Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

All browsers freezing up multiple times a day [Solved]

Started by sl962 , Feb 15 2023 06:52 PM

  • This topic is locked This topic is locked

#1
sl962
Posted 15 February 2023 - 06:52 PM

sl962

    Member

  • Member
  • PipPip
  • 76 posts

Greetings. All of my  browsers freezing up multiple times a day. I have been having this issue for weeks. I happens on Firefox, Chrome and Edge. Below are the requested logs. Any help will be greatly appreciated. Thanx in advace for your time.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-02-2023 01
Ran by slyda (administrator) on PC1 (ASUS All Series) (15-02-2023 16:41:05)
Running from C:\Users\slyda\Desktop
Loaded Profiles: slyda
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\EVGA\Flow Control\CPUWB.exe ->) (EVGA Corp. -> EVGA Corp.) C:\Program Files (x86)\EVGA\Flow Control\CLCServer.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Logi\LogiBolt\LogiBolt.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiBolt\logi_crashpad_handler.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(DriverStore\FileRepository\u0382934.inf_amd64_cbf07db13ec1507d\B381983\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0382934.inf_amd64_cbf07db13ec1507d\B381983\atieclxx.exe
(explorer.exe ->) (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiBolt\LogiBolt.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\slyda\AppData\Local\Microsoft\OneDrive\23.023.0129.0002\Microsoft.SharePoint.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0382934.inf_amd64_cbf07db13ec1507d\B381983\atiesrxx.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(svchost.exe ->) (EVGA Corp. -> EVGA) C:\Program Files (x86)\EVGA\Flow Control\CPUWB.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-20] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1690368 2022-07-22] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Programs\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\Run: [MicrosoftEdgeAutoLaunch_241B3695C747FA892B3189A5166E2785] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [224768 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP D911 Status Monitor: C:\Windows\system32\hpinkstsD911LM.dll [393352 2017-03-27] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\110.0.5481.100\Installer\chrmstp.exe [2023-02-14] (Google LLC -> Google LLC)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume6autocheck autochk *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09568E1E-5E77-402E-B48B-B1C68852C824} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {0A877121-EA7C-40D1-9133-58443B3C130F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {0E25DC3C-2EBC-4B55-94F9-A1843BD6DDFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {155A8D17-E65D-4B4A-A49E-C501ED588ACB} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {18DA377B-F98E-41BF-95F3-8B253E9C604C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [263136 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {2A237907-5C9B-41AB-8135-62DB7A255DE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C20D4B9-F953-4344-B13E-3398BD3749C5} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [57312 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {52DD6AF9-41F9-4247-84BC-D195C949F2E8} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [57312 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {66B5D7F8-300E-4C7A-8708-03667EB8F072} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {820BDC2D-1812-417B-907A-D36F4C0A2F61} - \EVGA Flow Control  -> No File <==== ATTENTION
Task: {8AD0F2CC-11C2-4F98-A645-D573DD3C20E6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-15] (Mozilla Corporation -> Mozilla Foundation)
Task: {AD3171E4-888C-4157-B100-0B1CD8A4F8EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-30] (Google LLC -> Google LLC)
Task: {C60AC20A-03D7-46F7-AF6F-E45D6631F86B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2D1D76E-5643-4165-A109-8121C7D195D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-30] (Google LLC -> Google LLC)
Task: {FC55A76C-DD57-4DA8-8694-F0FEE73337FD} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d05a6877-748b-40cb-afa3-fa8c8ac27c52}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{d05a6877-748b-40cb-afa3-fa8c8ac27c52}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\slyda\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-15]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge Extension: (Amazon Assistant) - C:\Users\slyda\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2021-09-28]
Edge Extension: (Edge relevant text changes) - C:\Users\slyda\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-02-14]
Edge Extension: (AdBlocker Ultimate) - C:\Users\slyda\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pciakllldcajllepkbbihkmfkikheffb [2023-01-24]

FireFox:
========
FF DefaultProfile: ujv9y5qm.default
FF ProfilePath: C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\ujv9y5qm.default [2022-12-27]
FF ProfilePath: C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release [2023-02-15]
FF Homepage: Mozilla\Firefox\Profiles\xw3qes6t.default-release -> hxxps://www.google.com/
FF Extension: (Amazon Assistant) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\[email protected] [2023-01-14]
FF Extension: (Privacy Badger) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\[email protected] [2023-02-03]
FF Extension: (AdBlock — best ad blocker) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\[email protected] [2023-01-02]
FF Extension: (Pinterest Save Button) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\[email protected] [2023-01-14]
FF Extension: (Logitech SetPoint) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2023-01-14]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2022-08-19] [not signed]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-20] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default [2023-02-15]
CHR Extension: (Slate) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhmcmgkegfffbbfobhjpdbimgmoohap [2022-12-27]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-25]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-02-06]
CHR Extension: (Tabs to Front v2) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiojfifkpjkhcdjfgekmfobhfdohlecg [2022-12-27]
CHR Extension: (MediaPlayer - Video and Audio Player) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmhnaapafpejpkhdhijgkljhpcpecpj [2022-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [55264 ] (Advanced Micro Devices Inc. -> AMD)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)
S3 Microsoft Office Groove Audit Service; D:\Programs\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2023-01-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63096 2022-02-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 CCVI; C:\Windows\system32\drivers\CCVI.sys [16384 2012-01-30] (Asetek Inc. -> Silicon Laboratories)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 Driver; C:\Program Files (x86)\EVGA\Kernel\driver-x64.sys [39856 2022-01-27] (EVGA Corp. -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2023-02-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473336 2023-02-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-15 16:41 - 2023-02-15 16:41 - 000018669 _____ C:\Users\slyda\Desktop\FRST.txt
2023-02-15 09:31 - 2023-02-15 09:31 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-02-15 08:46 - 2023-02-15 14:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-14 20:47 - 2023-02-14 20:48 - 000000000 ___HD C:\$WinREAgent
2023-02-14 07:58 - 2023-02-14 08:02 - 000438690 _____ C:\Users\slyda\Desktop\Cordless-Drill-Charge-Station-Cut-List-and-plans-hertoolbelt.xlsx
2023-02-12 09:24 - 2023-02-12 09:28 - 002378240 _____ (Farbar) C:\Users\slyda\Desktop\FRST64.exe
2023-02-10 11:25 - 2023-02-10 11:32 - 000000053 _____ C:\Users\slyda\Desktop\Car.txt
2023-02-07 13:33 - 2023-02-07 13:33 - 000000934 _____ C:\Users\slyda\Desktop\Queens Quest 4 Sacred Truce.lnk
2023-02-06 11:21 - 2023-02-06 11:21 - 000000000 ____D C:\Windows\system32\Tasks\PowerToys
2023-02-06 11:21 - 2023-02-06 11:21 - 000000000 ____D C:\Users\slyda\AppData\Local\ToastNotificationManagerCompat
2023-02-06 11:21 - 2023-02-06 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2023-02-06 11:21 - 2023-02-06 11:21 - 000000000 ____D C:\Program Files\PowerToys
2023-02-03 14:07 - 2023-02-03 14:07 - 000000118 _____ C:\Users\slyda\Desktop\MemSpec.txt
2023-02-03 10:02 - 2023-02-03 10:03 - 000000000 ____D C:\Program Files\Gstarsoft
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\Users\slyda\AppData\Roaming\Gstarsoft
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\Users\slyda\AppData\Local\Gstarsoft
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\ProgramData\glmclient
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\ProgramData\FLEXnet
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2023-02-03 09:21 - 2023-02-03 09:21 - 000000000 ____D C:\Users\slyda\Desktop\WoodToolHolders
2023-02-01 10:23 - 2023-02-01 10:23 - 000168332 _____ C:\Users\slyda\Desktop\Gmail - RockAuto Order Confirmation 229412093.pdf
2023-01-28 11:31 - 2023-01-28 11:31 - 000000869 _____ C:\Users\slyda\Desktop\Atlantis Quest.lnk
2023-01-17 09:52 - 2023-01-17 09:52 - 000093576 _____ C:\Users\slyda\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-15 16:41 - 2022-09-22 08:42 - 000000000 ____D C:\FRST
2023-02-15 16:40 - 2022-11-18 10:49 - 000003102 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2023-02-15 16:40 - 2022-11-18 10:29 - 000003078 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2023-02-15 16:40 - 2022-08-19 12:54 - 000000000 ____D C:\Users\slyda\AppData\Local\LogiBolt
2023-02-15 16:40 - 2022-07-31 13:47 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-02-15 16:40 - 2022-07-31 13:47 - 000000000 __SHD C:\Users\slyda\IntelGraphicsProfiles
2023-02-15 16:40 - 2021-09-30 08:50 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-15 16:40 - 2021-09-28 15:48 - 000000000 ___RD C:\Users\slyda\OneDrive
2023-02-15 16:40 - 2021-09-28 15:33 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-15 16:40 - 2021-09-28 15:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-15 16:40 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-15 16:36 - 2021-09-28 15:46 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-02-15 16:36 - 2021-09-28 15:44 - 000000000 ____D C:\Users\slyda
2023-02-15 16:36 - 2019-12-07 01:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-15 16:00 - 2022-12-27 09:06 - 000000000 ____D C:\Users\slyda\AppData\LocalLow\Mozilla
2023-02-15 15:52 - 2022-12-27 09:06 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-15 15:51 - 2021-09-28 15:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-15 14:56 - 2022-03-24 08:15 - 000004164 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{77F4FDE0-75AD-4205-81EC-0A6B455DF237}
2023-02-15 14:11 - 2021-09-28 15:39 - 000005800 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-15 14:07 - 2022-12-27 09:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-15 14:07 - 2021-12-11 00:34 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-75407873-1150127510-1758922346-1001
2023-02-15 14:07 - 2021-09-28 15:48 - 000003352 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-75407873-1150127510-1758922346-1001
2023-02-15 14:07 - 2021-09-28 15:44 - 000002379 _____ C:\Users\slyda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-15 09:31 - 2022-12-27 09:06 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-15 08:47 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2023-02-14 20:56 - 2021-09-28 15:47 - 000000000 ____D C:\Users\slyda\AppData\Local\D3DSCache
2023-02-14 20:56 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-14 20:56 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2023-02-14 20:55 - 2021-09-28 15:33 - 000449216 _____ C:\Windows\system32\FNTCACHE.DAT
2023-02-14 20:55 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemResources
2023-02-14 20:55 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\setup
2023-02-14 20:55 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\bcastdvr
2023-02-14 20:53 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2023-02-14 20:52 - 2021-09-28 16:32 - 000416046 __RSH C:\bootmgr
2023-02-14 20:52 - 2021-09-28 15:37 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-02-14 20:46 - 2021-09-28 15:56 - 000000000 ____D C:\Windows\system32\MRT
2023-02-14 20:44 - 2021-09-28 15:56 - 149955784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-02-14 18:47 - 2022-12-27 09:19 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-14 18:47 - 2022-12-27 09:19 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-02-14 09:36 - 2022-12-02 11:08 - 000000000 ____D C:\Users\slyda\AppData\Local\AMD_Common
2023-02-10 18:47 - 2021-09-28 15:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-09 19:19 - 2021-09-28 15:33 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 19:19 - 2021-09-28 15:33 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-08 15:20 - 2022-09-27 16:11 - 000002308 _____ C:\Users\slyda\Desktop\Kindle.lnk
2023-02-08 07:14 - 2021-09-28 15:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-02-07 13:36 - 2021-12-18 13:24 - 000000000 ____D C:\Users\slyda\AppData\Roaming\Brave Giant
2023-02-07 13:33 - 2021-10-07 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2023-02-06 11:21 - 2021-09-30 09:05 - 000000000 ____D C:\ProgramData\Package Cache
2023-02-06 06:34 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\NDF
2023-02-03 10:11 - 2021-09-28 15:47 - 000000000 ____D C:\Users\slyda\AppData\Local\Packages
2023-02-03 09:58 - 2021-09-28 15:48 - 000000000 ____D C:\Users\slyda\AppData\Local\PlaceholderTileLogoFolder
2023-02-01 10:40 - 2022-11-30 08:18 - 000000000 ____D C:\Users\slyda\AppData\Local\CrashDumps
2023-01-30 11:10 - 2021-11-11 07:52 - 000000000 ____D C:\Users\slyda\AppData\Local\ElevatedDiagnostics
2023-01-25 15:13 - 2021-09-28 15:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-25 06:20 - 2022-11-17 18:25 - 000002021 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-01-25 06:20 - 2022-10-11 14:14 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-25 06:20 - 2021-11-24 23:00 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-01-23 12:19 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\oobe
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\PolicyDefinitions

==================== Files in the root of some directories ========

2022-07-25 10:08 - 2022-07-25 10:08 - 000000017 _____ () C:\Users\slyda\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2023 01
Ran by slyda (15-02-2023 16:42:44)
Running from C:\Users\slyda\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) (2021-09-28 23:35:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-75407873-1150127510-1758922346-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-75407873-1150127510-1758922346-503 - Limited - Disabled)
Guest (S-1-5-21-75407873-1150127510-1758922346-501 - Limited - Disabled)
slyda (S-1-5-21-75407873-1150127510-1758922346-1001 - Administrator - Enabled) => C:\Users\slyda
WDAGUtilityAccount (S-1-5-21-75407873-1150127510-1758922346-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Acrylic Wi-Fi Home v4.5 (HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 4.5 - Tarlogic Research S.L.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.33.0.62002 - Amazon)
Amazon Kindle (HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\Amazon Kindle) (Version: 1.40.0.65415 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.6.1 - Advanced Micro Devices, Inc.)
Atlantis Quest (HKLM-x32\...\Atlantis Quest_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
CPUID HWMonitor 1.48 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.48 - CPUID, Inc.)
Cradle of Rome 2 (HKLM-x32\...\Cradle of Rome 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Deadly Association (HKLM-x32\...\Deadly Association_is1) (Version: 1.0 - Media Contact LLC)
Dreamscapes 2 (HKLM-x32\...\Dreamscapes 2_is1) (Version: 1.0 - Media Contact LLC)
Dreamscapes The Sandman (HKLM-x32\...\Dreamscapes The Sandman_is1) (Version: 1.0 - Media Contact LLC)
EVGA Flow Control (HKLM\...\EVGA Flow Control) (Version: 2.1.0.0 - EVGA Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.100 - Google LLC)
Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)
Hidden Investigation Who Did It (HKLM-x32\...\Hidden Investigation Who Did It_is1) (Version: 1.0 - GameTop Pte. Ltd.)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
Hypnosis (HKLM-x32\...\Hypnosis_is1) (Version: 1.0 - Media Contact LLC)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Jigsaw Boom 3 (HKLM-x32\...\Jigsaw Boom 3_is1) (Version: 1.0 - GameTop Pte. Ltd.)
LED Sync (HKLM-x32\...\{417D2425-8783-46D4-97DF-EEF7CD17D656}) (Version: 1.1.1 - EVGA)
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.2.6024.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.70.68 - Logitech)
Logitech SetPoint 6.70 (HKLM\...\sp6) (Version: 6.70.55 - Logitech)
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.29 - PasswdFinder)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\OneDriveSetup.exe) (Version: 23.023.0129.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29325 (HKLM\...\{26AF0C35-55EC-4025-8D83-349E8FB1419F}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29325 (HKLM\...\{7D0362D5-C699-4403-BC09-0C1DAD1D93AB}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29325 (HKLM-x32\...\{B40FC85D-2B12-46E0-B950-E5B27E348793}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29325 (HKLM-x32\...\{EE2E15BB-54C8-4DB0-B1F3-026E3C166991}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM\...\{5BEE5F3E-4D78-4DE8-A8F3-36D3E9D8868C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM-x32\...\{0eddeab6-01c1-4cf7-83ba-164ea8974c90}) (Version: 3.1.32.31915 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0 (x64 en-US)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 108.0.1 - Mozilla)
PowerToys (Preview) (HKLM\...\{3F721FAF-9D33-4840-9082-F9D5E0ED6970}) (Version: 0.67.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{d67866da-9154-404e-88f3-4ed81ad200bc}) (Version: 0.67.0 - Microsoft Corporation)
Queens Quest 4 Sacred Truce (HKLM-x32\...\Queens Quest 4 Sacred Truce_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Queens Quest Tower of Darkness (HKLM-x32\...\Queens Quest Tower of Darkness_is1) (Version: 1.0 - GameTop Pte. Ltd.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1015.1016.1016.191212 - REALTEK Semiconductor Corp.)
Season Match 2 (HKLM-x32\...\Season Match 2_is1) (Version: 1.0 - Media Contact LLC)
Season Match 3 (HKLM-x32\...\Season Match 3_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Spear of Destiny The Final Journey (HKLM-x32\...\Spear of Destiny The Final Journey_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)

Packages:
=========
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.89.6271.0_x64__8wekyb3d8bbwe [2023-02-08] (Microsoft Corporation) [Startup Task]
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.49.0_x64__sbe4t8mqwq93a [2022-12-13] (NG PDF Lab) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-04] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-07] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{0440049F-D1DC-4E46-B27B-98393D79486B}\InprocServer32 -> C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{51B4D7E5-7568-4234-B4BB-47FB3C016A69}\InprocServer32 -> C:\Program Files\PowerToys\modules\ImageResizer\PowerToys.ImageResizerExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{84D68575-E186-46AD-B0CB-BAEB45EE29C0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{A5A41CC7-02CB-41D4-8C9B-9087040D6098}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.PdfPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{D8BB9942-93BD-412D-87E4-33FAB214DC1A}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.PdfThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programs\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2022-08-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2_S-1-5-21-75407873-1150127510-1758922346-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3_S-1-5-21-75407873-1150127510-1758922346-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3_S-1-5-21-75407873-1150127510-1758922346-1001: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2022-07-15 09:57 - 2022-07-15 09:57 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2022-07-15 09:57 - 2022-07-15 09:57 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2022-08-02 10:34 - 2022-08-02 10:34 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2022-08-02 10:33 - 2022-08-02 10:33 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2022-07-22 05:53 - 2022-07-22 05:53 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2022-07-22 05:53 - 2022-07-22 05:53 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2021-09-29 09:58 - 2023-02-15 16:40 - 000036648 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2022-07-22 05:53 - 2022-07-22 05:53 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2022-07-22 05:53 - 2022-07-22 05:53 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2022-07-22 05:53 - 2022-07-22 05:53 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.cmd:  =>  <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2020-11-20] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2020-11-20] (Logitech Inc -> Logitech, Inc.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programs\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1A202498-3D30-4DC1-9C8A-F2BD7DF16243}] => (Allow) D:\Programs\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2E703DE4-4D64-4418-B5DB-0D88179B33FB}] => (Allow) D:\Programs\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ECA5BD37-A260-4F80-BC0F-3378E8DFE97B}] => (Allow) D:\Programs\Office12\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F407327E-99D8-4351-A3EE-E8009BF34D5E}] => (Allow) D:\Programs\Office12\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26CB0CC1-4B3F-41CF-A286-0E1A4175A037}] => (Allow) D:\Programs\Office12\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{38286CEC-A3A1-4E5E-AE02-E2C3710FE4D8}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6A00D5CF-70D9-4E2F-8C01-36E474E5C2A1}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{A528982F-CF67-45EF-BDBC-901C2DD44811}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{4DB41583-C6BD-4639-8D38-44A17ABA64ED}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{2827FF5B-97F6-4009-A10B-C83992BBC530}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{919E9BDB-F3BB-4F7E-8EF3-221E436F3189}] => (Allow) LPort=5357
FirewallRules: [{64183BCC-586A-4C5A-B27C-6EDD90E9C3C5}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{27692B5C-48F5-451F-8A8D-DBE81A143ECC}] => (Allow) D:\Program Files\Nox\bin\Nox.exe => No File
FirewallRules: [{18A90712-0CD9-4884-8715-177389AFECE1}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{08D6DA35-E50B-4554-9F4B-80FD4893BDDF}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{0041A4A9-AFE4-4FB7-B54D-CEF9D3063362}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1A3D25EE-D880-4FB6-AB7C-D85465A7AC2C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C0BAD8EA-FA1B-40AC-ABC0-5064A3328C14}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{81EAF6F7-90E5-4681-89A5-239F75B9349A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-02-2023 17:52:32 Scheduled Checkpoint
03-02-2023 10:01:56 Installed MSXML 6.0 Parser
06-02-2023 11:20:45 PowerToys (Preview) x64
13-02-2023 16:20:20 Scheduled Checkpoint
14-02-2023 20:46:32 Windows Modules Installer
14-02-2023 20:48:36 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/14/2023 09:23:33 AM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (02/14/2023 09:23:33 AM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/11/2023 03:42:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/11/2023 03:42:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/08/2023 05:56:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on WDBackUp (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/08/2023 05:56:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on WDNew Volume (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/07/2023 11:33:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/07/2023 11:33:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.


System errors:
=============
Error: (02/15/2023 04:36:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/15/2023 02:07:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:35:19 PM on ‎2/‎15/‎2023 was unexpected.

Error: (02/14/2023 10:57:37 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/14/2023 08:55:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/14/2023 08:55:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/14/2023 08:55:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/14/2023 07:19:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (02/13/2023 10:05:49 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}


Windows Defender:
================
Date: 2023-02-10 08:21:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-06 18:41:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-06 13:42:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-02 15:25:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-01 12:40:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-02-15 09:03:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-07 14:12:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3503 04/18/2018
Motherboard: ASUSTeK COMPUTER INC. Z97-AR
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 23%
Total physical RAM: 16256.32 MB
Available physical RAM: 12372.47 MB
Total Virtual: 18688.32 MB
Available Virtual: 13943.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:54.78 GB) (Model: ADATA SP600) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (SSDNew Volume) (Fixed) (Total:953.87 GB) (Free:651.98 GB) (Model: TEAM T253E2001T) NTFS
Drive f: (WDBackUp) (Fixed) (Total:931.51 GB) (Free:703.73 GB) (Model: WDC WD10EZRX-00D8PB0) NTFS
Drive g: (WDNew Volume) (Fixed) (Total:931.51 GB) (Free:648.58 GB) (Model: WDC WD10EZRX-00D8PB0) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 19D79FB0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 19D79FB1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 3262B621)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 953.9 GB) (Disk ID: 08E644F7)
Partition 1: (Not Active) - (Size=953.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

Advertisements

#2
DR M
Posted 16 February 2023 - 06:42 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.

 

Some questions first:

 

1. Did you intentionally set these?

 

HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.cmd:  =>  <==== ATTENTION

 

 

2. You have EVGA Flow Control installed. Is the program working fine? There is a line indicating that there is a missing file.

 


  • 0

#3
sl962
Posted 16 February 2023 - 10:44 AM

sl962

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Evga Flow Control usually (70% of the time) gives me an "USB Device Not Found" when waking from sleep. I understand that this is a common issue with this software. As far as the registry goes I have done a few different hacks over the years but I honestly don't remember when or why. (Possibly pissed off at edge??) That being said, I don't believe that they need to remain. I am heading out for work shortly and will check in this evening when I get home. Again, I Thank You for Your Time


  • 0

#4
DR M
Posted 16 February 2023 - 10:58 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

OK, let's start then.

Some guidelines first, to have in mind while this cleaning procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
==========================
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{27692B5C-48F5-451F-8A8D-DBE81A143ECC}] => (Allow) D:\Program Files\Nox\bin\Nox.exe => No File
FirewallRules: [{18A90712-0CD9-4884-8715-177389AFECE1}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.cmd:  =>  <==== ATTENTION
Task: {820BDC2D-1812-417B-907A-D36F4C0A2F61} - \EVGA Flow Control  -> No File <==== ATTENTION
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

  • 0

#5
sl962
Posted 16 February 2023 - 09:51 PM

sl962

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Thank you Dr M. Just an FYI, when the computer restarted after the fix EVGA Flow Control did not run. Not critical, just wanted to let you know.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-02-2023 01
Ran by slyda (16-02-2023 19:36:18) Run:1
Running from C:\Users\slyda\Desktop
Loaded Profiles: slyda
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{27692B5C-48F5-451F-8A8D-DBE81A143ECC}] => (Allow) D:\Program Files\Nox\bin\Nox.exe => No File
FirewallRules: [{18A90712-0CD9-4884-8715-177389AFECE1}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\regfile:  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.cmd:  =>  <==== ATTENTION
Task: {820BDC2D-1812-417B-907A-D36F4C0A2F61} - \EVGA Flow Control  -> No File <==== ATTENTION
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27692B5C-48F5-451F-8A8D-DBE81A143ECC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18A90712-0CD9-4884-8715-177389AFECE1}" => removed successfully
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Software\Classes\.cmd => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{820BDC2D-1812-417B-907A-D36F4C0A2F61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{820BDC2D-1812-417B-907A-D36F4C0A2F61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EVGA Flow Control " => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19045.2604


[==                         3.8%                           ]

[==                         4.3%                           ]

[===                        5.3%                           ]

[===                        6.3%                           ]

[===                        6.8%                           ]

[====                       7.5%                           ]

[====                       8.5%                           ]

[=====                      9.4%                           ]

[======                     10.4%                          ]

[======                     11.4%                          ]

[=======                    12.4%                          ]

[=======                    13.4%                          ]

[========                   14.3%                          ]

[========                   15.3%                          ]

[=========                  16.2%                          ]

[=========                  17.1%                          ]

[==========                 18.1%                          ]

[===========                19.1%                          ]

[===========                20.0%                          ]

[============               21.0%                          ]

[============               22.0%                          ]

[=============              22.9%                          ]

[=============              23.9%                          ]

[==============             24.9%                          ]

[===============            25.9%                          ]

[===============            26.9%                          ]

[================           27.8%                          ]

[================           28.5%                          ]

[================           29.3%                          ]

[=================          29.7%                          ]

[=================          29.8%                          ]

[=================          30.0%                          ]

[=================          31.0%                          ]

[==================         32.0%                          ]

[===================        33.0%                          ]

[===================        34.0%                          ]

[====================       34.9%                          ]

[====================       35.9%                          ]

[=====================      36.9%                          ]

[=====================      37.6%                          ]

[======================     38.6%                          ]

[======================     39.3%                          ]

[=======================    40.3%                          ]

[=======================    40.5%                          ]

[=======================    41.3%                          ]

[=======================    41.3%                          ]

[========================   41.8%                          ]

[========================   42.7%                          ]

[=========================  43.2%                          ]

[=========================  43.3%                          ]

[=========================  43.5%                          ]

[=========================  43.9%                          ]

[=========================  44.4%                          ]

[========================== 44.8%                          ]

[========================== 45.3%                          ]

[========================== 45.5%                          ]

[========================== 45.6%                          ]

[========================== 45.7%                          ]

[========================== 46.2%                          ]

[========================== 46.4%                          ]

[===========================46.8%                          ]

[===========================47.4%                          ]

[===========================48.4%                          ]

[===========================49.4%                          ]

[===========================50.3%                          ]

[===========================51.3%                          ]

[===========================52.3%                          ]

[===========================53.1%                          ]

[===========================53.8%                          ]

[===========================53.9%                          ]

[===========================53.9%                          ]

[===========================54.1%                          ]

[===========================54.1%                          ]

[===========================54.2%                          ]

[===========================54.3%                          ]

[===========================54.3%                          ]

[===========================54.5%                          ]

[===========================54.5%                          ]

[===========================54.6%                          ]

[===========================54.6%                          ]

[===========================54.7%                          ]

[===========================54.8%                          ]

[===========================54.9%                          ]

[===========================55.0%                          ]

[===========================55.0%                          ]

[===========================55.1%                          ]

[===========================55.2%                          ]

[===========================55.2%                          ]

[===========================55.3%                          ]

[===========================55.4%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.6%                          ]

[===========================55.6%                          ]

[===========================55.7%                          ]

[===========================55.8%                          ]

[===========================55.8%                          ]

[===========================56.0%                          ]

[===========================56.0%                          ]

[===========================56.2%                          ]

[===========================56.4%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.7%                          ]

[===========================56.8%                          ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================57.0%=                         ]

[===========================57.7%=                         ]

[===========================58.4%=                         ]

[===========================59.4%==                        ]

[===========================60.4%===                       ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========


========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 142037667 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 13066857 B
Edge => 0 B
Chrome => 316000947 B
Firefox => 1168828869 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 22812 B
NetworkService => 2038886 B
slyda => 147500710 B

RecycleBin => 8084228 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:41:27 ====


  • 1

#6
DR M
Posted 17 February 2023 - 08:52 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.
 
The fix removed the following task related to Evga. Although it is referred to a non existing file (that's why I asked you if the program runs correctly), maybe it is the cause the program didn't start. In any case, if you would like it to start when Windows start, let me know.
 
No corruptions in your system, and no sign of malware/infection.
 
Just to be sure:

1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report
  • More info/details about the issue with browsers.

  • 0

#7
sl962
Posted 17 February 2023 - 01:16 PM

sl962

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Thanks again DR M. Ive been fairly busy for the last couple days and have done a lot surfing. I have not had an issue today or yesterday which is very encouraging. I'll let you know if anything odd happens in the next week or so. I am amazed there are no viruses / malware on this machine. Is the native Windows 10 security that good? Or am I just lucky...

Here are the requested logs:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-17-2023
# Duration: 00:00:04
# OS:       Windows 10 (Build 19045.2604)
# Scanned:  32098
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.AmazonTB           Amazon Assistant - [email protected]

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/17/23
Scan Time: 10:49 AM
Log File: cf835566-aef3-11ed-b4f7-f07959de46f0.json

-Software Information-
Version: 4.5.22.236
Components Version: 1.0.1915
Update Package Version: 1.0.65801
License: Trial

-System Information-
OS: Windows 10 (Build 19045.2604)
CPU: x64
File System: NTFS
User: PC1\slyda

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288339
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 7 min, 8 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Amazon1Button, C:\USERS\SLYDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XW3QES6T.DEFAULT-RELEASE\EXTENSIONS\[email protected], No Action By User, 2972, 493346, 1.0.65801, , ame, , BEC35FE18C94BDE6D391785AC727BE04, 1412ED25AD4112777A0C3D9C09C9D80B6C6EFAE3778F7B5B067A191F464070B0

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


  • 0

#8
DR M
Posted 17 February 2023 - 01:24 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

 

I am amazed there are no viruses / malware on this machine. Is the native Windows 10 security that good?

 

It's a combination: Windows Defender + You. :)

 

As you see, the scans above detected a PUP, meaning Potentially Unwanted Program. Potentially means... potentially, but I recommend you to remove it.
 
To proceed:

1. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Fresh FRST logs

 

Please run FRST once more and provide fresh logs for me.

 

 

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The Malwarebytes report
  • Fresh FRST logs, Addition and FRST

 

Note: It's good to hear that things are good with browsers. Work with the computer for a while, and let me know if you notice something weird.


  • 0

#9
sl962
Posted 18 February 2023 - 10:05 AM

sl962

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Good Morning DR M. Thanx again for your time.  No Issues to report at this time. Limited surfing last night with all 3 of the browsers I use and no freeze ups. Here are the logs you requested:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-18-2023
# Duration: 00:00:00
# OS:       Windows 10 (Build 19045.2604)
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted       Amazon Assistant - [email protected]

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1450 octets] - [17/02/2023 10:27:46]
AdwCleaner[S01].txt - [1511 octets] - [18/02/2023 07:36:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/18/23
Scan Time: 7:42 AM
Log File: e5824bce-afa2-11ed-833a-f07959de46f0.json

-Software Information-
Version: 4.5.22.236
Components Version: 1.0.1915
Update Package Version: 1.0.65833
License: Trial

-System Information-
OS: Windows 10 (Build 19045.2604)
CPU: x64
File System: NTFS
User: PC1\slyda

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288286
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 9 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2023
Ran by slyda (administrator) on PC1 (ASUS All Series) (18-02-2023 07:53:40)
Running from C:\Users\slyda\Desktop
Loaded Profiles: slyda
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-20] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1690368 2022-07-22] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Programs\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\Run: [MicrosoftEdgeAutoLaunch_241B3695C747FA892B3189A5166E2785] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243408 2023-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [224768 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP D911 Status Monitor: C:\Windows\system32\hpinkstsD911LM.dll [393352 2017-03-27] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe [2023-02-16] (Google LLC -> Google LLC)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume6autocheck autochk *

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A31ED9A-806F-4227-9084-4C487FCB24D8} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {130609B5-50DE-491F-B38D-996C06F39ABB} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {18DA377B-F98E-41BF-95F3-8B253E9C604C} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [263136 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {3C20D4B9-F953-4344-B13E-3398BD3749C5} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [57312 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {4AB5A7AA-C310-4017-B25C-CF83557ECEE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52DD6AF9-41F9-4247-84BC-D195C949F2E8} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [57312 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {776131BA-9005-4BD4-9ECA-90A08289ADC8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8AD0F2CC-11C2-4F98-A645-D573DD3C20E6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-15] (Mozilla Corporation -> Mozilla Foundation)
Task: {AD3171E4-888C-4157-B100-0B1CD8A4F8EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-30] (Google LLC -> Google LLC)
Task: {BF206C33-E9D1-448F-9711-3067A138D3DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C8B475DE-EB2F-4C54-99F9-99D876307AC2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2D1D76E-5643-4165-A109-8121C7D195D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-30] (Google LLC -> Google LLC)
Task: {FA68CF3A-805C-4501-9FA5-3C8ADE492FCD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {FC55A76C-DD57-4DA8-8694-F0FEE73337FD} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1708512 2022-08-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d05a6877-748b-40cb-afa3-fa8c8ac27c52}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{d05a6877-748b-40cb-afa3-fa8c8ac27c52}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\slyda\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-18]
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge Extension: (Amazon Assistant) - C:\Users\slyda\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2021-09-28]
Edge Extension: (Edge relevant text changes) - C:\Users\slyda\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-02-14]
Edge Extension: (AdBlocker Ultimate) - C:\Users\slyda\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pciakllldcajllepkbbihkmfkikheffb [2023-01-24]

FireFox:
========
FF DefaultProfile: ujv9y5qm.default
FF ProfilePath: C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\ujv9y5qm.default [2023-02-16]
FF ProfilePath: C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release [2023-02-18]
FF Homepage: Mozilla\Firefox\Profiles\xw3qes6t.default-release -> hxxps://www.google.com/
FF Extension: (Privacy Badger) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\[email protected] [2023-02-03]
FF Extension: (AdBlock — best ad blocker) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\[email protected] [2023-01-02]
FF Extension: (Pinterest Save Button) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\[email protected] [2023-01-14]
FF Extension: (Logitech SetPoint) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2023-01-14]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\slyda\AppData\Roaming\Mozilla\Firefox\Profiles\xw3qes6t.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2022-08-19] [not signed]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-02-13] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default [2023-02-16]
CHR Extension: (Slate) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhmcmgkegfffbbfobhjpdbimgmoohap [2022-12-27]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-25]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-02-06]
CHR Extension: (Tabs to Front v2) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiojfifkpjkhcdjfgekmfobhfdohlecg [2022-12-27]
CHR Extension: (MediaPlayer - Video and Audio Player) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmhnaapafpejpkhdhijgkljhpcpecpj [2022-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\slyda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [55264 ] (Advanced Micro Devices Inc. -> AMD)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8967840 2023-02-17] (Malwarebytes Inc. -> Malwarebytes)
S3 Microsoft Office Groove Audit Service; D:\Programs\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2023-01-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63096 2022-02-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 CCVI; C:\Windows\system32\drivers\CCVI.sys [16384 2012-01-30] (Asetek Inc. -> Silicon Laboratories)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 Driver; C:\Program Files (x86)\EVGA\Kernel\driver-x64.sys [39856 2022-01-27] (EVGA Corp. -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-02-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198080 2023-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77736 2023-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2023-02-18] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsl4bd18fe0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A086F1E2-E778-4D78-AD01-89F7EF9B0E12}\MpKslDrv.sys [214280 2023-02-18] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2023-02-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473336 2023-02-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-18 07:53 - 2023-02-18 07:53 - 000000000 ____D C:\Users\slyda\Desktop\FRST-OlderVersion
2023-02-18 07:44 - 2023-02-18 07:53 - 000001221 _____ C:\Users\slyda\Desktop\Mbam 2-18.txt
2023-02-18 07:39 - 2023-02-18 07:39 - 000001681 _____ C:\Users\slyda\Desktop\AdwCleaner[C01].txt
2023-02-18 06:55 - 2023-02-18 06:55 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-02-17 10:59 - 2023-02-17 10:59 - 000001483 _____ C:\Users\slyda\Desktop\MbamLog.txt
2023-02-17 10:47 - 2023-02-17 10:47 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-02-17 10:47 - 2023-02-17 10:47 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-02-17 10:46 - 2023-02-17 10:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-02-17 10:30 - 2023-02-17 10:30 - 000001450 _____ C:\Users\slyda\Desktop\AdwCleaner[S00].txt
2023-02-17 10:27 - 2023-02-18 07:36 - 000000000 ____D C:\AdwCleaner
2023-02-17 10:25 - 2023-02-17 10:25 - 000002283 _____ C:\Users\slyda\Desktop\G2G 2-17.txt
2023-02-17 09:55 - 2023-02-17 09:55 - 002555248 _____ (Malwarebytes) C:\Users\slyda\Desktop\MBSetup.exe
2023-02-17 09:54 - 2023-02-17 09:54 - 008791352 _____ (Malwarebytes) C:\Users\slyda\Desktop\AdwCleaner.exe
2023-02-16 19:36 - 2023-02-16 19:41 - 000015982 _____ C:\Users\slyda\Desktop\Fixlog.txt
2023-02-15 16:42 - 2023-02-15 16:43 - 000044235 _____ C:\Users\slyda\Desktop\Addition.txt
2023-02-15 16:41 - 2023-02-18 07:54 - 000016875 _____ C:\Users\slyda\Desktop\FRST.txt
2023-02-15 09:31 - 2023-02-15 09:31 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-02-15 08:46 - 2023-02-15 14:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-14 20:47 - 2023-02-14 20:48 - 000000000 ___HD C:\$WinREAgent
2023-02-14 07:58 - 2023-02-15 18:30 - 000438674 _____ C:\Users\slyda\Desktop\Cordless-Drill-Charge-Station-Cut-List-and-plans-hertoolbelt.xlsx
2023-02-12 09:24 - 2023-02-18 07:53 - 002378240 _____ (Farbar) C:\Users\slyda\Desktop\FRST64.exe
2023-02-10 11:25 - 2023-02-10 11:32 - 000000053 _____ C:\Users\slyda\Desktop\Car.txt
2023-02-07 13:33 - 2023-02-07 13:33 - 000000934 _____ C:\Users\slyda\Desktop\Queens Quest 4 Sacred Truce.lnk
2023-02-06 11:21 - 2023-02-06 11:21 - 000000000 ____D C:\Windows\system32\Tasks\PowerToys
2023-02-06 11:21 - 2023-02-06 11:21 - 000000000 ____D C:\Users\slyda\AppData\Local\ToastNotificationManagerCompat
2023-02-06 11:21 - 2023-02-06 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2023-02-06 11:21 - 2023-02-06 11:21 - 000000000 ____D C:\Program Files\PowerToys
2023-02-03 14:07 - 2023-02-03 14:07 - 000000118 _____ C:\Users\slyda\Desktop\MemSpec.txt
2023-02-03 10:02 - 2023-02-03 10:03 - 000000000 ____D C:\Program Files\Gstarsoft
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\Users\slyda\AppData\Roaming\Gstarsoft
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\Users\slyda\AppData\Local\Gstarsoft
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\ProgramData\glmclient
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\ProgramData\FLEXnet
2023-02-03 10:02 - 2023-02-03 10:02 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2023-02-03 09:21 - 2023-02-03 09:21 - 000000000 ____D C:\Users\slyda\Desktop\WoodToolHolders
2023-02-01 10:23 - 2023-02-01 10:23 - 000168332 _____ C:\Users\slyda\Desktop\Gmail - RockAuto Order Confirmation 229412093.pdf
2023-01-28 11:31 - 2023-01-28 11:31 - 000000869 _____ C:\Users\slyda\Desktop\Atlantis Quest.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-18 07:53 - 2022-09-22 08:42 - 000000000 ____D C:\FRST
2023-02-18 07:35 - 2022-12-27 09:06 - 000000000 ____D C:\Users\slyda\AppData\LocalLow\Mozilla
2023-02-18 07:32 - 2021-09-28 15:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-18 07:19 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-18 07:10 - 2021-09-30 08:50 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-18 07:00 - 2021-09-28 15:39 - 000005800 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-18 06:58 - 2022-03-24 08:15 - 000004164 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{77F4FDE0-75AD-4205-81EC-0A6B455DF237}
2023-02-18 06:57 - 2022-12-27 09:06 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-18 06:56 - 2022-08-19 12:54 - 000000000 ____D C:\Users\slyda\AppData\Local\LogiBolt
2023-02-18 06:56 - 2021-09-28 15:48 - 000000000 ___RD C:\Users\slyda\OneDrive
2023-02-18 06:56 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2023-02-18 06:55 - 2022-11-18 10:49 - 000003102 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2023-02-18 06:55 - 2022-11-18 10:29 - 000003078 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2023-02-18 06:55 - 2022-07-31 13:47 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-02-18 06:55 - 2022-07-31 13:47 - 000000000 __SHD C:\Users\slyda\IntelGraphicsProfiles
2023-02-18 06:55 - 2021-09-28 15:33 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-18 06:55 - 2021-09-28 15:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-17 22:10 - 2021-09-28 15:46 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-02-17 22:10 - 2019-12-07 01:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-17 21:40 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-17 21:03 - 2021-09-28 15:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-17 10:47 - 2021-09-28 15:47 - 000000000 ____D C:\Users\slyda\AppData\Local\D3DSCache
2023-02-17 10:46 - 2022-11-03 07:44 - 000000000 ____D C:\Program Files\Malwarebytes
2023-02-17 10:46 - 2019-12-07 01:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-02-16 19:40 - 2022-02-14 11:44 - 000000000 ____D C:\Users\slyda\AppData\LocalLow\Temp
2023-02-16 19:38 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2023-02-16 19:33 - 2022-11-17 18:25 - 000002021 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-02-16 19:33 - 2022-10-11 14:14 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-02-16 19:33 - 2021-11-24 23:00 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-02-16 19:32 - 2022-12-27 09:19 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-16 19:32 - 2022-12-27 09:19 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-02-15 16:36 - 2021-09-28 15:44 - 000000000 ____D C:\Users\slyda
2023-02-15 14:07 - 2022-12-27 09:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-15 14:07 - 2021-12-11 00:34 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-75407873-1150127510-1758922346-1001
2023-02-15 14:07 - 2021-09-28 15:48 - 000003352 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-75407873-1150127510-1758922346-1001
2023-02-15 14:07 - 2021-09-28 15:44 - 000002379 _____ C:\Users\slyda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-15 09:31 - 2022-12-27 09:06 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-15 08:47 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2023-02-14 20:55 - 2021-09-28 15:33 - 000449216 _____ C:\Windows\system32\FNTCACHE.DAT
2023-02-14 20:55 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemResources
2023-02-14 20:55 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\setup
2023-02-14 20:55 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\bcastdvr
2023-02-14 20:52 - 2021-09-28 16:32 - 000416046 __RSH C:\bootmgr
2023-02-14 20:52 - 2021-09-28 15:37 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-02-14 20:46 - 2021-09-28 15:56 - 000000000 ____D C:\Windows\system32\MRT
2023-02-14 20:44 - 2021-09-28 15:56 - 149955784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-02-14 09:36 - 2022-12-02 11:08 - 000000000 ____D C:\Users\slyda\AppData\Local\AMD_Common
2023-02-09 19:19 - 2021-09-28 15:33 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 19:19 - 2021-09-28 15:33 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-08 15:20 - 2022-09-27 16:11 - 000002308 _____ C:\Users\slyda\Desktop\Kindle.lnk
2023-02-08 07:14 - 2021-09-28 15:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-02-07 13:36 - 2021-12-18 13:24 - 000000000 ____D C:\Users\slyda\AppData\Roaming\Brave Giant
2023-02-07 13:33 - 2021-10-07 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2023-02-06 11:21 - 2021-09-30 09:05 - 000000000 ____D C:\ProgramData\Package Cache
2023-02-06 06:34 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\NDF
2023-02-03 10:11 - 2021-09-28 15:47 - 000000000 ____D C:\Users\slyda\AppData\Local\Packages
2023-02-03 09:58 - 2021-09-28 15:48 - 000000000 ____D C:\Users\slyda\AppData\Local\PlaceholderTileLogoFolder
2023-02-01 10:40 - 2022-11-30 08:18 - 000000000 ____D C:\Users\slyda\AppData\Local\CrashDumps
2023-01-30 11:10 - 2021-11-11 07:52 - 000000000 ____D C:\Users\slyda\AppData\Local\ElevatedDiagnostics
2023-01-25 15:13 - 2021-09-28 15:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-23 12:19 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\oobe
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-01-23 12:19 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\PolicyDefinitions

==================== Files in the root of some directories ========

2022-07-25 10:08 - 2022-07-25 10:08 - 000000017 _____ () C:\Users\slyda\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2023
Ran by slyda (18-02-2023 07:54:38)
Running from C:\Users\slyda\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) (2021-09-28 23:35:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-75407873-1150127510-1758922346-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-75407873-1150127510-1758922346-503 - Limited - Disabled)
Guest (S-1-5-21-75407873-1150127510-1758922346-501 - Limited - Disabled)
slyda (S-1-5-21-75407873-1150127510-1758922346-1001 - Administrator - Enabled) => C:\Users\slyda
WDAGUtilityAccount (S-1-5-21-75407873-1150127510-1758922346-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Acrylic Wi-Fi Home v4.5 (HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 4.5 - Tarlogic Research S.L.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20322 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.33.0.62002 - Amazon)
Amazon Kindle (HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\Amazon Kindle) (Version: 1.40.0.65415 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.6.1 - Advanced Micro Devices, Inc.)
Atlantis Quest (HKLM-x32\...\Atlantis Quest_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
CPUID HWMonitor 1.48 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.48 - CPUID, Inc.)
Cradle of Rome 2 (HKLM-x32\...\Cradle of Rome 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Deadly Association (HKLM-x32\...\Deadly Association_is1) (Version: 1.0 - Media Contact LLC)
Dreamscapes 2 (HKLM-x32\...\Dreamscapes 2_is1) (Version: 1.0 - Media Contact LLC)
Dreamscapes The Sandman (HKLM-x32\...\Dreamscapes The Sandman_is1) (Version: 1.0 - Media Contact LLC)
EVGA Flow Control (HKLM\...\EVGA Flow Control) (Version: 2.1.0.0 - EVGA Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.104 - Google LLC)
Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)
Hidden Investigation Who Did It (HKLM-x32\...\Hidden Investigation Who Did It_is1) (Version: 1.0 - GameTop Pte. Ltd.)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
Hypnosis (HKLM-x32\...\Hypnosis_is1) (Version: 1.0 - Media Contact LLC)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Jigsaw Boom 3 (HKLM-x32\...\Jigsaw Boom 3_is1) (Version: 1.0 - GameTop Pte. Ltd.)
LED Sync (HKLM-x32\...\{417D2425-8783-46D4-97DF-EEF7CD17D656}) (Version: 1.1.1 - EVGA)
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.2.6024.0 - Logi)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.70.68 - Logitech)
Logitech SetPoint 6.70 (HKLM\...\sp6) (Version: 6.70.55 - Logitech)
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.29 - PasswdFinder)
Malwarebytes version 4.5.22.236 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.22.236 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.49 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.46 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-75407873-1150127510-1758922346-1001\...\OneDriveSetup.exe) (Version: 23.023.0129.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29325 (HKLM\...\{26AF0C35-55EC-4025-8D83-349E8FB1419F}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29325 (HKLM\...\{7D0362D5-C699-4403-BC09-0C1DAD1D93AB}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29325 (HKLM-x32\...\{B40FC85D-2B12-46E0-B950-E5B27E348793}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29325 (HKLM-x32\...\{EE2E15BB-54C8-4DB0-B1F3-026E3C166991}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM\...\{5BEE5F3E-4D78-4DE8-A8F3-36D3E9D8868C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x64) (HKLM-x32\...\{0eddeab6-01c1-4cf7-83ba-164ea8974c90}) (Version: 3.1.32.31915 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0 (x64 en-US)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 108.0.1 - Mozilla)
PowerToys (Preview) (HKLM\...\{3F721FAF-9D33-4840-9082-F9D5E0ED6970}) (Version: 0.67.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{d67866da-9154-404e-88f3-4ed81ad200bc}) (Version: 0.67.0 - Microsoft Corporation)
Queens Quest 4 Sacred Truce (HKLM-x32\...\Queens Quest 4 Sacred Truce_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Queens Quest Tower of Darkness (HKLM-x32\...\Queens Quest Tower of Darkness_is1) (Version: 1.0 - GameTop Pte. Ltd.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1015.1016.1016.191212 - REALTEK Semiconductor Corp.)
Season Match 2 (HKLM-x32\...\Season Match 2_is1) (Version: 1.0 - Media Contact LLC)
Season Match 3 (HKLM-x32\...\Season Match 3_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Spear of Destiny The Final Journey (HKLM-x32\...\Spear of Destiny The Final Journey_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)

Packages:
=========
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.89.6271.0_x64__8wekyb3d8bbwe [2023-02-08] (Microsoft Corporation) [Startup Task]
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.49.0_x64__sbe4t8mqwq93a [2022-12-13] (NG PDF Lab) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-04] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-07] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{0440049F-D1DC-4E46-B27B-98393D79486B}\InprocServer32 -> C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{51B4D7E5-7568-4234-B4BB-47FB3C016A69}\InprocServer32 -> C:\Program Files\PowerToys\modules\ImageResizer\PowerToys.ImageResizerExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{84D68575-E186-46AD-B0CB-BAEB45EE29C0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{A5A41CC7-02CB-41D4-8C9B-9087040D6098}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.PdfPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{D8BB9942-93BD-412D-87E4-33FAB214DC1A}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.PdfThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-75407873-1150127510-1758922346-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programs\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2022-08-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2_S-1-5-21-75407873-1150127510-1758922346-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3_S-1-5-21-75407873-1150127510-1758922346-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\modules\FileLocksmith\PowerToys.FileLocksmithExt.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3_S-1-5-21-75407873-1150127510-1758922346-1001: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-03-09 19:48 - 2021-03-09 19:48 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2020-11-20] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programs\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2020-11-20] (Logitech Inc -> Logitech, Inc.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programs\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-75407873-1150127510-1758922346-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1A202498-3D30-4DC1-9C8A-F2BD7DF16243}] => (Allow) D:\Programs\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2E703DE4-4D64-4418-B5DB-0D88179B33FB}] => (Allow) D:\Programs\Office12\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ECA5BD37-A260-4F80-BC0F-3378E8DFE97B}] => (Allow) D:\Programs\Office12\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F407327E-99D8-4351-A3EE-E8009BF34D5E}] => (Allow) D:\Programs\Office12\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26CB0CC1-4B3F-41CF-A286-0E1A4175A037}] => (Allow) D:\Programs\Office12\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{38286CEC-A3A1-4E5E-AE02-E2C3710FE4D8}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6A00D5CF-70D9-4E2F-8C01-36E474E5C2A1}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{A528982F-CF67-45EF-BDBC-901C2DD44811}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{4DB41583-C6BD-4639-8D38-44A17ABA64ED}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{2827FF5B-97F6-4009-A10B-C83992BBC530}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{919E9BDB-F3BB-4F7E-8EF3-221E436F3189}] => (Allow) LPort=5357
FirewallRules: [{64183BCC-586A-4C5A-B27C-6EDD90E9C3C5}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{08D6DA35-E50B-4554-9F4B-80FD4893BDDF}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{0041A4A9-AFE4-4FB7-B54D-CEF9D3063362}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1A3D25EE-D880-4FB6-AB7C-D85465A7AC2C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E7C6549E-0359-44C2-BA2E-0A3FB9D18ED2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{97283740-A7AA-40C4-81A2-534B60D0EE4A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

14-02-2023 20:48:36 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/17/2023 10:09:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/17/2023 10:09:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/17/2023 10:09:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/17/2023 10:09:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/17/2023 10:09:58 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007045B

Error: (02/16/2023 07:42:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/16/2023 07:42:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/16/2023 07:36:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet


System errors:
=============
Error: (02/18/2023 07:36:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/18/2023 07:36:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/18/2023 07:36:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Realtek Bluetooth Device Manager Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/18/2023 07:36:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/18/2023 07:36:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Print Scan Doctor Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/18/2023 07:36:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/18/2023 07:36:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FlexNet Licensing Service 64 service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/18/2023 07:36:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD Crash Defender Service service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
================
Date: 2023-02-17 22:09:43
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-17 21:01:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-10 08:21:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-06 18:41:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-02-06 13:42:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-02-18 07:19:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-07 14:12:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3503 04/18/2018
Motherboard: ASUSTeK COMPUTER INC. Z97-AR
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 24%
Total physical RAM: 16256.32 MB
Available physical RAM: 12289.4 MB
Total Virtual: 18688.32 MB
Available Virtual: 13782.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:52.91 GB) (Model: ADATA SP600) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (SSDNew Volume) (Fixed) (Total:953.87 GB) (Free:651.98 GB) (Model: TEAM T253E2001T) NTFS
Drive f: (WDBackUp) (Fixed) (Total:931.51 GB) (Free:703.72 GB) (Model: WDC WD10EZRX-00D8PB0) NTFS
Drive g: (WDNew Volume) (Fixed) (Total:931.51 GB) (Free:648.58 GB) (Model: WDC WD10EZRX-00D8PB0) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 19D79FB0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 19D79FB1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 3262B621)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 953.9 GB) (Disk ID: 08E644F7)
Partition 1: (Not Active) - (Size=953.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#10
DR M
Posted 18 February 2023 - 10:43 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.
 
All clean now.  :)
 
If no other questions/issues/concerns...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#11
sl962
Posted 18 February 2023 - 01:12 PM

sl962

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Thank You again DR M. All seems well at this point. I was wondering if I need all the latest Radeon software to run my 8 year old AMD R9-270x video card? Seems like a lot of it is for much newer video cards and games. As I'm not much of a gamer I don't think I'm taking advantage of the software anyway. Does it use up resources that can be freed up or should I just let it be because it's not causing me any issues? Here is the requested kprm log:

 

# Run at 2/18/2023 10:58:35 AM
# KpRm (Kernel-panik) version 2.11.0
# Website https://kernel-panik.me/tool/kprm/
# Run by slyda from C:\Users\slyda\Desktop
# Computer Name: PC1
# OS: Windows 10 X64 (19045) (10.0.19045.0)
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Create Registry Backup -

   ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\slyda\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2023-02-18-10-58-35

- Delete Tools -


  ## AdwCleaner
     [OK] C:\Users\slyda\Desktop\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted

  ## FRST
     [OK] C:\Users\slyda\Desktop\Addition.txt deleted
     [OK] C:\Users\slyda\Desktop\Fixlog.txt deleted
     [OK] C:\Users\slyda\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\slyda\Desktop\FRST.txt deleted
     [OK] C:\Users\slyda\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted

  ## Malwarebytes (log)
     [OK] C:\Users\slyda\Desktop\Mbam 2-18.txt deleted
     [OK] C:\Users\slyda\Desktop\MbamLog.txt deleted

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

     [I] No system recovery points were found

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ [I] RP named KpRm created at 02/18/2023 18:58:46

-- KPRM finished in 20.97s --


 


  • 0

#12
DR M
Posted 18 February 2023 - 01:22 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Regarding your question about Radeon and drivers, I would go for the latest version. You don't have an issue with your resources right now. However, since I'm not an expert in this area, I would advise you to start a topic here: http://www.geekstogo...nd-peripherals/and ask there. Hopefully, someone will give you a more inclusive reply.
 
Since you are clean, and since we are in the Malware Removal Forum, let me close with my favorite security tips. :)

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif


I'm glad I was able to help you.


  • 0

#13
DR M
Posted 20 February 2023 - 12:13 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

It appears that this issue is resolved, and therefore this topic has been marked as such.
 
Glad we could help.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP