Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-12-2023 Ran by karakas (10-12-2023 22:13:52) Running from C:\Users\karakas\Desktop Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2021-02-01 08:09:23) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1880840183-2522925994-863313883-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1880840183-2522925994-863313883-503 - Limited - Disabled) Guest (S-1-5-21-1880840183-2522925994-863313883-501 - Limited - Disabled) karakas (S-1-5-21-1880840183-2522925994-863313883-1001 - Administrator - Enabled) => C:\Users\karakas WDAGUtilityAccount (S-1-5-21-1880840183-2522925994-863313883-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K YouTube to MP3 3.7 (HKLM\...\{921BEBDC-5874-4DEF-9A5F-CB2D03991FD6}) (Version: 3.7.2.2902 - Open Media LLC) 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe) Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team) Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.) Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation) Foxit PhantomPDF Business (HKLM-x32\...\{CAAA99A8-AB12-11E6-AA93-000C29FC3B44}) (Version: 8.1.1.1115 - Foxit Software Inc.) GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.65 - GameHouse) GenuTax Standard (HKLM-x32\...\{238715a6-57bf-488b-af18-c5247f885931}) (Version: 1.79 - GenuSource Consulting Inc) Hidden GenuTax Standard (HKLM-x32\...\{2FB6BA60-4F55-486F-B7B9-AF0283344B85}) (Version: 1.79 - GenuSource Consulting Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.71 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.32.7 - Google Inc.) Hidden Instagiffer version 1.62 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.62 - Justin Todd) Intel(R) Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{3C6C11C6-E094-4548-B032-73B4E4D0DEF7}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{9E80CC7F-966F-4282-BE0A-36B5BA5F19B1}) (Version: 11.0.0.1177 - Intel Corporation) Hidden Intel(R) ME UninstallLegacy (HKLM\...\{1377B2D9-D825-441C-A775-318D25DA3F18}) (Version: 1.0.1.0 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{B66F70B4-34E5-429A-9F55-7129E0833A45}) (Version: 14.8.0.1042 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{E6F800A9-64D3-4E93-8E8E-AB53E21D4840}) (Version: 20.50.0.1450 - Intel Corporation) Hidden Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.6.4 - PandoraTV) Malwarebytes version 4.6.6.294 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.6.294 - Malwarebytes) Microsoft Azure Information Protection (HKLM-x32\...\{21b41fcc-93c0-498f-a284-659d275b4076}) (Version: 1.54.59.0 - Microsoft Corporation) Microsoft Azure Information Protection (HKLM-x32\...\{7FA8B359-E9D7-4037-8DE1-A28F2603D742}) (Version: 1.54.59.0 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.61 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.61 - Microsoft Corporation) Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910 (HKLM-x32\...\{53f1dc9d-ed94-4650-a079-129785ce7905}) (Version: 14.28.29910.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29910 (HKLM\...\{06F1FCFD-8F77-488A-A477-6CA8A783EDD7}) (Version: 14.28.29910 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29910 (HKLM\...\{DE015560-04E3-4915-8F99-5B29289E3998}) (Version: 14.28.29910 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft1.7.7 (HKLM-x32\...\Minecraft1.7.7) (Version: - ) MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 88.0.1.7794 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security) NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.15.6.0 - Nord Security) NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN) Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7712 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.) Sin7 0.1 (HKLM-x32\...\Sin7 0.1) (Version: 0.1 - Sin7) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) Zoom (HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\ZoomUMX) (Version: 5.15.7 (20303) - Zoom Video Communications, Inc.) Packages: ========= Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.3007.0_x86__48frkmn4z8aw4 [2022-07-13] (Acer Incorporated) Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-14] () Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad] Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-11-09] (MAGIX) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-05] (Microsoft Studios) [MS Ad] Spider Solitaire++ -> C:\Program Files\WindowsApps\12291raymond.li.31631ED225837_1.1.16.0_x64__szs6zaftcmqhc [2022-02-25] (raymond.li) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-11-09] (Twitter Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => -> No File ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e43bf4f1a295d985\igfxDTCM.dll [2016-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2016-04-21 08:51 - 2015-12-31 06:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2016-08-07 15:22 - 2007-12-07 01:08 - 000108032 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMBPA.DLL ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\karakas\Downloads\[MP3DL.CC] Earthquake-320k.mp3:shield [182] AlternateDataStreams: C:\Users\karakas\Downloads\[MP3DL.CC] LILA IKE DUBPLATE {King AP} @ dainjamentalz u$a 4-320k.mp3:shield [221] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:newsfeed HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll => No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll => No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-11-14] (Foxit Software Incorporated -> ) Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-11-14] (Foxit Software Incorporated -> ) Handler: intu-tt2020 - {BA9B9DDA-C208-4938-90D6-0FAB2903CECE} - C:\Program Files (x86)\TurboTax 2020\ic2020pp.dll No File ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 03:04 - 2015-07-10 03:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\PROGRA~2\ThriXXX\3D SexVilla;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\ HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karakas\Desktop\File Cabinet\desktop background\NASA-news-Hubble-Space-Telescope-pictures-colliding-galaxies-UGC-2369-2005834.jpg DNS Servers: 103.86.96.100 - 103.86.99.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. Network Binding: ============= Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AMInstantService => 2 MSCONFIG\Services: BlackBerry Device Manager => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: cplspcon => 3 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: FoxitPhantomService => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: ibtsiva => 2 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) Security Assist => 3 MSCONFIG\Services: isaHelperSvc => 2 MSCONFIG\Services: IsAppService => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\Services: NitroDriverReadSpool9 => 2 MSCONFIG\Services: NitroUpdateService => 2 MSCONFIG\Services: nlsX86cc => 2 MSCONFIG\Services: nordsec-threatprotection-service => 3 MSCONFIG\Services: NordUpdaterService => 2 MSCONFIG\Services: nordvpn-service => 2 MSCONFIG\Services: QASvc => 2 MSCONFIG\Services: RegSrvc => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: UEIPSvc => 2 MSCONFIG\Services: ZeroConfigService => 2 HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "CyberGhost" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "DashlanePlugin" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "GarminExpress" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "NordVPN" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8B6B36A51FDD9942B0BDEE33C0F85C3E" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{8BD62413-17C7-4450-9088-80577C1D7389}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{11457BE3-1611-49AE-AAE7-42AA8551338D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{167FDA60-0062-409B-BC12-27E94A9D8573}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{825ABA35-BB4A-430C-9DC7-0B8F42BBD167}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.) FirewallRules: [{54BDB808-A02D-4E5C-A9F6-E0BC6B303832}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.) FirewallRules: [{D1937FF2-4364-4DBF-972F-36D0EA8DD9DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F6B8473E-2B34-408A-A3AB-2E04B01D6883}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F5AB9667-760B-41A7-8657-378838E455D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C2B17290-0B74-4A40-B926-1EF3B1D9830B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{790FB505-E868-428E-8195-A9C61BF6CC4C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{66217FC0-1FFF-4F3A-BD33-4244B0D6EE2B}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.) FirewallRules: [{6F23F05D-7B6B-4FD1-B916-AF6E78955B3B}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.) FirewallRules: [{07D1CA39-FE35-436B-8947-2BCBF4E64A82}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 06-12-2023 03:10:25 Scheduled Checkpoint 09-12-2023 08:31:34 AdwCleaner_BeforeCleaning_09/12/2023_08:31:26 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/10/2023 11:34:11 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (12/10/2023 11:30:01 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (12/10/2023 11:27:49 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {6c81c2e2-3f5e-44b2-bb96-56776683d5dc} Error: (12/09/2023 04:16:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchApp.exe version 10.0.19041.3636 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: e90 Start Time: 01da2ac1298b4e89 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Report Id: 0318c5e1-99c5-44b7-97d9-d5fdac7deeab Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: ShellFeedsUI Hang type: Quiesce Error: (12/09/2023 08:41:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73 Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f Exception code: 0xc0000005 Fault offset: 0x00000000000a22c7 Faulting process id: 0xf84 Faulting application start time: 0x01da2abe2357235d Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f5c2dc85-a0e3-49dd-87e8-014b653f47aa Faulting package full name: Faulting package-relative application ID: Error: (12/08/2023 09:10:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73 Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f Exception code: 0xc0000005 Fault offset: 0x00000000000a22c7 Faulting process id: 0xef8 Faulting application start time: 0x01da2a5d9e165776 Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: d52a9fa1-6dda-4305-95b6-7a557adafc71 Faulting package full name: Faulting package-relative application ID: Error: (12/08/2023 09:08:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73 Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f Exception code: 0xc0000005 Fault offset: 0x0000000000078a24 Faulting process id: 0xe78 Faulting application start time: 0x01da29f8cc4c8c63 Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 34c77468-e360-4897-b1b1-a5268f0e6554 Faulting package full name: Faulting package-relative application ID: Error: (12/08/2023 09:04:11 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . System errors: ============= Error: (12/09/2023 06:26:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout. Error: (12/09/2023 06:13:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {D726464B-98F1-4627-86CD-4A082A1E5307} did not register with DCOM within the required timeout. Error: (12/09/2023 08:41:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The secureboot service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (12/09/2023 08:41:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (960000 milliseconds) while waiting for the secureboot service to connect. Error: (12/09/2023 08:38:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The shpamsvc service terminated with the following error: Catastrophic failure Error: (12/09/2023 08:32:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The nordvpn-service service terminated unexpectedly. It has done this 1 time(s). Error: (12/09/2023 08:32:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NordSec Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/09/2023 08:32:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The FoxitPhantomService service terminated unexpectedly. It has done this 1 time(s). Windows Defender: ================ Date: 2023-12-09 21:22:52 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-12-09 18:27:26 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-12-05 19:59:46 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-12-05 16:34:59 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2023-12-05 16:34:59 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Nemucod!ml&threatid=2147748206&enterprise=0 Name: TrojanDownloader:Win32/Nemucod!ml Severity: Severe Category: Trojan Downloader Path: containerfile:_C:\Users\karakas\AppData\Local\Opera Software\Opera Stable\Cache\f_00011b; file:_C:\Users\karakas\AppData\Local\Opera Software\Opera Stable\Cache\f_00011b->(GZip) Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Security intelligence Version: AV: 1.401.1717.0, AS: 1.401.1717.0, NIS: 1.401.1717.0 Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009 Event[0]: Date: 2023-08-18 22:37:37 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.395.511.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23070.1005 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-08-18 22:37:37 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.395.511.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23070.1005 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-08-18 22:37:37 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.395.511.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23070.1005 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-08-14 10:10:03 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.393.2546.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23060.1005 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Date: 2023-08-14 10:10:03 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.393.2546.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23060.1005 Error code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. CodeIntegrity: =============== Date: 2023-12-10 10:54:40 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e43bf4f1a295d985\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. R01-A1 11/10/2015 Motherboard: Acer Aspire TC-710 Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz Percentage of memory in use: 59% Total physical RAM: 8097.83 MB Available physical RAM: 3309.52 MB Total Virtual: 16792.98 MB Available Virtual: 10556.48 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:591.16 GB) (Model: WDC WD10EZEX-21WN4A0) NTFS \\?\Volume{3614c06c-99c1-4f1c-a29d-2de8ea94e04e}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS \\?\Volume{831f2bc5-6046-4056-abd0-dc56be36db65}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 3A81C23D) Partition: GPT. ==================== End of Addition.txt =======================