Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.04.2024 01 Ran by user (08-04-2024 17:54:45) Running from C:\Users\user\Downloads Microsoft Windows 10 Pro Version 22H2 19045.4170 (X64) (2021-05-26 09:39:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-4082652602-1411793602-943509856-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4082652602-1411793602-943509856-503 - Limited - Disabled) Guest (S-1-5-21-4082652602-1411793602-943509856-501 - Limited - Disabled) user (S-1-5-21-4082652602-1411793602-943509856-1003 - Administrator - Enabled) => C:\Users\user WDAGUtilityAccount (S-1-5-21-4082652602-1411793602-943509856-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.001.20629 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden AMD Settings - Branding (HKLM\...\{07D88683-5F4D-4AB7-B26A-531A2FC1FF96}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.1207.1430.26069 - Advanced Micro Devices, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.108 - ALPS ELECTRIC CO., LTD.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.106 - Google LLC) Grammarly for Windows (HKU\S-1-5-21-4082652602-1411793602-943509856-1003\...\Grammarly Desktop Integrations) (Version: 1.2.71.1356 - Grammarly) HD Video Converter Factory Pro 25.0 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 25.0 - WonderFox Soft, Inc.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation) Kaspersky (HKLM-x32\...\{3DE3615C-3799-3403-92E4-E0BE05A531B5}) (Version: 21.16.6.467 - Kaspersky) Hidden Kaspersky (HKLM-x32\...\InstallWIX_{3DE3615C-3799-3403-92E4-E0BE05A531B5}) (Version: 21.16.6.467 - Kaspersky) Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Kaspersky VPN (HKLM-x32\...\{69513344-0E15-3C30-9BDC-04C3706E6CE9}) (Version: 21.16.6.467 - Kaspersky) Hidden Kaspersky VPN (HKLM-x32\...\InstallWIX_{69513344-0E15-3C30-9BDC-04C3706E6CE9}) (Version: 21.16.6.467 - Kaspersky) Malwarebytes version 5.1.2.109 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.2.109 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6448.1 - Waves Audio Ltd.) Hidden Microsoft .NET Host - 5.0.10 (x86) (HKLM-x32\...\{EEC610D2-6934-4567-A658-092A1429A21A}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.10 (x86) (HKLM-x32\...\{3B28977C-9163-48A5-A08C-C01327E18AE2}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.10 (x86) (HKLM-x32\...\{29F55E7D-9FB8-4F1D-A233-1F5995CB0FF5}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.10 (x86) (HKLM-x32\...\{EBD44C5E-F1AF-4955-AEDF-F15D06384A9C}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.10 (x86) (HKLM-x32\...\{17675144-2D5B-4BA3-AF21-A65F7D824149}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.10 (x86) (HKLM-x32\...\{98CA5A6B-4ECC-4E6D-BF18-6B20CBB6E5F4}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.65 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.17425.20146 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24123 (HKLM-x32\...\{03AC7A79-F8AF-38FC-9DA0-98DAB4F4B1CD}) (Version: 14.0.24123 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24123 (HKLM-x32\...\{06AE3BCC-7612-39D3-9F3B-B6601D877D02}) (Version: 14.0.24123 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{ba8ab6bd-ad21-447e-b617-feee84353247}) (Version: 5.0.10.30418 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{DCE5198A-7449-4F9F-A630-C8363759D0FB}) (Version: 40.40.30418 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.10 (x86) (HKLM-x32\...\{0F3E4057-E2BB-4114-A646-F143DB5CE4C9}) (Version: 48.43.48870 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.10 (x86) (HKLM-x32\...\{9dd24b73-88e0-4f0f-882a-500e00d2bdef}) (Version: 6.0.10.31726 - Microsoft Corporation) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 124.0.2 (x64 en-US)) (Version: 124.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 89.0.2 - Mozilla) MYOB AccountRight (HKU\S-1-5-21-4082652602-1411793602-943509856-1003\...\AccountRight) (Version: 2023.700.10005 - MYOB Technology Pty. Ltd.) NAPS2 6.1.2 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan) NVIDIA Graphics Driver 397.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.64 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden PaperScan 3 Free Edition (HKLM-x32\...\{87B0142A-373A-4A08-90E8-A75C2027808E}) (Version: 3.0.130 - ORPALIS) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.) Realtek USB Wireless LAN Driver (HKLM-x32\...\InstallShield_{DBCC4C27-F949-482b-B786-7B3B67587CD2}) (Version: Drv_3.00.0017 - REALTEK Semiconductor Corp.) Realtek USB Wireless LAN Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: UI_1.00.0287 - REALTEK Semiconductor Corp.) Telegram Desktop (HKU\S-1-5-21-4082652602-1411793602-943509856-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.5.1 - Telegram FZ-LLC) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) WinZip 28.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24151}) (Version: 28.0.15640 - Corel Corporation) WonderFox DVD Ripper Pro 20.0 (HKLM-x32\...\WonderFox DVD Ripper Pro) (Version: 20.0 - WonderFox Soft, Inc.) Packages: ========= Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-03-17] () HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-19] (HP Inc.) Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-31] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-16] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4082652602-1411793602-943509856-1003_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-4082652602-1411793602-943509856-1003_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-4082652602-1411793602-943509856-1003_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll (Corel Corporation -> ) CustomCLSID: HKU\S-1-5-21-4082652602-1411793602-943509856-1003_Classes\CLSID\{f1fa29dd-c316-42d8-c669-2a526dc8bc63}\localserver32 -> C:\Users\user\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe (Grammarly, Inc. -> Grammarly) ContextMenuHandlers1: [Kaspersky Plus 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\shellex.dll [2024-03-28] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2023-10-05] (Corel Corporation -> WinZip Computing) ContextMenuHandlers2: [Kaspersky Plus 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\shellex.dll [2024-03-28] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-06] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [Kaspersky Plus 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\shellex.dll [2024-03-28] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2023-10-05] (Corel Corporation -> WinZip Computing) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-07] (Advanced Micro Devices, Inc.) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Kaspersky Plus 21.16] -> {AE776072-9FCA-48AF-941C-5759266BB644} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\shellex.dll [2024-03-28] (AO Kaspersky Lab -> AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-06] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2023-10-05] (Corel Corporation -> WinZip Computing) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-06-02 10:28 - 2014-04-17 09:54 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\P2PLib.dll 2021-06-02 10:28 - 2014-04-17 09:54 - 000221184 _____ () [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\EnumDevLib.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL 2017-06-05 06:59 - 2017-06-05 06:59 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2021-06-13 20:50 - 2021-06-13 20:50 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll 2021-06-13 20:50 - 2021-06-13 20:50 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll 2021-06-02 10:28 - 2014-04-17 09:54 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\IpLib.dll 2021-06-02 10:28 - 2014-04-17 09:54 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlQRCode.dll 2021-06-02 10:28 - 2014-04-17 09:54 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\LIBEAY32.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000237568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll 2017-06-05 06:58 - 2017-06-05 06:58 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll 2017-12-07 14:27 - 2017-12-07 14:27 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll 2017-06-05 06:58 - 2017-06-05 06:58 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll 2017-06-05 06:58 - 2017-06-05 06:58 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll 2017-06-05 06:58 - 2017-06-05 06:58 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll 2017-06-05 06:58 - 2017-06-05 06:58 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll 2017-06-05 06:58 - 2017-06-05 06:58 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2017-06-05 06:59 - 2017-06-05 06:59 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\user\Downloads\FRST64.exe:MBAM.Zone.Identifier [240] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-07] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-07] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 14:49 - 2024-03-28 10:46 - 000000836 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4082652602-1411793602-943509856-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.10.42 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{73FA3D92-D5D6-4895-B5CA-18E6874F9729}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) FirewallRules: [{5B110B4A-5EE5-4E3E-A433-A6FF16CE45D6}] => (Allow) LPort=1542 FirewallRules: [{72E8B522-BC0D-4101-B5FF-DC436710606D}] => (Allow) LPort=1542 FirewallRules: [{9A239253-0225-4ABA-994E-E2557944D34A}] => (Allow) LPort=53 FirewallRules: [{66F6E9EF-5FAA-4A8E-9F57-13D9C0988429}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{522932BF-A6D3-43E4-8D90-2A71727C0256}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{6C0DCBA2-F226-4660-83A6-DE4E0BF52EEA}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{BF0051F4-A28E-4B3B-877E-6EA50BE01800}] => (Allow) LPort=53 FirewallRules: [{7D90F8BD-AA2A-4FCD-9B8A-7AC2BB9BC334}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{49E06718-BED2-4B12-9FCF-B67D17194BFE}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{C28A0C56-9650-4B6F-99EA-BD6035C46ED8}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{E1C456D2-F353-4AFD-BFD9-89FBEBE48E46}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{1339A5E0-5079-4BF2-A0B0-7E263E8CD346}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2F7693F3-B31E-481F-BEF0-C8591AA3FD88}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9E8FB771-1914-4457-A75A-2D989F4FD5CB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7A434367-1EFC-4DFE-8369-2233B276F4BA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8711272E-AE51-4CF2-8F8E-4F6350F91681}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{44990097-0604-42D2-BFFD-F391764FF08D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{718AA467-82A9-41D7-BC5D-833BAE191558}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3BC47E37-FD6A-43D8-AF14-2CF7D78A8371}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F832A701-984E-4EAF-8F25-81D23B54E128}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7AD90A59-9D7F-4C56-9749-C4F2798F981F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9D1A332E-1517-4822-B399-CF8D1BE966C5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{BB0D885E-C910-48E0-9774-B0C96ED0F098}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8F4C445F-15C4-4934-B513-8AEEED00DE7E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 21-03-2024 09:06:17 Windows Modules Installer 28-03-2024 09:14:37 Scheduled Checkpoint 05-04-2024 21:51:16 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/07/2024 02:27:52 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: WINDOWS-QSS2PM6) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (04/07/2024 02:18:50 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: WINDOWS-QSS2PM6) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (04/06/2024 02:48:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: winzip64.exe, version: 50.280.15640.0, time stamp: 0x651f11ce Faulting module name: winzip64.exe, version: 50.280.15640.0, time stamp: 0x651f11ce Exception code: 0xc000041d Fault offset: 0x0000000000036e97 Faulting process id: 0x10f8 Faulting application start time: 0x01da87ddb076b4bf Faulting application path: C:\Program Files\WinZip\winzip64.exe Faulting module path: C:\Program Files\WinZip\winzip64.exe Report Id: a4651d02-db23-47cf-a213-80710ef6c2ba Faulting package full name: Faulting package-relative application ID: Error: (04/06/2024 02:48:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: winzip64.exe, version: 50.280.15640.0, time stamp: 0x651f11ce Faulting module name: winzip64.exe, version: 50.280.15640.0, time stamp: 0x651f11ce Exception code: 0xc0000005 Fault offset: 0x0000000000036e97 Faulting process id: 0x10f8 Faulting application start time: 0x01da87ddb076b4bf Faulting application path: C:\Program Files\WinZip\winzip64.exe Faulting module path: C:\Program Files\WinZip\winzip64.exe Report Id: 164f28df-415d-4857-a54c-d23ff057ba1b Faulting package full name: Faulting package-relative application ID: Error: (04/06/2024 02:48:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: winzip64.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 00007FF65FB76E97 Stack: Error: (04/06/2024 02:45:28 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: WINDOWS-QSS2PM6) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (04/06/2024 02:33:41 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (04/06/2024 02:33:25 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {5d20eaa9-1130-4f91-8f03-90ebc0bd9cb9} System errors: ============= Error: (04/08/2024 05:40:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: 2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441). Error: (04/08/2024 09:38:40 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The GoogleUpdater Service 125.0.6386.0 (GoogleUpdaterService125.0.6386.0) service terminated with the following service-specific error: %%45 Error: (04/08/2024 09:38:40 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The GoogleUpdater InternalService 125.0.6386.0 (GoogleUpdaterInternalService125.0.6386.0) service terminated with the following service-specific error: %%45 Error: (04/07/2024 02:27:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Realtek DHCP Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/07/2024 02:18:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Realtek DHCP Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/07/2024 02:17:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (04/07/2024 02:17:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Error: (04/07/2024 02:17:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\Rtlihvs.dll Windows Defender: ================ Date: 2024-03-26 17:03:09 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-03-25 17:07:35 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-03-23 17:59:52 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-03-21 20:37:32 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2024-03-20 17:07:30 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2024-03-25 18:08:44 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.407.670.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.24020.9 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2024-03-25 17:07:08 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.407.670.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.24020.9 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2024-03-25 16:06:32 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.407.670.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.24020.9 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2024-03-21 22:37:24 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.407.580.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.24020.9 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2024-03-20 23:55:21 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.407.543.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.24020.9 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =============== Date: 2024-04-08 17:48:11 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2024-04-08 09:43:36 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\com_antivirus.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. A05 05/06/2015 Motherboard: Dell Inc. 02YYK5 Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 39% Total physical RAM: 16323.63 MB Available physical RAM: 9882.64 MB Total Virtual: 18755.63 MB Available Virtual: 11305.26 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:222.55 GB) (Free:50.33 GB) (Model: WDC WDS240G2G0A-00JH30) NTFS Drive d: (EMTEC K100) (Removable) (Total:28.89 GB) (Free:28.89 GB) FAT32 Drive e: (Yellowstone: Season Four Disc 1) (CDROM) (Total:7.68 GB) (Free:0 GB) UDF Drive f: () (Removable) (Total:119.18 GB) (Free:47.13 GB) FAT32 \\?\Volume{0a8666cf-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS \\?\Volume{0a8666cf-0000-0000-0000-80c237000000}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 0A8666CF) Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=222.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=543 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: D94471F5) Partition 1: (Not Active) - (Size=28.9 GB) - (Type=FAT32) ========================================================== Disk: 2 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================