb2ba7b1a1\Newtonsoft.Json.ni.dll 2021-10-03 06:31 - 2021-10-03 06:31 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\080b5521fcdbb4c7192f671464274f9b\log4net.ni.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2021-03-09 19:48 - 2021-03-09 19:48 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-552959180-971348328-798598736-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-552959180-971348328-798598736-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 21:46 - 2021-10-07 17:51 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2021-10-07 06:47 - 2021-10-07 06:52 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-552959180-971348328-798598736-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\grand\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKLM\...\StartupApproved\Run32: => "YouCam Service9" HKLM\...\StartupApproved\Run32: => "HPMessageService" HKU\S-1-5-21-552959180-971348328-798598736-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-552959180-971348328-798598736-1001\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_F2FDC85B0D958A216FAF50303B7DD851" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{CBCFF843-1A1C-416C-B216-EBD3EF7DB6F9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F7E31570-08ED-4962-B019-4DC41DCD4CD1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8B101AE4-B7FC-4EED-9B2A-0DC209275066}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D5961D55-CBB9-4961-AE69-599BAFED1716}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D4830CE9-CC41-430D-8F58-00980BD2CCB9}] => (Allow) C:\Program Files\CyberLink\PowerDVD21\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{61E7EC49-5851-490F-9EAD-2D5D561E40E8}] => (Allow) C:\Program Files\CyberLink\PowerDVD21\ShareModule32\Kernel\DMS\CLMSServerPDVD21.exe (CyberLink Corp. -> CyberLink) FirewallRules: [{4920C8D0-0EA4-42E0-B25B-D2F2BC974FE7}] => (Allow) C:\Program Files\CyberLink\PowerDVD21\PowerDVD21Agent.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{DBD5D3AB-226D-4D08-93E5-94E8ECDA6466}] => (Allow) C:\Program Files\CyberLink\PowerDVD21\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{6FEE5F9F-73E5-482F-972B-D51D99FDF700}] => (Allow) C:\Program Files\CyberLink\PowerDVD21\CastingStation.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{88DFC940-285F-4ED1-9FD3-01480F9E9212}] => (Allow) C:\Program Files\CyberLink\PowerDVD21\Common\CLMediaServer\clmediaserver.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{51044EE4-1892-4A44-9C38-9A34F94E3FD1}] => (Allow) C:\Program Files\CyberLink\PowerDVD21\Common\dynamic_transcode.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{90E26554-A79E-4B7C-A760-DF380E6A988C}] => (Allow) C:\Program Files\CyberLink\PowerDVD21\Common\CLMediaServer\clmediaserver.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{BE009065-8522-4E15-9BA1-93966568D863}] => (Allow) LPort=31302 FirewallRules: [{7B47BE11-6B98-4AA7-A385-B18A39A93640}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14430.20234.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DBECE1F8-C266-4168-8681-B94A5F971F04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F9C663AD-BD7F-428E-9F9E-B5BC60ABB44E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{EC939E4D-C96C-4855-9436-3F7198A97F4F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F55B5943-14B5-4713-9197-54C1496A9C7E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5608DAE2-9F9E-40F9-9039-C2D1329DA99B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{018726A0-04F0-4D44-9588-E662A2944706}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{873EEC4C-F79C-4E08-B3A2-BAEEA83015F2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9DF1C00B-79B1-44D3-B0A5-C4EDDA9FEAE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.169.612.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7858CCDB-34B7-41B5-9BD2-822611AA5805}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{107B7A29-6943-4D89-AFDD-6A16351C4071}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software) ==================== Restore Points ========================= 17-09-2021 08:27:08 Windows Modules Installer 25-09-2021 16:58:37 Scheduled Checkpoint 02-10-2021 01:13:43 Windows Modules Installer 02-10-2021 02:08:31 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (10/07/2021 05:51:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: amsprotectedservice.exe, version: 15.0.1910.1603, time stamp: 0x5d9c5f72 Faulting module name: ntdll.dll, version: 10.0.19041.1202, time stamp: 0xef8beaeb Exception code: 0xc0000005 Fault offset: 0x00044073 Faulting process id: 0x31a4 Faulting application start time: 0x01d7bb5e7b87a420 Faulting application path: C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: fa2233e5-1e44-45da-b166-7df4bd60e8c9 Faulting package full name: Faulting package-relative application ID: Error: (10/07/2021 05:29:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TotalAV.exe, version: 5.15.69.0, time stamp: 0x5f8de700 Faulting module name: KERNELBASE.dll, version: 10.0.19041.1266, time stamp: 0x6e3598ea Exception code: 0xe0434352 Fault offset: 0x0012b5b2 Faulting process id: 0x32a4 Faulting application start time: 0x01d7bb5dc27d86cd Faulting application path: C:\Program Files (x86)\TotalAV\TotalAV.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 332ebc4b-370f-4719-bdeb-b20fd7d4a042 Faulting package full name: Faulting package-relative application ID: Error: (10/07/2021 03:04:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.19041.546, time stamp: 0x058e175a Faulting module name: KERNELBASE.dll, version: 10.0.19041.1202, time stamp: 0xc9db1934 Exception code: 0xc0000602 Fault offset: 0x000000000010be3e Faulting process id: 0x2698 Faulting application start time: 0x01d7b93f04ee89f8 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 0ca9d982-2c8c-4471-8efd-b7439c160eeb Faulting package full name: Faulting package-relative application ID: Error: (10/06/2021 08:44:32 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShellExperienceHost.exe version 10.0.19041.1151 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1304 Start Time: 01d7ba4acc096a2f Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: c63e5e59-6c37-40c2-a1ff-93eacf6c4550 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Hang type: Quiesce Error: (10/06/2021 08:44:20 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program svchost.exe version 10.0.19041.546 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: ba8 Start Time: 01d7b93eb490438e Termination Time: 4294967295 Application Path: C:\Windows\System32\svchost.exe Report Id: bedc4789-0c1d-4c37-9d60-64626c923382 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (10/06/2021 07:34:21 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShellExperienceHost.exe version 10.0.19041.1151 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1f98 Start Time: 01d7b93ed3c1aef7 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 9653c415-41c3-48a8-9a0d-3f6d99659443 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App Hang type: Quiesce Error: (10/05/2021 05:15:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete retrim on RECOVERY (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) Error: (10/05/2021 05:15:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A) System errors: ============= Error: (10/06/2021 08:43:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Defender Antivirus Network Inspection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/06/2021 08:43:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Defender Antivirus Network Inspection Service service to connect. Error: (10/06/2021 08:38:51 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (10/06/2021 08:38:30 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (10/06/2021 08:04:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/06/2021 08:04:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Update service to connect. Error: (10/05/2021 01:40:21 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY) Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013. Error: (10/05/2021 12:40:09 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OIMNL79) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Windows Defender: ================ Date: 2021-10-06 12:30:15 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-10-06 08:44:12 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/PiriformBundler&threatid=277517&enterprise=0 Name: PUA:Win32/PiriformBundler Severity: Low Category: Potentially Unwanted Software Path: containerfile:_C:\Users\grand\Downloads\ccsetup561.exe; containerfile:_C:\Users\grand\Downloads\ccsetup562.exe; file:_C:\Users\grand\Downloads\ccsetup560 (1).exe; file:_C:\Users\grand\Downloads\ccsetup560.exe; file:_C:\Users\grand\Downloads\ccsetup561.exe; file:_C:\Users\grand\Downloads\ccsetup561.exe->(nsis-instdata); file:_C:\Users\grand\Downloads\ccsetup562.exe; file:_C:\Users\grand\Downloads\ccsetup562.exe->(nsis-instdata) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\grand\Downloads\MSERT.exe Security intelligence Version: AV: 1.349.2008.0, AS: 1.349.2008.0, NIS: 1.349.2008.0 Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10 Date: 2021-10-06 08:42:15 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/PiriformBundler&threatid=277517&enterprise=0 Name: PUA:Win32/PiriformBundler Severity: Low Category: Potentially Unwanted Software Path: containerfile:_C:\Users\grand\Downloads\ccsetup561.exe; containerfile:_C:\Users\grand\Downloads\ccsetup562.exe; file:_C:\Users\grand\Downloads\ccsetup560 (1).exe; file:_C:\Users\grand\Downloads\ccsetup560.exe; file:_C:\Users\grand\Downloads\ccsetup561.exe; file:_C:\Users\grand\Downloads\ccsetup561.exe->(nsis-instdata); file:_C:\Users\grand\Downloads\ccsetup562.exe->(nsis-instdata) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\grand\Downloads\MSERT.exe Security intelligence Version: AV: 1.349.2008.0, AS: 1.349.2008.0, NIS: 1.349.2008.0 Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10 Date: 2021-10-06 08:41:36 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/PiriformBundler&threatid=277517&enterprise=0 Name: PUA:Win32/PiriformBundler Severity: Low Category: Potentially Unwanted Software Path: containerfile:_C:\Users\grand\Downloads\ccsetup561.exe; containerfile:_C:\Users\grand\Downloads\ccsetup562.exe; file:_C:\Users\grand\Downloads\ccsetup560 (1).exe; file:_C:\Users\grand\Downloads\ccsetup560.exe; file:_C:\Users\grand\Downloads\ccsetup561.exe->(nsis-instdata); file:_C:\Users\grand\Downloads\ccsetup562.exe->(nsis-instdata) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\grand\Downloads\MSERT.exe Security intelligence Version: AV: 1.349.2008.0, AS: 1.349.2008.0, NIS: 1.349.2008.0 Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10 Date: 2021-10-06 08:38:03 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/PiriformBundler&threatid=277517&enterprise=0 Name: PUA:Win32/PiriformBundler Severity: Low Category: Potentially Unwanted Software Path: containerfile:_C:\Users\grand\Downloads\ccsetup561.exe; file:_C:\Users\grand\Downloads\ccsetup560 (1).exe; file:_C:\Users\grand\Downloads\ccsetup560.exe; file:_C:\Users\grand\Downloads\ccsetup561.exe->(nsis-instdata) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\grand\Downloads\MSERT.exe Security intelligence Version: AV: 1.349.2008.0, AS: 1.349.2008.0, NIS: 1.349.2008.0 Engine Version: AM: 1.1.18500.10, NIS: 1.1.18500.10  CodeIntegrity: =============== Date: 2021-10-07 17:51:50 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-09-17 05:20:33 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2021-09-16 09:34:33 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: AMI F.67 08/04/2021 Motherboard: HP 8381 Processor: AMD E2-9000 RADEON R2, 4 COMPUTE CORES 2C+2G Percentage of memory in use: 87% Total physical RAM: 3968.52 MB Available physical RAM: 476.24 MB Total Virtual: 8247 MB Available Virtual: 2672.3 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:915.32 GB) (Free:833.06 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:14.96 GB) (Free:1.77 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{199320d3-f0cf-4893-b030-f38496a35fc4}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.49 GB) NTFS \\?\Volume{c2b68419-c512-4f63-a5af-2ab598ef19a2}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 97C79425) Partition: GPT. ==================== End of Addition.txt =======================