Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.02.2024 Ran by nwort (11-02-2024 17:40:51) Running from C:\Users\nwort\Desktop Microsoft Windows 10 Home Version 22H2 19045.3996 (X64) (2021-11-21 06:28:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1660784041-1680324514-1991157008-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1660784041-1680324514-1991157008-503 - Limited - Disabled) Guest (S-1-5-21-1660784041-1680324514-1991157008-501 - Limited - Disabled) nwort (S-1-5-21-1660784041-1680324514-1991157008-1001 - Administrator - Enabled) => C:\Users\nwort WDAGUtilityAccount (S-1-5-21-1660784041-1680324514-1991157008-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) calibre 64bit (HKLM\...\{907757DD-35FC-4A00-90BD-C7B8A03F4FF3}) (Version: 5.32.0 - Kovid Goyal) CrystalDiskInfo 9.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.2 - Crystal Dew World) iMazing 2.15.4.0 (HKLM\...\iMazing_is1) (Version: 2.15.4.0 - DigiDNA) iPod Support (HKLM\...\{BE71B07A-9576-49A8-8358-D69826AA1382}) (Version: 12.11.3.7 - Apple Inc.) Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes) Microsoft .NET Core Host - 3.1.32 (x86) (HKLM-x32\...\{3C73457A-1A33-4DE0-B6C2-6FBA877E1FCF}) (Version: 24.192.31915 - Microsoft Corporation) Hidden Microsoft .NET Core Host FX Resolver - 3.1.32 (x86) (HKLM-x32\...\{CE1A992F-4571-423D-9CAE-1184E8F29471}) (Version: 24.192.31915 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.32 (x86) (HKLM-x32\...\{841FE4B1-2C3F-4304-A686-6DF41B4CC1A1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17231.20194 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.112 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.112 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office SharePoint Designer 2010 (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office SharePoint Designer MUI (English) 2010 (HKLM-x32\...\{90140000-0017-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\OneDriveSetup.exe) (Version: 24.015.0121.0003 - Microsoft Corporation) Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 3.1.32 (x86) (HKLM-x32\...\{25D5B94A-E3CD-44E8-9C3A-FE320B7B38FC}) (Version: 24.192.31915 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 3.1.32 (x86) (HKLM-x32\...\{4f894285-fd43-43ac-8669-33e8b7c0a97d}) (Version: 3.1.32.31915 - Microsoft Corporation) MKVToolNix 79.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 79.0.0 - Moritz Bunkus) Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 121.0 (x64 en-GB)) (Version: 121.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20194 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20194 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.56.0 - Samsung Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{E0477A97-787B-4A23-8A23-F59429780A3E}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SharePointDesigner_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23123.1 - Samsung Electronics Co., Ltd.) Hidden Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23123.1 - Samsung Electronics Co., Ltd.) Telegram Desktop (HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.9.4 - Telegram FZ-LLC) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/06/2021 4.8.0.0) (HKLM\...\A24A5DD571B1BD4FED5E3558FDDBD8579A5EE14C) (Version: 01/06/2021 4.8.0.0 - Google, Inc.) Windows Driver Package - HS Incorporated (massfilter_hs) USB (10/20/2010 2.0.0.8) (HKLM\...\80E97631DA49E8B2E4C5B606C9597BC75EE612F5) (Version: 10/20/2010 2.0.0.8 - HS Incorporated) Windows Driver Package - HTC, Corporation (HTCAND64) USB (07/30/2015 2.0.0007.00030) (HKLM\...\C45A70BDABC1DAE5CCD49C4E701E67757AB039E6) (Version: 07/30/2015 2.0.0007.00030 - HTC, Corporation) Windows Driver Package - LG Electronics Inc. (Andbus) USB (11/30/2010 2.2.0.0) (HKLM\...\7972D4F247E02C0849331540773B9ABFA384B182) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.) Windows Driver Package - LG Electronics Inc. (AndDiag) Ports (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.) Windows Driver Package - LG Electronics Inc. (usbbus) USB (02/17/2016 5.3.0.0) (HKLM\...\6188905E45DED139E292A4F6A3CA637A65162F4D) (Version: 02/17/2016 5.3.0.0 - LG Electronics Inc.) Windows Driver Package - LG Electronics, Inc. (AndnetBus) USB (01/06/2021 4.8.0.0) (HKLM\...\4F72F5ED592B4C4B69E07DA9895BAE687A32F8AA) (Version: 01/06/2021 4.8.0.0 - LG Electronics, Inc.) Windows Driver Package - Motorola (motccgp) USB (03/01/2013 3.4.0.0) (HKLM\...\73BEF56236CE0FD380A1692BBA70B9C6B533518B) (Version: 03/01/2013 3.4.0.0 - Motorola) Windows Driver Package - PANTECH Co., Ltd. (PSKTBUS) USB (06/20/2012 4.0.21.0) (HKLM\...\31F11A15A3058696191A3708600383CAA429752E) (Version: 06/20/2012 4.0.21.0 - PANTECH Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (06/10/2014 2.11.10.0) (HKLM\...\7C7D77F30DA293C8D56A9D5FB8C3E70F4E17DA7F) (Version: 06/10/2014 2.11.10.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssadbus) USB (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaebus) USB (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. ) Windows Driver Package - SHARP (shu0bus) USB (08/11/2011 5.28.4.0) (HKLM\...\8A1FC0FFE8E99DF8171E25D8C5AFF587290A67EF) (Version: 08/11/2011 5.28.4.0 - SHARP) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Packages: ========= Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2023.11.13.0_neutral__6rarf9sa4v8jt [2023-11-21] (Disney) DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.15.0_x64__t5j2fzbtdg37r [2023-08-31] (DTS, Inc.) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5287.0_x64__8j3eq9eme6ctt [2024-01-15] (INTEL CORP) [Startup Task] iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa [2024-02-08] (Apple Inc.) [Startup Task] McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2024-02-08] (McAfee LLC.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21027.539.0_x64__8wekyb3d8bbwe [2024-02-09] (Microsoft Corporation) MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy [2024-01-25] (ASUSTeK COMPUTER INC.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-21] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.35.268.0_x64__dt26b99r8h8gj [2022-05-05] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-08] (Microsoft Studios) [MS Ad] SongPop Classic -> C:\Program Files\WindowsApps\FreshPlanetInc.SongPop2_2.26.6.0_x64__qameptgjm6k7c [2024-02-08] (FreshPlanet Inc.) Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-09] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-06] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-06] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2020-11-21 12:44 - 2020-11-21 12:44 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2020-11-21 12:44 - 2020-11-21 12:44 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll 2022-11-05 19:35 - 2022-08-18 15:21 - 001012224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\platforms\qwindows.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 09:14 - 2019-12-07 09:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\Control Panel\Desktop\\Wallpaper -> D:\Pics\Wallpaper\linesy.jfif DNS Servers: 194.168.4.100 - 194.168.8.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_1A0352803E0A09F4D32D90747118FE51" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{BF6A9455-47CA-4620-9C77-1B8481053EE6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{616A7921-1B85-4126-8DB1-4A877AAD1E81}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{62ECE685-79A8-44DB-82BC-0BCF26BADD28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{88653C66-90FD-42E6-8504-C78DA9114CBD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E1E07423-A1DA-4A4B-A765-BFA3DF60C705}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8A1A0A75-67B2-41BA-97A5-0B9E9E20F78F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8AAF0C42-4470-4E84-A3DF-6733C06D0C50}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F800D9BF-A1DF-41D2-94B1-B03263179BD9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5F8D7DCC-5D05-4570-8648-6392F26A68E7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{A4AD0B81-2013-40A0-9966-A14185CE739C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{E6E7A762-564A-4EEE-8DA3-29F5FE7B66AC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{E3101747-B39E-40B7-940C-552EB9B2DB93}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{E095469C-E890-4394-ACCD-3F0CAE19139A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{656C7F3E-7D97-4B10-BF28-CBA0D6E1431F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{EED74DAE-04F9-4FBC-AB62-4E2862801B5C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{4AE0E54A-841F-4D0B-B3BD-2C7A0335FE43}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{F1F23A70-FA4A-4044-A72B-EB85D1C532C7}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.) FirewallRules: [{1183BD76-C708-4C60-AD2F-9A0DF5714A4A}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.) FirewallRules: [{1DE07C98-66E5-4095-A08A-6B5C3D87335A}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.) FirewallRules: [{9C17BBF4-C3CC-41ED-A08E-28D1DE803109}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.) FirewallRules: [{858421A5-5391-4D2C-86EE-CEA0C4A0D467}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2DB62953-8573-48AC-9A84-90C81A03DAEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D6B7B207-4C44-4D4C-894F-D5B1FB811215}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{32629257-1576-4975-AE9B-52206412B240}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{316A37A1-8087-455D-A0E1-CEDC42BA00ED}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{01D35894-FD96-4BBB-BA7D-B8A9E9D8FD96}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) FirewallRules: [{AEE93502-CA0A-4D21-9FA5-E2F4305E2D29}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) ==================== Restore Points ========================= 30-01-2024 09:20:00 Windows Update 07-02-2024 20:04:01 Scheduled Checkpoint 11-02-2024 13:24:03 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/11/2024 01:24:03 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {535badf3-d06f-46c4-9bb2-d36fd42db07a} Error: (02/11/2024 10:15:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06 Faulting module name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06 Exception code: 0xc0000005 Fault offset: 0x0001f4d9 Faulting process ID: 0x2ef0 Faulting application start time: 0x01da5cc030cd9170 Faulting application path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe Faulting module path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe Report ID: 5d10f5a5-f354-4c90-b850-3dbd1d056637 Faulting package full name: Faulting package-relative application ID: Error: (02/10/2024 10:15:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06 Faulting module name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06 Exception code: 0xc0000005 Fault offset: 0x0001f4d9 Faulting process ID: 0x2cd4 Faulting application start time: 0x01da5c63202c87eb Faulting application path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe Faulting module path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe Report ID: 39360703-0c2a-49a1-91c1-cf6a8d200cd2 Faulting package full name: Faulting package-relative application ID: Error: (02/10/2024 07:58:52 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (02/10/2024 07:58:52 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (02/10/2024 03:57:36 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Notifications for the volume D:\ are not active. Context: Windows Application Details: The volume change journal is not active. (HRESULT : 0x8007049b) (0x8007049b) Error: (02/10/2024 10:14:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06 Faulting module name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06 Exception code: 0xc0000005 Fault offset: 0x0001f4d9 Faulting process ID: 0x1554 Faulting application start time: 0x01da5c05c5efccff Faulting application path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe Faulting module path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe Report ID: 35c9b8b9-0937-4300-b9ff-85b08f715271 Faulting package full name: Faulting package-relative application ID: Error: (02/09/2024 09:12:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06 Faulting module name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06 Exception code: 0xc0000005 Fault offset: 0x0001f4d9 Faulting process ID: 0x2188 Faulting application start time: 0x01da5b41032da655 Faulting application path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe Faulting module path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe Report ID: 211c2589-aafc-4cec-ae40-4b7a77c25bb5 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (02/11/2024 01:56:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/11/2024 01:56:01 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\nwort\AppData\Local\Temp\ehdrv.sys Error: (02/11/2024 01:56:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/11/2024 01:56:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\nwort\AppData\Local\Temp\ehdrv.sys Error: (02/11/2024 01:56:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/11/2024 01:56:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\nwort\AppData\Local\Temp\ehdrv.sys Error: (02/11/2024 01:56:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/11/2024 01:56:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\nwort\AppData\Local\Temp\ehdrv.sys Windows Defender: ================ Date: 2024-02-11 08:53:20 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-02-10 12:27:22 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-02-10 12:19:42 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-02-10 12:05:59 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-02-10 10:25:18 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2023-10-27 10:05:31 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.399.1389.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23090.2007 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2023-07-24 08:11:59 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.393.1262.0 Previous security intelligence Version: 1.393.1254.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.23060.1005 Previous Engine Version: 1.1.23060.1005 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. Date: 2023-07-24 08:11:59 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.393.1262.0 Previous security intelligence Version: 1.393.1254.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.23060.1005 Previous Engine Version: 1.1.23060.1005 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. Date: 2023-07-21 22:20:09 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007045b Error description: A system shutdown is in progress. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device. CodeIntegrity: =============== Date: 2024-02-11 17:40:25 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_89b1ad385fab2e0b\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends International, LLC. X513EA.308 07/27/2021 Motherboard: ASUSTeK COMPUTER INC. X513EA Processor: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz Percentage of memory in use: 64% Total physical RAM: 7873.98 MB Available physical RAM: 2794.95 MB Total Virtual: 9089.98 MB Available Virtual: 3271.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:236.98 GB) (Free:17.09 GB) (Model: NVMe WDC PC SN530 SDBPNPZ-256G-1002) (Protected) NTFS \\?\Volume{bfe5b1ad-0760-419e-87ae-b8b1a3ee38c5}\ (RECOVERY) (Fixed) (Total:1.03 GB) (Free:0.08 GB) NTFS \\?\Volume{da72bc49-83a7-4cb0-a34a-a7a49de3c878}\ (MYASUS) (Fixed) (Total:0.19 GB) (Free:0.13 GB) FAT32 \\?\Volume{3394475a-1d72-4666-8d44-dae7cf41f821}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 1819B2AC) Partition: GPT. ==================== End of Addition.txt =======================