Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Infection

Started by ForrestGump , Oct 05 2022 11:38 PM
Virus

  • Please log in to reply

#91
ForrestGump
Posted 24 October 2022 - 09:18 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2022
Ran by Rockets (24-10-2022 22:48:43)
Running from C:\Users\Rockets\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2132 (X64) (2022-10-18 15:25:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1890784580-1000596592-3856219040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1890784580-1000596592-3856219040-503 - Limited - Disabled)
doher (S-1-5-21-1890784580-1000596592-3856219040-1001 - Limited - Enabled) => C:\Users\doher
Guest (S-1-5-21-1890784580-1000596592-3856219040-501 - Limited - Disabled)
Rockets (S-1-5-21-1890784580-1000596592-3856219040-1002 - Administrator - Enabled) => C:\Users\Rockets
WDAGUtilityAccount (S-1-5-21-1890784580-1000596592-3856219040-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.119 - Google LLC)
HWiNFO64 Version 7.30 (HKLM\...\HWiNFO64_is1) (Version: 7.30 - Martin Malik - REALiX)
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
O&O Defrag Professional (HKLM\...\{B15B2393-3049-4C81-AEC7-0A4A6DE59B96}) (Version: 26.0.7639 - O&O Software GmbH)
O&O Syspectr (HKLM-x32\...\{A60A37CB-548C-4470-968E-EB683921728D}) (Version: 0.205.40 - O&O Software GmbH)
ParkControl (HKLM-x32\...\ParkControl) (Version: 2.4.0.2 - Bitsum)
PC Manager(Beta) (HKLM-x32\...\MSPCManager) (Version: 1.2.4.4 - Microsoft Corporation)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 11.1.1.26 - Bitsum)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.60.615.2022 - Realtek)
SanityCheck 3.52 (HKLM\...\SanityCheck_is1) (Version: 3.52 - Resplendence Software Projects Sp.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
WhySoSlow 1.61 (HKLM\...\WhySoSlowHome_is1) (Version:  - Resplendence Software Projects Sp.)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
 
Packages:
=========
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2022-10-23] (Synaptics Incorporated)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2022-09-08] (O&O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2022-09-08] (O&O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers6: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2022-09-08] (O&O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-10-24 22:39 - 2022-10-24 22:39 - 000192512 _____ () [File not signed] C:\Users\Rockets\AppData\Local\Temp\sfamcc00001.dll
2022-10-24 22:39 - 2022-10-24 22:39 - 000158720 _____ () [File not signed] C:\Users\Rockets\AppData\Local\Temp\sfareca00001.dll
2022-10-22 10:14 - 2022-10-22 10:15 - 001631744 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\OO Software\Syspectr\SQLite.Interop.dll
2022-10-22 10:15 - 2022-03-03 12:50 - 002708992 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\OO Software\Syspectr\Modules\8648d6ec-91ba-46f4-a6f4-2c2c58d88daf\CDI-Lib-x64.dat
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "O&O Defrag Tray.lnk"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{94776B3B-81F5-43F4-ACF7-4DB2286AB6DB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{000C02D5-E93C-4C81-BE7B-244CF67439AE}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{83AAFA9F-3107-44AA-82CE-B1D94593B61F}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E41CCA17-70CF-4F72-B155-F568216E5A50}] => (Allow) C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH -> O&O Software GmbH)
 
==================== Restore Points =========================
 
19-10-2022 12:56:50 Windows Modules Installer
20-10-2022 13:57:15 Windows Modules Installer
21-10-2022 19:32:55 O&O ShutUp10++
21-10-2022 23:04:58 O&O ShutUp10++
22-10-2022 02:09:57 O&O ShutUp10++
23-10-2022 16:33:26 Removed Microsoft Update Health Tools
24-10-2022 20:53:15 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/23/2022 07:47:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad.exe version 10.0.19041.1865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 28cc
 
Start Time: 01d8e739c921b46f
 
Termination Time: 191
 
Application Path: C:\Windows\System32\notepad.exe
 
Report Id: 4ac1559f-ac86-4886-b004-44fe75710e5b
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Unknown
 
Error: (10/23/2022 04:08:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/23/2022 04:08:46 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/23/2022 04:08:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/23/2022 04:08:46 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/22/2022 06:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UserBenchmark.exe, version: 3.2.8.0, time stamp: 0x634b060d
Faulting module name: atidxx64.dll, version: 8.17.10.436, time stamp: 0x54b54918
Exception code: 0xc0000005
Fault offset: 0x000000000000456f
Faulting process ID: 0x1768
Faulting application start time: 0x01d8e665096861cd
Faulting application path: C:\Users\Rockets\AppData\Roaming\UserBenchmark\UserBenchmark.exe
Faulting module path: C:\WINDOWS\SYSTEM32\atidxx64.dll
Report ID: 76af517a-17d1-4a73-812a-d483a1865833
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (10/23/2022 09:03:45 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (10/23/2022 09:03:45 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (10/23/2022 09:03:45 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (10/23/2022 09:03:45 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (10/23/2022 08:44:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (10/23/2022 08:44:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (10/23/2022 08:44:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
Error: (10/23/2022 08:44:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 
 
Windows Defender:
================
Date: 2022-10-23 22:06:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-23 19:10:36
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-23 17:01:26
Description: 
Controlled Folder Access blocked C:\Windows\System32\WinSAT.exe from making changes to memory.
Detection time: 2022-10-23T21:01:26.237Z
Path: \Device\CdRom0
Process Name: C:\Windows\System32\WinSAT.exe
Security intelligence Version: 1.377.658.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2209.7
 
Date: 2022-10-23 00:36:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-10-23 00:32:11
Description: 
Controlled Folder Access blocked C:\Users\doher\OneDrive\Desktop\syswranalyzerbus.exe from making changes to memory.
Detection time: 2022-10-23T04:32:11.268Z
Path: \Device\HarddiskVolume2
Process Name: C:\Users\doher\OneDrive\Desktop\syswranalyzerbus.exe
Security intelligence Version: 1.377.658.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2209.7

==================== Memory info =========================== 
 
BIOS: Hewlett-Packard F.15 05/17/2010
Motherboard: Hewlett-Packard 363F
Processor: AMD Athlon™ II Dual-Core M300
Percentage of memory in use: 47%
Total physical RAM: 7932.2 MB
Available physical RAM: 4165.04 MB
Total Virtual: 9212.2 MB
Available Virtual: 5665.55 MB
 
==================== Drives ================================
 
Drive c: (C ) (Fixed) (Total:444.36 GB) (Free:351.9 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (RECOVERY) (Fixed) (Total:21.1 GB) (Free:9.64 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: WD Blue SA510 2.5 500GB) FAT32
Drive i: () (Removable) (Total:59.45 GB) (Free:43.5 GB) exFAT
 
\\?\Volume{7dda13fc-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7DDA13FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)
 
==========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 9403A996)
Partition 1: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

Advertisements

#92
ForrestGump
Posted 24 October 2022 - 09:19 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Users shortcut scan result (x64) Version: 23-10-2022

Ran by Rockets (24-10-2022 22:50:25)
Running from C:\Users\Rockets\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhySoSlow\WhySoSlow.lnk -> C:\Program Files\WhySoSlow\WhySoSlow.exe (Resplendence Software Projects)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\O&O Defrag Tray.lnk -> C:\Windows\Installer\{B15B2393-3049-4C81-AEC7-0A4A6DE59B96}\app_icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanityCheck\SanityCheck.lnk -> C:\Program Files\SanityCheck\sanity.exe (Resplendence Software Projects Sp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParkControl\ParkControl.lnk -> C:\Program Files\ParkControl\ParkControl.exe (Bitsum LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software\O&O Defrag\O&O Defrag (Classic).lnk -> C:\Windows\Installer\{B15B2393-3049-4C81-AEC7-0A4A6DE59B96}\app_icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software\O&O Defrag\O&O Defrag (Modern).lnk -> C:\Windows\Installer\{B15B2393-3049-4C81-AEC7-0A4A6DE59B96}\app_icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software\O&O Defrag\O&O Defrag.lnk -> C:\Windows\Installer\{B15B2393-3049-4C81-AEC7-0A4A6DE59B96}\app_icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiMon\MultiMon.lnk -> C:\Program Files\MultiMon\MultiMon.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MS PC Manager\PC Manager.lnk -> C:\Program Files\Microsoft PC Manager\MSPCManager.exe (MSPCManager)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MS PC Manager\Uninstall PC Manager.lnk -> C:\Program Files\Microsoft PC Manager\uninst.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon\LatencyMon.lnk -> C:\Program Files\LatencyMon\LatMon.exe (Resplendence Software Projects Sp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64\HWiNFO64.lnk -> C:\Program Files\HWiNFO64\HWiNFO64.EXE (REALiX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\AMD VISION Engine Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm (No File)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Rockets\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\Links\Desktop.lnk -> C:\Users\doher\Desktop (No File)
Shortcut: C:\Users\doher\Links\Downloads.lnk -> C:\Users\doher\Downloads ()
Shortcut: C:\Users\doher\Links\msedgetype&folderdetails.exe.lnk -> C:\Users\doher\Desktop\msedgetype&folderdetails.exe.search-ms (No File)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\doher\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk -> C:\Users\doher\Desktop\launcher.exe (No File)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\O&O Defrag.lnk -> C:\Windows\Installer\{B15B2393-3049-4C81-AEC7-0A4A6DE59B96}\app_icon.exe ()
Shortcut: C:\Users\Public\Desktop\O&O Syspectr.lnk -> C:\Windows\Installer\{A60A37CB-548C-4470-968E-EB683921728D}\SyspectrIcon.exe ()
Shortcut: C:\Users\Public\Desktop\PC Manager.lnk -> C:\Program Files\Microsoft PC Manager\MSPCManager.exe (MSPCManager)
Shortcut: C:\Users\Public\Desktop\Recuva.lnk -> C:\Program Files\Recuva\recuva64.exe (No File)
Shortcut: C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (No File)
Shortcut: C:\Users\Public\Desktop\Speccy.lnk -> C:\Program Files\Speccy\Speccy64.exe (No File)
Shortcut: C:\Users\Public\Desktop\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Rockets\Links\Desktop.lnk -> C:\Users\Rockets\Desktop ()
Shortcut: C:\Users\Rockets\Links\Downloads.lnk -> C:\Users\Rockets\Downloads ()
Shortcut: C:\Users\Rockets\Desktop\3D Objects - Shortcut.lnk -> C:\Users\Rockets\3D Objects ()
Shortcut: C:\Users\Rockets\Desktop\LatencyMon.lnk -> C:\Program Files\LatencyMon\LatMon.exe (Resplendence Software Projects Sp.)
Shortcut: C:\Users\Rockets\Desktop\SanityCheck.lnk -> C:\Program Files\SanityCheck\sanity.exe (Resplendence Software Projects Sp.)
Shortcut: C:\Users\Rockets\Desktop\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Rockets\Desktop\UserBenchmark.lnk -> C:\Users\Rockets\AppData\Roaming\UserBenchmark\UserBenchmark.exe (UserBenchmark)
Shortcut: C:\Users\Rockets\Desktop\WhySoSlow.lnk -> C:\Program Files\WhySoSlow\WhySoSlow.exe (Resplendence Software Projects)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Rockets\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.chm ()
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.txt ()
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\uninstall.exe ()
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso\Process Lasso.lnk -> C:\Program Files\Process Lasso\ProcessLassoLauncher.exe (Bitsum LLC) -> /showwindow /nodelay
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Public\Desktop\Process Lasso.lnk -> C:\Program Files\Process Lasso\ProcessLassoLauncher.exe (Bitsum LLC) -> /showwindow /nodelay
ShortcutWithArgument: C:\Users\Rockets\Desktop\CUSERSSTDACT\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Rockets\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Rockets\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.url -> URL: hxxp://www.revouninstaller.com/
InternetURL: C:\Users\doher\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Rockets\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
 
==================== End of Shortcut.txt =============================

  • 0

#93
ForrestGump
Posted 24 October 2022 - 09:25 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Unusual Notification yesterday?

 

EDGEScreenshot.jpg


  • 0

#94
RKinner
Posted 24 October 2022 - 10:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Speedfan says your system is not running hot.

 

No idea why Edge is being flagged by Windows Defender but you will probably have to allow Edge through the firewall.

 

Agree the problem is an old graphics driver and a recent Windows update.  Are there any adjustments in the video software?  Right click on the desktop and normally there is an option for your graphics.  Sometimes you can adjust something there.

 

Perhaps you can get some relief by removing bloatware:

 

https://www.thewindo...emoval-software


  • 0

#95
ForrestGump
Posted 24 October 2022 - 10:59 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

I using Edge today with no more Windows Security Alerts? Windows is a strange OS


  • 0

#96
RKinner
Posted 25 October 2022 - 09:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Once you tell Windows Defender to let something through the firewall it's not going to ask you again.

 

Why don't you try Midori.  It's a browser known to be very easy on computer resources.  See if that helps with your CPU usage:

 

https://astian.org/en/midori-browser/


  • 0

#97
ForrestGump
Posted 26 October 2022 - 05:15 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

I never told WD to let anything through the firewall, I selected the X on the top right side to close the warning

 

I did try Opera previously since I read it one of the lowest computer resources Browser avail but it was no better than Edge Chromium or Google Chromium.

 

I will try Midori & keep my fingers crossed for a better result

 

I really buggered up this Laptop as I tried to install from the History files within the Recovery drive an older ATI Mobility Radeon HD 4200 Driver & I think also an older Athlon 11 Dual Core M300 CPU Processor Driver to no improvement & my C drive is now 112GB instead of 35-38GB so I don;t know what I copied over from Recovery to C?

 

Maybe the whole C drive history files? I remember over a 1,000 files when the copy process started. It was so quick I could not cancel it in time.

 

I tried the Oldest Restore point from Oct 19th, This is when I Reset this PC but it did nothing to reduce the C drive.

 

I did SFC /SCANNOW but it could not repair the found corrupted files so I did DISM/ONLINE/CLEANUP/RESTOREHEALTH & it fixed the CSI Store, Reran SFC & it repaired the Corrupted files.

 

Is Reset this PC with not keeping Files or Settings the only or best fix?


  • 0

#98
ForrestGump
Posted 26 October 2022 - 06:27 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Downloaded Midori installer first then the 64bit portable & extracted the zip files but It does not seem to install with all the setting features avail so I deleted the install/files,

 

There are really no settings avail in the browser to select so the install attempt download I did is missing something/files to fully install the browser,

 

Not sure why only a portable version is avail, Maybe saving the download file then extracting & opening with ADMIN option causes the install to miss all the settings of the install?


  • 0

#99
ForrestGump
Posted 26 October 2022 - 06:48 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Microsoft PC Manager is a 1-click optimizer for Windows 11/10

 

Have you seen/heard of this New app for Win 11? BTW also works for Win 10,

 

Introduced currently for the Chinese MS Win 11 users.

 

I Installed the program & ran it, it basically provides a 1 step APP access too many of the already built in Win tools with a few extra options

 

https://pcmanager.microsoft.com


Edited by ForrestGump, 26 October 2022 - 06:50 PM.

  • 0

#100
ForrestGump
Posted 27 October 2022 - 07:10 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

I used safe mode with networking today to see if the browser used less resources & it was double the CPU consumption!

 

I suspect it was caused by a MS basic display adapter instead of the MS ATI Mobility Radeon HD 4200 driver, The external HDMI connected Monitor was also not functional due to the Basic display driver

 

Seems Safe mode does not use the same drivers as Normal boot mode, I don't understand the logic there

 

The new Realtek Ethernet Driver I installed from your Link was working....


  • 0

Advertisements

#101
ForrestGump
Posted 31 October 2022 - 09:32 AM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Could you review please the BCDEDIT results, Maybe the RAMDISK is messing things up? There was also a BAD memory indicator notification 

 

Attached File  BCDEDITENUMALL.txt   4.89KB   162 downloads


  • 0

#102
RKinner
Posted 31 October 2022 - 09:42 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

BCD looks normal.

 

If you are getting a bad memory warning then you probably have bad RAM.  Run the built-in memory test:

 

https://www.windowsc...lems-windows-10

 

or the USB boot test:

 

https://www.memtest86.com/

 

Sometimes if you are lucky, reseating the RAM will fix it.


  • 0

#103
ForrestGump
Posted 01 November 2022 - 05:42 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Re BCD looks normal, I did play around a while back with RAMDISK to see if it would optimize the OS but I don't think I grasped how to configure the software correctly, so I deleted it or @ least I thought I did & now it appears/remains in Win Boot Loader?

 

Windows Boot Loader

-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
 
Next I tried Miray ram drive as the comments were it was much easier to setup & run but as I also did not notice any benefit, I also deleted it yet it remains as below even after I manually deleted it from the System after I saw the FRST file details. Even after doing a RESET this PC with the option selected to NOT keep apps, files or settings there it remains like a Cancer of the OS
 
MirayRAMDrive; C:\WINDOWS\System32\drivers\mrdo.sys [65488 2022-02-10] (Miray Software AG -> Miray)
 
In desperation for a CPU remedy within the browsers installed Process Lasso to try the Parking enabled/disabled & Frequency modifications to no avail either
 
Continuing to seek the OS elixir, I Ran Windows Powertool from a Powershell script on Github in the desperate attempt to free up Redmond bloatware & other CPU hogging processes & tasks which also did squat,
Will now need to do a restore point to revert back those changes, Sure it did remove a lot of resources as per TASK MGR details,
Big But BTW, it also did not help the OS, it actually made it worse!!
 
 
And now for my Grand Finale, It was now time for the YT Presentation, Timers Timer Resolution HPET
So after many wasted hours & hours observing & attempting to absorb all these optimization tweaks on YT this fellow presents with his Windows Optimization Pack Webinars, I tried these CDMs to further mess up my already unstable OS platform. My lack of improving/lowering the Latency for this OS, is a result not typical of most users that implement these mods so I suppose I will need to adopt a NON Win OS system for this 2009 HP laptop. This worsening performance of this laptop occurs after adding an additional 5GB, DDR2 so-dimm Ram & ditching the 320 GB HD for a 500 GB SSD!
 
Over 100 posts later on this website & after in-depth diagnosis by the relentless Mr, R Kinner an Expert in his profession, nothing further can be resolved in regards to this ongoing lack of performance issues this Win 10, 22H2 OS system is suffering from.
 
I have gained so much new knowledge of how to diagnoise & understand OS issues by following all the guidance/advice/software tools/new drivers shared with me by Mr R Kinner & will be forever gratefull for the opportunity to learn & grow as a person.
 
Your a TOP GUN EXPERT RK!
 
Thank you so much for your help & Patience in trying to find solutions for me
 
FYI, Below are the mods I tried out but they did not help
 
DISABLE HPET
cmd - admin
bcdedit /set useplatformclock no
& restart
 
DISABLE SYNTHETIC TIMERS
cmd - admin
bcdedit /set useplatformtick yes
& restart
 
DISABLE DYNAMIC TICK
cmd - admin
bcdedit /set disabledynamictick yes
& restart
 
And now I have to reverse the 3 above CMDs
FG
 

  • 0

#104
ForrestGump
Posted 04 November 2022 - 06:54 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

My browser appears to have been hijacked as I had a notification on Edge Your Browser Managed By Your Organization

 

I used the oldest Restore Point to Restore the PC

 

Not sure if this was the best method to resolve the issue, The Browser Managed By Your Organization is no longer present, Not sure if Restore actually purged all of the Virus

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2022

Ran by doher (administrator) on DESKTOP-Q9NCUPF (Hewlett-Packard HP G61 Notebook PC) (04-11-2022 19:29:42)
Running from C:\Users\doher\Desktop
Loaded Profiles: doher
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2193 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\doher\AppData\Local\Microsoft\OneDrive\22.212.1009.0004_1\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2180_none_7e328fe47c714aab\TiWorker.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKU\S-1-5-21-2263973382-866051081-79238805-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2263973382-866051081-79238805-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2263973382-866051081-79238805-1001\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" (No File)
HKU\S-1-5-21-2263973382-866051081-79238805-1001\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" (No File)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3F82B910-816A-4F8E-9CDC-DF0D844A236D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7AE9060D-6EB5-4BFA-A411-6E9D41AF7ADB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9CC6FC9D-A664-46B9-A0C5-AB64A96CB781} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F02C36D7-06E5-40F3-A71F-B12993498703} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{cbad6262-7949-4a97-9084-5e7be858015b}: [DhcpNameServer] 192.168.2.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-04]
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (h264ify) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2022-11-04]
Edge Extension: (DuckDuckGo) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2022-11-04]
Edge Extension: (uBlock Origin) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-10-28]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-28]
Edge Extension: (MSN New Tab) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lklfbkdigihjaaeamncibechhgalldgl [2022-10-28]
Edge Extension: (AdGuard AdBlocker) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2022-10-28]
Edge Extension: (Privacy Badger) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2022-10-28]
Edge Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2022-11-04]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default [2022-11-04]
CHR Extension: (h264ify) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2022-10-30]
CHR Extension: (uBlock Origin) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-29]
CHR Extension: (Speedtest by Ookla) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2022-10-29]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocpnlppkickgojjlmhdmidojbmbodfm [2022-10-29]
CHR Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2022-10-29]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [785408 2022-10-28] (Microsoft Windows -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe [3191224 2022-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe [133536 2022-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Ahflt; C:\WINDOWS\System32\drivers\ahflt.sys [46480 2022-10-24] (Microsoft Corporation -> Microsoft Corporation)
S3 AppleKIS; C:\WINDOWS\System32\drivers\AppleKIS.sys [66976 2022-09-14] (Apple Inc. -> Apple Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleRSM; C:\WINDOWS\System32\drivers\AppleRSM.sys [77720 2022-09-13] (Apple Inc. -> Apple Inc.)
S3 MirayRAMDrive; C:\WINDOWS\System32\drivers\mrdo.sys [65488 2022-02-10] (Miray Software AG -> Miray)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2022-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469280 2022-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-31] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-11-04 19:29 - 2022-11-04 19:29 - 000000000 ____D C:\Users\doher\Desktop\FRST-OlderVersion
2022-11-04 18:12 - 2022-11-04 18:12 - 000017243 _____ C:\Users\doher\Desktop\Additionnov22022.txt
2022-11-04 18:10 - 2022-11-04 18:10 - 000047605 _____ C:\Users\doher\Desktop\FRSTnov32022.txt
2022-11-02 07:06 - 2022-11-02 07:06 - 000000000 ____D C:\Users\doher\AppData\Local\VHS to DVD
2022-11-02 03:48 - 2022-11-02 03:48 - 003637651 _____ C:\Users\doher\Downloads\HP G61-320CA MANUAL.pdf
2022-11-02 02:49 - 2022-11-02 02:49 - 000015972 _____ C:\Users\doher\Desktop\Additionscan011120221142PM.txt
2022-11-02 02:38 - 2022-11-02 02:38 - 000052937 _____ C:\Users\doher\Desktop\FRSTSCAN011120221130PM.txt
2022-11-02 02:15 - 2022-11-02 02:15 - 000000000 ____D C:\Users\doher\AppData\Local\AMDSoftwareInstaller
2022-11-02 01:54 - 2022-11-02 01:54 - 000001574 _____ C:\Users\doher\Desktop\DRVFIXFULLMANUALINSTALL.txt
2022-11-02 01:42 - 2022-11-02 02:50 - 000002174 _____ C:\Users\doher\Desktop\DRIVERFIXMANINSTALLPT1.txt
2022-11-02 01:26 - 2022-11-02 01:26 - 000000000 ____D C:\Users\doher\AppData\Roaming\Neos Eureka S.r.l
2022-11-01 23:44 - 2022-11-01 23:44 - 000021898 _____ C:\Users\doher\Desktop\Shortcut.txt
2022-11-01 20:32 - 2022-11-01 20:32 - 000007472 _____ C:\Users\doher\Desktop\LMM1112022830PM.txt
2022-11-01 20:09 - 2022-11-01 20:09 - 000007526 _____ C:\Users\doher\Desktop\LMM1112022809PM.txt
2022-11-01 16:33 - 2022-11-01 18:18 - 000000904 _____ C:\Users\doher\Desktop\TIMERTWEAKSBENCHMRKD.txt
2022-11-01 08:03 - 2022-11-01 08:03 - 001098369 _____ C:\Users\doher\Downloads\452 EN Statement of Health for Group Insurance_PM_2021-04-10  (1).pdf
2022-11-01 07:57 - 2022-11-01 07:57 - 001098369 _____ C:\Users\doher\Downloads\452 EN Statement of Health for Group Insurance_PM_2021-04-10 .pdf
2022-11-01 07:20 - 2022-11-01 07:56 - 001098369 _____ C:\Users\doher\Desktop\452 EN Statement of Health for Group Insurance_PM_2021-04-10 .pdf
2022-11-01 07:02 - 2022-11-04 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MS PC Manager
2022-11-01 07:02 - 2022-11-04 18:33 - 000000000 ____D C:\Program Files\Microsoft PC Manager
2022-11-01 07:02 - 2022-11-01 22:54 - 000000000 ____D C:\Users\doher\AppData\Local\Windows Master
2022-11-01 07:02 - 2022-11-01 07:02 - 000000000 ____D C:\Users\doher\AppData\Local\ToastNotificationManagerCompat
2022-11-01 07:02 - 2022-11-01 07:02 - 000000000 ____D C:\Users\doher\AppData\Local\PC Manager
2022-11-01 07:02 - 2022-11-01 07:02 - 000000000 ____D C:\ProgramData\Windows Master
2022-11-01 06:58 - 2022-11-02 07:16 - 000000000 ____D C:\Users\doher\AppData\Local\ElevatedDiagnostics
2022-11-01 02:11 - 2022-11-01 02:15 - 000000000 ____D C:\Users\doher\AppData\Local\Adobe
2022-11-01 02:11 - 2022-11-01 02:15 - 000000000 ____D C:\ProgramData\Adobe
2022-11-01 02:11 - 2022-11-01 02:11 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-11-01 02:07 - 2022-11-04 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VHS2USB
2022-11-01 02:07 - 2022-11-01 02:07 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2022-11-01 02:07 - 2022-11-01 02:07 - 000000000 ____D C:\Program Files (x86)\honestech
2022-11-01 01:25 - 2022-11-01 01:25 - 000042937 _____ C:\Users\doher\Desktop\FRSTNov012022.txt
2022-11-01 01:06 - 2022-11-01 01:06 - 000013676 _____ C:\Users\doher\Desktop\AdditionscanNov012022.txt
2022-11-01 00:12 - 2022-11-01 00:12 - 000000000 ____D C:\Users\doher\AppData\Local\OO Software
2022-10-31 21:46 - 2022-11-04 18:33 - 000000000 ____D C:\ProgramData\ProductData
2022-10-31 21:46 - 2022-10-31 21:54 - 000000000 ____D C:\Users\doher\AppData\Roaming\instinfo
2022-10-31 21:45 - 2022-10-31 21:45 - 000000000 ____D C:\Program Files (x86)\IObit
2022-10-31 21:44 - 2022-11-04 18:33 - 000000000 ____D C:\ProgramData\IObit
2022-10-31 21:44 - 2022-10-31 21:46 - 000000000 ____D C:\Users\doher\AppData\Roaming\IObit
2022-10-31 21:36 - 2022-10-31 21:36 - 003348036 _____ C:\Users\doher\Downloads\HxDSetup.zip
2022-10-31 18:09 - 2022-10-31 18:09 - 000001883 _____ C:\Users\doher\Desktop\FirstBackup.spg
2022-10-31 16:39 - 2022-10-31 16:39 - 000000000 ____D C:\Users\doher\AppData\Roaming\NetOptimizer
2022-10-31 15:09 - 2022-10-31 15:09 - 000000000 ____D C:\_FR33THY Optimization Pack-20221031T190802Z-001
2022-10-31 15:08 - 2022-10-31 15:09 - 199451475 _____ C:\Users\doher\Desktop\_FR33THY Optimization Pack-20221031T190802Z-001.zip
2022-10-31 13:30 - 2022-11-04 18:33 - 000000000 ____D C:\Users\doher\Downloads\ISLC v1.0.2.8
2022-10-31 12:47 - 2022-10-31 12:47 - 000007586 _____ C:\Users\doher\Desktop\LMMAIN311020221240PM.txt
2022-10-31 12:43 - 2022-10-31 12:43 - 000007586 _____ C:\Users\doher\Desktop\LMSTATS311020221243PM.txt
2022-10-31 11:23 - 2022-10-31 11:23 - 000005006 _____ C:\Users\doher\Desktop\BCDEDITENUMALL.txt
2022-10-31 07:18 - 2022-11-04 18:33 - 000000000 ____D C:\Users\doher\Downloads\WinTimerTester_1.1
2022-10-31 07:04 - 2022-10-31 07:04 - 000008264 _____ C:\Users\doher\Downloads\WinTimerTester_1.1.zip
2022-10-31 06:26 - 2022-10-31 06:26 - 000007588 _____ C:\Users\doher\Desktop\Latmonoct312022.txt
2022-10-31 03:59 - 2022-10-31 03:59 - 000007605 _____ C:\Users\doher\AppData\Local\Resmon.ResmonCfg
2022-10-31 03:08 - 2022-10-31 03:08 - 000000000 ____D C:\Users\doher\AppData\Roaming\Mozilla
2022-10-31 00:48 - 2022-10-31 00:48 - 000078136 _____ C:\Users\doher\Desktop\DxDiag.txt
2022-10-30 21:25 - 2022-10-30 21:29 - 000000000 ___HD C:\$WinREAgent
2022-10-29 20:55 - 2022-10-29 20:55 - 000000000 ____D C:\Program Files\Google
2022-10-29 20:54 - 2022-11-04 17:59 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-29 20:54 - 2022-10-29 21:00 - 000000000 ____D C:\Users\doher\AppData\Local\Google
2022-10-29 17:45 - 2022-10-29 17:45 - 003513345 _____ C:\Users\doher\Downloads\ProcessExplorer.zip
2022-10-29 05:52 - 2022-10-29 05:52 - 000000112 ___SH C:\bootTel.dat
2022-10-29 05:19 - 2022-10-29 05:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-29 05:18 - 2022-10-29 05:33 - 000000000 ____D C:\Users\doher\Desktop\mbar
2022-10-29 05:18 - 2022-10-29 05:33 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2022-10-29 05:18 - 2022-10-29 05:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7673D725.sys
2022-10-29 05:18 - 2022-10-29 05:18 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2022-10-29 04:53 - 2022-10-29 05:02 - 000000000 ____D C:\Program Files (x86)\Hetman Software
2022-10-29 04:33 - 2022-10-29 04:33 - 000007555 _____ C:\Users\doher\Desktop\latencymon.txt
2022-10-29 04:33 - 2022-10-29 04:33 - 000000000 ____D C:\Users\doher\AppData\Roaming\UserBenchmark
2022-10-29 03:15 - 2022-10-29 03:15 - 000004234 _____ C:\Users\doher\Desktop\fixlist.txt
2022-10-29 03:02 - 2022-10-29 03:22 - 000007528 _____ C:\Users\doher\Desktop\LatencyMonScanResults.txt
2022-10-29 02:56 - 2022-10-29 03:26 - 000001034 _____ C:\Users\doher\Desktop\LatencyMon.lnk
2022-10-29 02:56 - 2022-10-29 02:56 - 000000000 ____D C:\Users\doher\AppData\Local\DBG
2022-10-29 02:56 - 2022-10-29 02:56 - 000000000 ____D C:\Program Files\LatencyMon
2022-10-29 02:56 - 2021-03-09 15:07 - 000027744 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2022-10-29 02:55 - 2022-10-29 02:55 - 000041534 _____ C:\Users\doher\Desktop\MTB.txt
2022-10-29 02:50 - 2022-10-29 02:51 - 000041534 _____ C:\Users\doher\Downloads\MTB.txt
2022-10-29 02:50 - 2022-10-29 02:50 - 000000000 ____D C:\Users\doher\AppData\Local\PeerDistRepub
2022-10-29 02:45 - 2022-10-29 02:45 - 000012110 _____ C:\Users\doher\Desktop\Additionscan.txt
2022-10-29 02:41 - 2022-10-29 02:41 - 000033632 _____ C:\Users\doher\Desktop\FRSTscan.txt
2022-10-29 02:37 - 2022-11-02 12:26 - 000017243 _____ C:\Users\doher\Desktop\Addition.txt
2022-10-29 02:26 - 2022-11-04 19:30 - 000010973 _____ C:\Users\doher\Desktop\FRST.txt
2022-10-29 02:25 - 2022-11-04 19:30 - 000000000 ____D C:\FRST
2022-10-29 02:24 - 2022-10-29 02:24 - 000002661 _____ C:\Users\doher\Desktop\FSSSCANREPORT.txt
2022-10-29 02:23 - 2022-10-29 02:24 - 000002661 _____ C:\Users\doher\Downloads\FSS.txt
2022-10-29 02:12 - 2022-10-29 02:12 - 000000000 ____D C:\SYSTEM.SAV
2022-10-29 02:11 - 2022-10-29 02:11 - 000000000 ____D C:\swsetup
2022-10-29 00:27 - 2022-10-29 00:27 - 000956928 _____ (Farbar) C:\Users\doher\Downloads\MiniToolBox.exe
2022-10-29 00:25 - 2022-10-29 00:25 - 044670480 _____ (Adlice Software ) C:\Users\doher\Downloads\RogueKiller_setup.exe
2022-10-29 00:24 - 2022-10-29 00:25 - 056651952 _____ (Tweaking.com) C:\Users\doher\Downloads\tweaking.com_windows_repair_aio_setup.exe
2022-10-29 00:23 - 2022-10-29 00:23 - 008551608 _____ (Malwarebytes) C:\Users\doher\Downloads\AdwCleaner.exe
2022-10-29 00:23 - 2022-10-29 00:23 - 001790024 _____ (Malwarebytes) C:\Users\doher\Downloads\JRT.exe
2022-10-29 00:22 - 2022-11-04 19:29 - 002374656 _____ (Farbar) C:\Users\doher\Desktop\FRST64.exe
2022-10-29 00:16 - 2022-10-29 00:16 - 000016526 _____ C:\Users\doher\Desktop\TASKLISTsvcjunk.txt
2022-10-29 00:14 - 2022-10-29 00:14 - 000016526 _____ C:\junk.txt
2022-10-29 00:01 - 2022-10-29 00:01 - 003622480 _____ (Resplendence Software Projects Sp. ) C:\Users\doher\Downloads\LatencyMon.exe
2022-10-29 00:01 - 2022-10-29 00:01 - 000687865 _____ C:\Users\doher\Downloads\errorLookup.zip
2022-10-28 23:58 - 2022-10-28 23:58 - 004566928 _____ (Sysinternals - www.sysinternals.com) C:\Users\doher\Downloads\procexp.exe
2022-10-28 23:54 - 2022-10-28 23:55 - 014178840 _____ (Malwarebytes Corp.) C:\Users\doher\Downloads\mbar-1.10.3.1001.exe
2022-10-28 23:53 - 2022-10-28 23:53 - 000521728 _____ (UserBenchmark) C:\Users\doher\Downloads\UserBenchmarkInstaller.exe
2022-10-28 23:47 - 2022-10-28 23:47 - 001409448 _____ (Sysinternals - www.sysinternals.com) C:\Users\doher\Downloads\Tcpview.exe
2022-10-28 21:52 - 2022-10-29 05:03 - 000000000 ____D C:\Users\doher\AppData\Local\Opera Software
2022-10-28 21:50 - 2022-10-29 05:03 - 000000000 ____D C:\Users\doher\AppData\Roaming\Opera Software
2022-10-28 21:50 - 2022-10-28 21:50 - 003529464 _____ (Opera Software) C:\Users\doher\Downloads\OperaGXSetup.exe
2022-10-28 18:15 - 2022-10-28 18:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-28 18:14 - 2022-10-29 05:02 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-10-28 18:08 - 2022-11-01 06:01 - 000000000 ____D C:\Users\doher\AppData\Local\D3DSCache
2022-10-28 17:50 - 2022-10-28 17:50 - 000000000 ____D C:\Users\doher\AppData\Local\Comms
2022-10-28 17:40 - 2022-11-04 18:45 - 000000000 ____D C:\Users\doher\AppData\Local\PlaceholderTileLogoFolder
2022-10-28 17:39 - 2022-11-04 18:46 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2263973382-866051081-79238805-1001
2022-10-28 17:39 - 2022-10-28 17:39 - 000000000 ___HD C:\OneDriveTemp
2022-10-28 17:37 - 2022-11-04 18:46 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2263973382-866051081-79238805-1001
2022-10-28 17:37 - 2022-11-04 18:46 - 000000000 ___RD C:\Users\doher\OneDrive
2022-10-28 17:34 - 2022-10-28 17:34 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-28 17:33 - 2022-11-04 19:23 - 000000000 ____D C:\Users\doher\AppData\Local\Packages
2022-10-28 17:33 - 2022-11-01 02:15 - 000000000 ____D C:\Users\doher\AppData\Roaming\Adobe
2022-10-28 17:33 - 2022-10-28 18:31 - 000000000 ____D C:\ProgramData\Packages
2022-10-28 17:33 - 2022-10-28 17:35 - 000002346 _____ C:\Users\doher\Desktop\Microsoft Edge.lnk
2022-10-28 17:33 - 2022-10-28 17:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-28 17:33 - 2022-10-28 17:33 - 000000000 ____D C:\Users\doher\AppData\Local\VirtualStore
2022-10-28 17:33 - 2022-10-28 17:33 - 000000000 ____D C:\Users\doher\AppData\Local\Publishers
2022-10-28 17:32 - 2022-10-29 05:53 - 000000000 ____D C:\Users\doher\AppData\Local\ConnectedDevicesPlatform
2022-10-28 17:25 - 2022-11-04 19:00 - 000000000 ____D C:\Users\doher
2022-10-28 17:25 - 2022-11-04 18:46 - 000002377 _____ C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-28 17:25 - 2022-10-28 17:25 - 000000020 ___SH C:\Users\doher\ntuser.ini
2022-10-28 06:41 - 2022-10-28 06:41 - 000000000 ____D C:\WINDOWS\OEM
2022-10-28 06:40 - 2022-10-28 02:52 - 000000000 ____D C:\WINDOWS\Panther
2022-10-28 06:35 - 2022-10-28 06:35 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-28 06:27 - 2022-10-28 06:27 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-10-28 06:26 - 2022-10-28 06:26 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-10-28 06:26 - 2022-10-28 06:26 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-28 06:26 - 2022-10-28 06:26 - 000188928 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-10-28 06:26 - 2022-10-28 06:26 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-10-28 06:26 - 2022-10-28 06:26 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-10-28 06:26 - 2022-10-28 06:26 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-10-28 06:25 - 2022-10-28 06:25 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-28 06:25 - 2022-10-28 06:25 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-28 06:25 - 2022-10-28 06:25 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-10-28 06:25 - 2022-10-28 06:25 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-10-28 06:25 - 2022-10-28 06:25 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-10-28 06:25 - 2022-10-28 06:25 - 000012263 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-28 06:24 - 2022-10-28 06:24 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2022-10-28 06:24 - 2022-10-28 06:24 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-10-28 06:24 - 2022-10-28 06:24 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2022-10-28 06:24 - 2022-10-28 06:24 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2022-10-28 06:23 - 2022-10-28 06:23 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2022-10-28 06:23 - 2022-10-28 06:23 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-10-28 06:23 - 2022-10-28 06:23 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-28 06:23 - 2022-10-28 06:23 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2022-10-28 06:23 - 2022-10-28 06:23 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2022-10-28 06:22 - 2022-10-28 06:22 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-10-28 06:22 - 2022-10-28 06:22 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-10-28 06:22 - 2022-10-28 06:22 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2022-10-28 06:22 - 2022-10-28 06:22 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2022-10-28 06:22 - 2022-10-28 06:22 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2022-10-28 06:07 - 2022-10-28 06:07 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-28 06:07 - 2022-10-28 06:07 - 000000000 ____D C:\Program Files\MSBuild
2022-10-28 06:07 - 2022-10-28 06:07 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-28 06:07 - 2022-10-28 06:07 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-28 06:03 - 2022-10-28 06:03 - 000000000 ____D C:\Program Files\Synaptics
2022-10-28 06:00 - 2022-10-28 06:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-28 05:52 - 2022-10-28 05:52 - 000000000 _SHDL C:\Documents and Settings
2022-10-28 05:52 - 2022-10-28 05:52 - 000000000 ____D C:\WINDOWS\CSC
2022-10-28 05:47 - 2022-11-04 18:47 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-28 05:47 - 2022-11-04 18:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-28 05:47 - 2022-10-31 18:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-28 05:47 - 2022-10-28 05:49 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-28 05:47 - 2022-10-28 05:49 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-28 05:47 - 2022-10-28 05:47 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-10-28 05:47 - 2022-10-28 05:47 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2022-10-28 05:47 - 2022-10-28 05:47 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2022-10-28 05:46 - 2022-11-04 18:39 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-28 05:46 - 2022-11-04 18:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-28 05:46 - 2022-10-28 05:46 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-28 05:46 - 2022-10-28 05:46 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-28 02:56 - 2022-11-04 18:47 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-28 01:42 - 2022-10-28 06:41 - 000000000 ___HD C:\$SysReset
2022-10-15 20:23 - 2022-08-18 10:47 - 001188672 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2022-10-12 02:43 - 2022-09-23 04:48 - 006126344 _____ (Apple, Inc.) C:\WINDOWS\system32\usbaaplrc.dll
2022-10-12 02:43 - 2022-09-23 04:48 - 000054784 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl64.sys
2022-10-12 02:43 - 2022-09-14 00:33 - 000066976 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleKIS.sys
2022-10-12 02:43 - 2022-09-14 00:33 - 000036744 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleKISInterface.dll
2022-10-12 02:43 - 2022-09-13 06:30 - 000077720 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleRSM.sys
2022-10-12 02:43 - 2022-09-13 06:30 - 000036768 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleRSMInterface.dll
2022-10-12 00:36 - 2022-09-23 14:59 - 000110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-11-04 19:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-04 19:23 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-04 18:47 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-04 18:47 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-04 18:39 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-04 18:35 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-11-04 18:35 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2022-11-04 18:35 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2022-11-04 18:35 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-11-04 18:35 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\addins
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 __RSD C:\WINDOWS\Media
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\Nui
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ras
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\icsxml
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ias
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\L2Schemas
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IdentityCRL
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Cursors
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-04 18:35 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\Services
2022-11-04 18:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-11-04 18:33 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-11-04 18:23 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\registration
2022-11-02 06:23 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-11-02 06:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-11-01 09:04 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-29 05:34 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-10-28 18:46 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-28 17:50 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-28 17:49 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-28 07:58 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-28 07:58 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-28 06:39 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-28 06:35 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-28 06:35 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-10-28 06:35 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-28 06:35 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-28 06:33 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2022-10-28 06:33 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-10-28 06:33 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-28 06:33 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-28 06:09 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\OCR
2022-10-28 06:05 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-28 06:05 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-28 05:48 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-28 02:54 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
 
==================== Files in the root of some directories ========
 
2022-10-31 03:59 - 2022-10-31 03:59 - 000007605 _____ () C:\Users\doher\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheckExt =========================
 
2022-10-29 00:22 - 2022-11-04 19:29 - 002374656 _____ (Farbar) C:\Users\doher\Desktop\FRST64.exe
2022-10-29 00:27 - 2022-10-29 00:27 - 000956928 _____ (Farbar) C:\Users\doher\Downloads\MiniToolBox.exe
2022-10-28 23:53 - 2022-10-28 23:53 - 000521728 _____ (UserBenchmark) C:\Users\doher\Downloads\UserBenchmarkInstaller.exe
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
flightsigning           Yes
default                 {current}
resumeobject            {9b6f3ec1-56ac-11ed-860d-b67f493ad205}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 10
displaybootmenu         Yes
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e6dacd5a-361f-11ed-8fe9-b363a77d0db1}
displaymessageoverride  Recovery
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {9b6f3ec1-56ac-11ed-860d-b67f493ad205}
nx                      OptIn
tscsyncpolicy           Enhanced
bootmenupolicy          Legacy
useplatformclock        Yes
useplatformtick         Yes
disabledynamictick      Yes
 
Windows Boot Loader
-------------------
identifier              {e6dacd5a-361f-11ed-8fe9-b363a77d0db1}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{e6dacd5b-361f-11ed-8fe9-b363a77d0db1}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  PushButtonReset
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{e6dacd5b-361f-11ed-8fe9-b363a77d0db1}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {9b6f3ec1-56ac-11ed-860d-b67f493ad205}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {e6dacd5a-361f-11ed-8fe9-b363a77d0db1}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
Device options
--------------
identifier              {e6dacd5b-361f-11ed-8fe9-b363a77d0db1}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
==================== End of FRST.txt ========================

  • 0

#105
ForrestGump
Posted 04 November 2022 - 06:57 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2022
Ran by doher (04-11-2022 19:38:44)
Running from C:\Users\doher\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2193 (X64) (2022-10-28 06:52:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2263973382-866051081-79238805-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2263973382-866051081-79238805-503 - Limited - Disabled)
doher (S-1-5-21-2263973382-866051081-79238805-1001 - Administrator - Enabled) => C:\Users\doher
Guest (S-1-5-21-2263973382-866051081-79238805-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2263973382-866051081-79238805-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.26 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2263973382-866051081-79238805-1001\...\OneDriveSetup.exe) (Version: 22.212.1009.0004 - Microsoft Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
 
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-11-04] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0 [2022-11-04] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2263973382-866051081-79238805-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6845E2F6-CA27-4586-954C-BD3D82702AC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{68A8BC63-4810-41E0-9F09-3E647013AED0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5EB56DB3-6E60-4EF6-B45B-5CF5723ABAEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2B12CB41-10BF-466B-BA2D-A6F93E19F52A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{83FD7BE1-924D-4B47-9F76-EF5315E7B6AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6AAFEADD-F7DF-4EF0-976E-346CE7DE8E1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B2859195-3AED-4387-B538-9BBE11A28919}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7451F9C8-29FD-43BD-BBD3-233D2B8F6A0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B75942D2-2347-425C-8E23-4A911C0831D8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
29-10-2022 16:37:04 Windows Modules Installer
31-10-2022 21:52:19 Driver Booster : Synaptics PS/2 Port TouchPad
01-11-2022 00:11:40 Revert Optimization (Automatic)
01-11-2022 21:21:54 Driver Booster : Realtek USB 2.0 Card Reader
04-11-2022 18:13:23 Restore Operation
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/04/2022 07:23:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-Q9NCUPF)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe-2147024893
 
Error: (11/04/2022 07:23:10 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-Q9NCUPF)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe-2147024893
 
Error: (11/04/2022 06:49:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xc000027b
Fault offset: 0x00000000000053c5
Faulting process id: 0x1e64
Faulting application start time: 0x01d8f09f920febe8
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 438fdce7-db71-4570-b81c-ec3d8369c684
Faulting package full name: Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (11/04/2022 06:49:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xc000027b
Fault offset: 0x00000000000053c5
Faulting process id: 0x1940
Faulting application start time: 0x01d8f09f984dc44e
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 6df543d5-7840-4a66-bf7a-63cf54c0e1ed
Faulting package full name: Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (11/04/2022 06:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xc000027b
Fault offset: 0x00000000000053c5
Faulting process id: 0x1354
Faulting application start time: 0x01d8f09f982eddb3
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 7580bde6-2f66-490d-9e71-639af8f3009d
Faulting package full name: Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (11/04/2022 06:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.19041.546, time stamp: 0x1d3a15e7
Faulting module name: biwinrt.dll, version: 10.0.19041.1566, time stamp: 0x77f34e41
Exception code: 0xc000027b
Fault offset: 0x00000000000053c5
Faulting process id: 0x15e4
Faulting application start time: 0x01d8f09f986a5b12
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: ffe41ea8-b84f-459c-9e4e-b5aee7030119
Faulting package full name: Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (11/04/2022 06:48:49 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-Q9NCUPF)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe-2147024893
 
Error: (11/04/2022 06:48:49 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-Q9NCUPF)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe-2147024893
 
 
System errors:
=============
Error: (11/04/2022 06:38:51 PM) (Source: NetBT) (EventID: 4300) (User: )
Description: The driver could not be created.
 
Error: (11/04/2022 06:38:51 PM) (Source: NetBT) (EventID: 4300) (User: )
Description: The driver could not be created.
 
Error: (11/01/2022 03:04:43 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "00269E74038B" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (11/01/2022 03:04:43 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "00269E74038B" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (10/31/2022 11:05:13 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-Q9NCUPF)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
 
Error: (10/31/2022 11:05:13 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-Q9NCUPF)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
 
Error: (10/29/2022 04:52:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (10/29/2022 06:35:33 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
 
Windows Defender:
================
Date: 2022-11-04 04:29:22
Description: 
Controlled Folder Access blocked C:\Windows\System32\WinSAT.exe from making changes to memory.
Detection time: 2022-11-04T08:29:22.656Z
Path: \Device\CdRom0
Process Name: C:\Windows\System32\WinSAT.exe
Security intelligence Version: 1.377.1286.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2210.4
 
Date: 2022-11-02 05:19:11
Description: 
Controlled Folder Access blocked C:\Users\doher\Desktop\VHS2USB\VHStoDVDAdv.exe from making changes to memory.
Detection time: 2022-11-02T09:19:11.197Z
Path: \Device\CdRom0
Process Name: C:\Users\doher\Desktop\VHS2USB\VHStoDVDAdv.exe
Security intelligence Version: 1.377.1168.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2210.4
 
Date: 2022-11-02 05:19:11
Description: 
Controlled Folder Access blocked C:\Windows\SysWOW64\regsvr32.exe from making changes to memory.
Detection time: 2022-11-02T09:19:11.196Z
Path: \Device\CdRom0
Process Name: C:\Windows\SysWOW64\regsvr32.exe
Security intelligence Version: 1.377.1168.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2210.4
 
Date: 2022-11-02 03:56:48
Description: 
Controlled Folder Access blocked C:\Windows\SysWOW64\regsvr32.exe from making changes to memory.
Detection time: 2022-11-02T07:56:48.481Z
Path: \Device\CdRom0
Process Name: C:\Windows\SysWOW64\regsvr32.exe
Security intelligence Version: 1.377.1168.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2210.4
 
Date: 2022-11-02 03:53:37
Description: 
C:\Users\doher\Desktop\VHS2USB\VHStoDVDAdv.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2022-11-02T07:53:37.421Z
Path: %userprofile%\Documents
Process Name: C:\Users\doher\Desktop\VHS2USB\VHStoDVDAdv.exe
Security intelligence Version: 1.377.1168.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2210.4
Event[0]:
 
Date: 2022-11-04 18:40:11
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified. 
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0
 
Date: 2022-10-28 21:50:47
Description: 
Microsoft Defender Antivirus has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Users\doher\Downloads\OperaGXSetup.exe
Sha256: 820b6756d64701747ec89d8faebfce548deb54a9977b1193598da78df369dbb8
Current security intelligence Version: AV: 1.377.965.0, AS: 1.377.965.0
Current Engine Version: 1.1.19700.3
Error code: 0x80071112
 
CodeIntegrity:
===============
Date: 2022-10-28 05:51:05
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2022-10-28 05:51:05
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard F.15 05/17/2010
Motherboard: Hewlett-Packard 363F
Processor: AMD Athlon™ II Dual-Core M300
Percentage of memory in use: 58%
Total physical RAM: 7932.2 MB
Available physical RAM: 3298.18 MB
Total Virtual: 9852.2 MB
Available Virtual: 5325 MB
 
==================== Drives ================================
 
Drive c: (C ) (Fixed) (Total:444.36 GB) (Free:385.61 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:59.45 GB) (Free:43.5 GB) exFAT
Drive e: (RECOVERY) (Fixed) (Total:21.1 GB) (Free:9.61 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: WD Blue SA510 2.5 500GB) FAT32
 
\\?\Volume{7dda13fc-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7DDA13FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)
 
==========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 9403A996)
Partition 1: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
 
 
 
Users shortcut scan result (x64) Version: 04-11-2022
Ran by doher (04-11-2022 19:40:34)
Running from C:\Users\doher\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\doher\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\Links\Desktop.lnk -> C:\Users\doher\Desktop ()
Shortcut: C:\Users\doher\Links\Downloads.lnk -> C:\Users\doher\Downloads ()
Shortcut: C:\Users\doher\Desktop\LatencyMon.lnk -> C:\Program Files\LatencyMon\LatMon.exe (Resplendence Software Projects Sp.)
Shortcut: C:\Users\doher\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\doher\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\doher\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\doher\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\doher\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\Users\doher\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
 
==================== End of Shortcut.txt =============================
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP