[mx842]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2023

Ran by Lin (administrator) on DESKTOP-TB9AP1R (Dell Inc. OptiPlex 790) (08-12-2023 13:51:37)

Running from C:\Users\Lin\Desktop\FRST64.exe

Loaded Profiles: Lin

Platform: Microsoft Windows 10 Home Version 22H2 19045.3758 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe

(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

(explorer.exe ->) (Canon Inc. -> CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe

(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe

(explorer.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>

(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21752.0_x64__8wekyb3d8bbwe\HxOutlook.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21752.0_x64__8wekyb3d8bbwe\HxTsr.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Lin\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\FileCoAuth.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (Canon Inc. -> CANON INC.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (Canon Inc. -> CANON INC.)

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\...\Run: [MicrosoftEdgeAutoLaunch_2A9AA68EC7A79356B9193EA1B23153EB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)

HKLM\...\Windows x64\Print Processors\Canon MG2100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAQ.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2100 series: C:\Windows\system32\CNMLMAQ.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2100 series XPS: C:\Windows\system32\CNMXLMAQ.DLL [385536 2011-05-23] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

 

==================== Scheduled Tasks (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {42C24B5D-993A-45F9-AD76-77B0B846AD17} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [256512 2023-12-06] (Microsoft Windows -> Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{93de2c58-ffe8-42f6-9b9d-302fb1219e53}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{e5f92500-5178-4e85-a38d-e9d831f827d5}: [DhcpNameServer] 209.18.47.62 4.2.2.6 208.67.222.222

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\Lin\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-08]

Edge Extension: (Google Docs Offline) - C:\Users\Lin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-04]

Edge Extension: (Edge relevant text changes) - C:\Users\Lin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-06]

 

FireFox:

========

FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.) [File not signed]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 GameInputSvc; C:\Windows\System32\GameInputSvc.exe [50168 2023-12-06] (Microsoft Corporation -> Microsoft Corporation)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] (Canon Inc. -> )

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9344352 2023-12-08] (Malwarebytes Inc. -> Malwarebytes)

S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2954424 2023-12-08] (Malwarebytes Inc. -> Malwarebytes)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188008 2023-12-08] (Malwarebytes Inc. -> Malwarebytes)

S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-12-06] (Microsoft Windows -> Microsoft Corporation)

S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2023-12-08 13:06 - 2023-12-08 13:06 - 000188008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

2023-12-08 11:29 - 2023-12-08 11:29 - 000001233 _____ C:\Users\Lin\Documents\mwb log file.txt

2023-12-08 08:35 - 2023-12-08 13:47 - 000000000 ____D C:\Users\Lin\AppData\Local\Malwarebytes

2023-12-08 08:35 - 2023-12-08 08:35 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2023-12-08 08:35 - 2023-12-08 08:35 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2023-12-08 08:34 - 2023-12-08 08:34 - 000000000 ____D C:\ProgramData\Malwarebytes

2023-12-08 08:34 - 2023-12-08 08:34 - 000000000 ____D C:\Program Files\Malwarebytes

2023-12-08 08:31 - 2023-12-08 08:31 - 000001144 _____ C:\Users\Lin\Desktop\mb5setup-5.5-50000.50000.exe - Shortcut.lnk

2023-12-08 08:28 - 2023-12-08 08:28 - 002586176 _____ (Malwarebytes) C:\Users\Lin\Downloads\mb5setup-5.5-50000.50000.exe

2023-12-08 08:27 - 2023-12-08 08:23 - 000001780 _____ C:\Users\Lin\Desktop\AdwCleaner[S00].txt

2023-12-08 08:10 - 2023-12-08 08:10 - 000001018 _____ C:\Users\Lin\Desktop\AdwCleaner.exe - Shortcut.lnk

2023-12-08 08:08 - 2023-12-08 12:46 - 000000000 ____D C:\AdwCleaner

2023-12-08 08:07 - 2023-12-08 08:07 - 008791352 _____ (Malwarebytes) C:\Users\Lin\Downloads\AdwCleaner.exe

2023-12-07 18:03 - 2023-12-07 18:02 - 000001074 _____ C:\Users\Lin\Desktop\eset - Copy.txt

2023-12-07 18:02 - 2023-12-07 18:02 - 000001074 _____ C:\Users\Lin\Desktop\eset.txt

2023-12-07 13:32 - 2023-12-07 13:32 - 001798272 _____ C:\Users\Lin\Downloads\KeyScrambler_Setup.exe

2023-12-07 12:35 - 2023-12-07 12:35 - 000008440 _____ C:\Users\Lin\Downloads\Fixlog.txt

2023-12-07 11:44 - 2023-12-07 11:44 - 000001274 _____ C:\Users\Lin\Desktop\ESET Online Scanner.lnk

2023-12-07 11:43 - 2023-12-07 11:43 - 015274968 _____ (ESET) C:\Users\Lin\Downloads\esetonlinescanner (1).exe

2023-12-07 11:42 - 2023-12-07 11:42 - 015274968 _____ (ESET) C:\Users\Lin\Downloads\esetonlinescanner.exe

2023-12-07 11:30 - 2023-12-07 11:44 - 000001380 _____ C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk

2023-12-07 11:30 - 2023-12-07 11:30 - 000000000 ____D C:\Users\Lin\AppData\Local\ESET

2023-12-07 10:59 - 2023-12-07 10:59 - 000022748 _____ C:\Users\Lin\Downloads\Addition (1).txt

2023-12-07 10:56 - 2023-12-07 10:56 - 000036107 _____ C:\Users\Lin\Downloads\FRST (1).txt

2023-12-07 09:57 - 2023-12-08 13:28 - 000000000 ____D C:\Users\Lin\Desktop\FRST-OlderVersion

2023-12-07 09:57 - 2023-12-07 11:15 - 000008440 _____ C:\Users\Lin\Desktop\Fixlog.txt

2023-12-07 09:57 - 2023-12-07 09:57 - 000003093 _____ C:\Users\Lin\Desktop\ohrvhlotbd.txt

2023-12-06 14:24 - 2023-12-06 14:24 - 000022748 _____ C:\Users\Lin\Downloads\Addition.txt

2023-12-06 14:19 - 2023-12-06 14:19 - 000036107 _____ C:\Users\Lin\Downloads\FRST.txt

2023-12-06 14:04 - 2023-12-08 13:34 - 000023623 _____ C:\Users\Lin\Desktop\Addition.txt

2023-12-06 13:59 - 2023-12-08 13:52 - 000009295 _____ C:\Users\Lin\Desktop\FRST.txt

2023-12-06 13:55 - 2023-12-06 13:55 - 000000000 ____D C:\Users\Lin\Downloads\FRST-OlderVersion

2023-12-06 13:54 - 2023-12-08 13:52 - 000000000 ____D C:\FRST

2023-12-06 13:54 - 2023-12-08 13:28 - 002384896 _____ (Farbar) C:\Users\Lin\Desktop\FRST64.exe

2023-12-06 10:13 - 2023-12-06 10:13 - 000000000 ____D C:\Windows\InboxApps

2023-12-06 10:03 - 2023-12-06 10:03 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json

2023-12-06 09:42 - 2023-12-06 09:42 - 000000000 ___HD C:\$WinREAgent

2023-12-01 14:17 - 2023-12-01 14:17 - 000355203 _____ C:\Users\Lin\Downloads\[No Subject].zip

2023-12-01 14:16 - 2023-12-01 14:17 - 000513399 _____ C:\Users\Lin\Downloads\mail.eml

2023-11-22 11:55 - 2023-11-22 11:56 - 000000000 _____ C:\Users\Lin\Downloads\PrivacyPolicy.pdf

2023-11-21 13:09 - 2023-11-21 13:09 - 000841678 _____ C:\Users\Lin\Downloads\Used Sold 17″ x 45″ Clausing Metosa EL-1745CS CNC Tool Room Lathe W_Fagor 800T CNC Control at Mac....html

2023-11-21 13:09 - 2023-11-21 13:09 - 000000000 ____D C:\Users\Lin\Downloads\Used Sold 17″ x 45″ Clausing Metosa EL-1745CS CNC Tool Room Lathe W_Fagor 800T CNC Control at Mac..._files

2023-11-13 12:35 - 2023-11-13 12:35 - 004445075 _____ C:\Users\Lin\Downloads\Bridgeport-Vertical-Mill-Manual.pdf

2023-11-13 11:17 - 2023-12-05 07:35 - 000000022 _____ C:\Users\Lin\Downloads\MS532-18N.zip

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2023-12-08 13:21 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\AppReadiness

2023-12-08 13:21 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2023-12-08 13:10 - 2021-10-21 06:26 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI

2023-12-08 13:10 - 2019-12-07 04:13 - 000000000 ____D C:\Windows\INF

2023-12-08 13:08 - 2021-10-27 08:04 - 000000000 ___RD C:\Users\Lin\OneDrive

2023-12-08 13:06 - 2021-10-21 06:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2023-12-08 13:06 - 2021-10-21 06:15 - 000008192 ___SH C:\DumpStack.log.tmp

2023-12-08 13:05 - 2021-10-27 07:58 - 000000000 ____D C:\Users\Lin

2023-12-08 13:05 - 2019-12-07 04:03 - 000786432 _____ C:\Windows\system32\config\BBI

2023-12-08 10:24 - 2022-09-22 11:15 - 000004164 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{74CF8895-A983-4CB3-AD47-5387A8A57C41}

2023-12-08 10:21 - 2021-10-21 06:15 - 000000000 ____D C:\Windows\system32\SleepStudy

2023-12-08 08:35 - 2019-12-07 04:14 - 000000000 ___HD C:\Windows\ELAMBKUP

2023-12-07 09:58 - 2021-11-01 14:37 - 000000000 ____D C:\Users\Lin\AppData\LocalLow\Temp

2023-12-06 10:18 - 2021-10-27 08:02 - 000000000 ____D C:\Users\Lin\AppData\Local\Packages

2023-12-06 10:15 - 2021-10-21 06:15 - 000268824 _____ C:\Windows\system32\FNTCACHE.DAT

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Dism

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SystemResources

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinMetadata

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\oobe

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\lv-LV

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\lt-LT

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\et-EE

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\es-MX

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Dism

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellExperiences

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\Provisioning

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\PolicyDefinitions

2023-12-06 10:13 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\bcastdvr

2023-12-06 10:13 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\servicing

2023-12-06 10:12 - 2019-12-07 04:03 - 000000000 ____D C:\Windows\CbsTemp

2023-12-06 10:11 - 2019-12-07 04:52 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll

2023-12-06 10:11 - 2019-12-07 04:52 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml

2023-12-06 10:02 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps

2023-12-06 09:38 - 2021-10-31 13:06 - 000000000 ____D C:\ProgramData\CanonIJPLM

2023-12-06 09:22 - 2021-10-21 06:16 - 000000000 ____D C:\Windows\system32\Drivers\wd

2023-12-06 09:05 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\NDF

2023-12-05 00:39 - 2021-10-21 06:17 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2023-12-05 00:39 - 2021-10-21 06:17 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2023-11-23 11:53 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\LiveKernelReports

2023-11-20 11:38 - 2021-12-11 06:23 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1976587878-1381545113-1953759822-1003

2023-11-20 11:38 - 2021-10-27 08:04 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1976587878-1381545113-1953759822-1003

2023-11-20 11:38 - 2021-10-27 08:04 - 000002377 _____ C:\Users\Lin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\F12

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\UNP

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\F12

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\setup

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\oobe

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\Com

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Sysprep

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\ShellExperiences

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\setup

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\migwiz

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\Com

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\appraiser

2023-11-16 18:58 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers

2023-11-16 18:57 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2023-11-16 18:57 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ___RD C:\Windows\PrintDialog

2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\ShellComponents

2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Windows\IME

2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender

2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System

2023-11-16 18:57 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender

2023-11-16 14:31 - 2019-12-07 04:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

2023-11-16 14:31 - 2019-12-07 04:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll

2023-11-16 14:06 - 2021-10-21 06:18 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

2023-11-16 11:52 - 2021-10-27 19:38 - 000000000 ____D C:\Windows\system32\MRT

2023-11-16 11:48 - 2021-10-27 19:38 - 182871392 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

==================== Files in the root of some directories ========

 

2023-06-11 11:27 - 2023-06-11 11:27 - 000007606 _____ () C:\Users\Lin\AppData\Local\Resmon.ResmonCfg

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

[Advertisements]

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2023

Ran by Lin (08-12-2023 13:53:36)

Running from C:\Users\Lin\Desktop

Microsoft Windows 10 Home Version 22H2 19045.3758 (X64) (2021-10-27 11:11:40)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-1976587878-1381545113-1953759822-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1976587878-1381545113-1953759822-503 - Limited - Disabled)

Guest (S-1-5-21-1976587878-1381545113-1953759822-501 - Limited - Disabled)

Lin (S-1-5-21-1976587878-1381545113-1953759822-1003 - Administrator - Enabled) => C:\Users\Lin

WDAGUtilityAccount (S-1-5-21-1976587878-1381545113-1953759822-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )

Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - Canon Inc.)

Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )

Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )

Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

H&R Block Premium + Efile + State 2022 (HKLM-x32\...\{69654063-D165-4494-A83B-C09105247E97}) (Version: 22.07.8401 - HRB Technology, LLC.)

H&R Block Virginia 2022 (HKLM-x32\...\{23B574C3-3A54-4645-932F-C0D40268B5B8}) (Version: 1.22.4601 - H&R Block, Inc.)

LazyCam 3.00.2 (HKLM-x32\...\LazyCam 3.00.2) (Version: 3.00.2 - ArtSoft Inc.)

Mach3 (HKLM-x32\...\Mach3) (Version: 3.043.062 - ArtSoft USA)

Malwarebytes version 5.0.14.89 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.14.89 - Malwarebytes)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)

Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

 

Packages:

=========

HEIC Converter Pro -> C:\Program Files\WindowsApps\38526MediaLife.HeicConverterPro_1.0.3.0_neutral__1crh1k73ty8mg [2023-01-02] (Media Life)

HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-01] (Microsoft Corporation)

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-04] (Microsoft Corporation)

Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-06] (Microsoft Studios) [MS Ad]

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0 [2023-12-06] (Spotify AB) [Startup Task]

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2021-10-31 13:04 - 2011-08-04 13:49 - 000045056 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll

2021-10-31 13:02 - 2011-03-14 21:09 - 000067584 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\BJMyRes.dll

2021-10-31 13:02 - 2011-03-14 21:09 - 000136704 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\cnmpu.dll

2021-10-31 13:04 - 2011-02-08 12:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

2022-01-05 17:29 - 2022-01-05 17:29 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

Toolbar: HKU\S-1-5-21-1976587878-1381545113-1953759822-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Lin\Pictures\IMG_2046.jpeg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [TCP Query User{A0EE1F6F-88A8-4341-A2AB-216CE58164CA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [UDP Query User{8C58A3B2-5487-4ED9-B396-3A3701D4BC7F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [{5F44784E-9369-44CA-9D74-0F3CBBC9A909}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{4DB0C574-E56F-4042-B593-15CFF7E1DB7E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{2AEC85BD-902E-42B0-A52F-2E0A209D7BE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{E65A5D91-F9AF-4E98-9D3E-AE9EB33CD224}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{E6784E10-A097-4BB4-AAE5-EB2814E90343}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{DD512222-2BB1-49E7-BEF6-18091D930C4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{7F8E123D-B5C9-44CA-9214-3A1B19B2960C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{35F14039-686B-4164-A5BC-BFB8DEC742D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{32E0DC40-C688-49D0-B6CA-F52FF3132A25}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{926B33B2-A683-41F3-BB93-C0591E5F4156}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{E78A1666-631E-4A27-ADEF-4B13163FBF55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{706700D4-047C-4E5E-B98C-60DD6BC8EDC1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{1DE5311D-8ABD-4099-9E43-AD614F6BEDE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{30209692-2266-4B82-9F98-BBCCC65233E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{367B1359-5506-47E3-9A4E-5A0DA99DBC12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

 

==================== Restore Points =========================

 

25-11-2023 10:30:58 Scheduled Checkpoint

04-12-2023 14:15:34 Scheduled Checkpoint

06-12-2023 09:25:21 Windows Modules Installer

 

==================== Faulty Device Manager Devices ============

 

Name: PS/2 Compatible Mouse

Description: PS/2 Compatible Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (12/07/2023 08:07:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (12/07/2023 07:40:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (12/07/2023 07:24:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (12/07/2023 06:22:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (12/07/2023 05:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_stisvc, version: 10.0.19041.3636, time stamp: 0x122dc5a3

Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f

Exception code: 0xc0000008

Fault offset: 0x00000000000a0f3a

Faulting process id: 0x608

Faulting application start time: 0x01da2928c67aa7a8

Faulting application path: C:\Windows\system32\svchost.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 76ea7fd4-d399-4c32-9cfa-3a2bda07b97f

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/07/2023 11:31:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2

Faulting module name: WININET.dll, version: 11.0.19041.3636, time stamp: 0x5ccf5c78

Exception code: 0xc0000005

Fault offset: 0x00313a68

Faulting process id: 0x564

Faulting application start time: 0x01da292ad203baa0

Faulting application path: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

Faulting module path: C:\Windows\SYSTEM32\WININET.dll

Report Id: a4d88b6d-d3aa-423c-b1b0-fe9c42e86d41

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/07/2023 11:31:04 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2

Faulting module name: WININET.dll, version: 11.0.19041.3636, time stamp: 0x5ccf5c78

Exception code: 0xc0000005

Fault offset: 0x00313a68

Faulting process id: 0xa90

Faulting application start time: 0x01da292ac24e2464

Faulting application path: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

Faulting module path: C:\Windows\SYSTEM32\WININET.dll

Report Id: 227709b8-b811-4652-8e27-1d89956e0674

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/07/2023 11:13:22 AM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

 

System errors:

=============

Error: (12/08/2023 09:27:35 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (12/08/2023 07:59:50 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 2:47:17 AM on ‎12/‎8/‎2023 was unexpected.

 

Error: (12/08/2023 03:10:04 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (12/07/2023 08:09:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (12/07/2023 05:58:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.403.79.0) - Current Channel (Broad).

 

Error: (12/07/2023 05:58:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/07/2023 02:55:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (12/07/2023 11:48:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

 

Windows Defender:

================

Date: 2023-12-07 12:07:02

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...92&enterprise=0

Name: PUABundler:Win32/YTDVideoDownload

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

Security intelligence Version: AV: 1.403.92.0, AS: 1.403.92.0, NIS: 1.403.92.0

Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2

 

Date: 2023-12-07 11:20:00

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...92&enterprise=0

Name: PUABundler:Win32/YTDVideoDownload

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: Unknown

Security intelligence Version: AV: 1.403.92.0, AS: 1.403.92.0, NIS: 1.403.92.0

Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2

 

Date: 2023-12-07 10:34:53

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2023-12-06 14:04:14

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...92&enterprise=0

Name: PUABundler:Win32/YTDVideoDownload

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:\Users\Lin\Desktop\FRST64.exe

Security intelligence Version: AV: 1.403.43.0, AS: 1.403.43.0, NIS: 1.403.43.0

Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2

 

Date: 2023-12-06 10:17:17

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...92&enterprise=0

Name: PUABundler:Win32/YTDVideoDownload

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: Unknown

Security intelligence Version: AV: 1.403.30.0, AS: 1.403.30.0, NIS: 1.403.30.0

Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2

Event[0]:

 

Date: 2023-12-08 13:05:44

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.

Security intelligence Attempted: Current

Error Code: 0x80501102

Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 

Security intelligence Version: 1.403.137.0;1.403.137.0

Engine Version: 1.1.23110.2

 

Date: 2023-11-27 12:42:18

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.401.1290.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.23100.2009

Error code: 0x80070102

Error description: The wait operation timed out. 

 

Date: 2023-06-14 09:03:23

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.391.1305.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.23050.3

Error code: 0x80070050

Error description: The file exists. 

 

==================== Memory info =========================== 

 

BIOS: Dell Inc. A22 07/03/2018

Motherboard: Dell Inc. 0NKW6Y

Processor: Intel® Core™ i5-2400S CPU @ 2.50GHz

Percentage of memory in use: 47%

Total physical RAM: 8073.05 MB

Available physical RAM: 4263.5 MB

Total Virtual: 12681.05 MB

Available Virtual: 8943 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.21 GB) (Free:405.13 GB) (Model: TOSHIBA MQ01ACF050) NTFS

Drive d: (Nov 08 2021) (CDROM) (Total:4.37 GB) (Free:4.37 GB) UDF

 

\\?\Volume{000a8185-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

\\?\Volume{000a8185-0000-0000-0000-e05074000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 000A8185)

Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=508 MB) - (Type=27)

 

==================== End of Addition.txt =======================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[mx842]

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2023

Ran by Lin (08-12-2023 13:53:36)

Running from C:\Users\Lin\Desktop

Microsoft Windows 10 Home Version 22H2 19045.3758 (X64) (2021-10-27 11:11:40)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-1976587878-1381545113-1953759822-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1976587878-1381545113-1953759822-503 - Limited - Disabled)

Guest (S-1-5-21-1976587878-1381545113-1953759822-501 - Limited - Disabled)

Lin (S-1-5-21-1976587878-1381545113-1953759822-1003 - Administrator - Enabled) => C:\Users\Lin

WDAGUtilityAccount (S-1-5-21-1976587878-1381545113-1953759822-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )

Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - Canon Inc.)

Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )

Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )

Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

H&R Block Premium + Efile + State 2022 (HKLM-x32\...\{69654063-D165-4494-A83B-C09105247E97}) (Version: 22.07.8401 - HRB Technology, LLC.)

H&R Block Virginia 2022 (HKLM-x32\...\{23B574C3-3A54-4645-932F-C0D40268B5B8}) (Version: 1.22.4601 - H&R Block, Inc.)

LazyCam 3.00.2 (HKLM-x32\...\LazyCam 3.00.2) (Version: 3.00.2 - ArtSoft Inc.)

Mach3 (HKLM-x32\...\Mach3) (Version: 3.043.062 - ArtSoft USA)

Malwarebytes version 5.0.14.89 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.14.89 - Malwarebytes)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)

Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

 

Packages:

=========

HEIC Converter Pro -> C:\Program Files\WindowsApps\38526MediaLife.HeicConverterPro_1.0.3.0_neutral__1crh1k73ty8mg [2023-01-02] (Media Life)

HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-01] (Microsoft Corporation)

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-04] (Microsoft Corporation)

Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-06] (Microsoft Studios) [MS Ad]

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0 [2023-12-06] (Spotify AB) [Startup Task]

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2021-10-31 13:04 - 2011-08-04 13:49 - 000045056 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll

2021-10-31 13:02 - 2011-03-14 21:09 - 000067584 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\BJMyRes.dll

2021-10-31 13:02 - 2011-03-14 21:09 - 000136704 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\MyPrinter\cnmpu.dll

2021-10-31 13:04 - 2011-02-08 12:01 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

2022-01-05 17:29 - 2022-01-05 17:29 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80ENU.DLL

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

Toolbar: HKU\S-1-5-21-1976587878-1381545113-1953759822-1003 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1976587878-1381545113-1953759822-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Lin\Pictures\IMG_2046.jpeg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [TCP Query User{A0EE1F6F-88A8-4341-A2AB-216CE58164CA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [UDP Query User{8C58A3B2-5487-4ED9-B396-3A3701D4BC7F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [{5F44784E-9369-44CA-9D74-0F3CBBC9A909}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{4DB0C574-E56F-4042-B593-15CFF7E1DB7E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{2AEC85BD-902E-42B0-A52F-2E0A209D7BE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{E65A5D91-F9AF-4E98-9D3E-AE9EB33CD224}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{E6784E10-A097-4BB4-AAE5-EB2814E90343}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{DD512222-2BB1-49E7-BEF6-18091D930C4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{7F8E123D-B5C9-44CA-9214-3A1B19B2960C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{35F14039-686B-4164-A5BC-BFB8DEC742D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{32E0DC40-C688-49D0-B6CA-F52FF3132A25}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{926B33B2-A683-41F3-BB93-C0591E5F4156}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{E78A1666-631E-4A27-ADEF-4B13163FBF55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{706700D4-047C-4E5E-B98C-60DD6BC8EDC1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{1DE5311D-8ABD-4099-9E43-AD614F6BEDE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{30209692-2266-4B82-9F98-BBCCC65233E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{367B1359-5506-47E3-9A4E-5A0DA99DBC12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

 

==================== Restore Points =========================

 

25-11-2023 10:30:58 Scheduled Checkpoint

04-12-2023 14:15:34 Scheduled Checkpoint

06-12-2023 09:25:21 Windows Modules Installer

 

==================== Faulty Device Manager Devices ============

 

Name: PS/2 Compatible Mouse

Description: PS/2 Compatible Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (12/07/2023 08:07:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (12/07/2023 07:40:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (12/07/2023 07:24:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (12/07/2023 06:22:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on System Reserved because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (12/07/2023 05:57:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_stisvc, version: 10.0.19041.3636, time stamp: 0x122dc5a3

Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f

Exception code: 0xc0000008

Fault offset: 0x00000000000a0f3a

Faulting process id: 0x608

Faulting application start time: 0x01da2928c67aa7a8

Faulting application path: C:\Windows\system32\svchost.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 76ea7fd4-d399-4c32-9cfa-3a2bda07b97f

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/07/2023 11:31:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2

Faulting module name: WININET.dll, version: 11.0.19041.3636, time stamp: 0x5ccf5c78

Exception code: 0xc0000005

Fault offset: 0x00313a68

Faulting process id: 0x564

Faulting application start time: 0x01da292ad203baa0

Faulting application path: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

Faulting module path: C:\Windows\SYSTEM32\WININET.dll

Report Id: a4d88b6d-d3aa-423c-b1b0-fe9c42e86d41

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/07/2023 11:31:04 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.31.0, time stamp: 0x61e82da2

Faulting module name: WININET.dll, version: 11.0.19041.3636, time stamp: 0x5ccf5c78

Exception code: 0xc0000005

Fault offset: 0x00313a68

Faulting process id: 0xa90

Faulting application start time: 0x01da292ac24e2464

Faulting application path: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

Faulting module path: C:\Windows\SYSTEM32\WININET.dll

Report Id: 227709b8-b811-4652-8e27-1d89956e0674

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (12/07/2023 11:13:22 AM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

 

System errors:

=============

Error: (12/08/2023 09:27:35 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (12/08/2023 07:59:50 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 2:47:17 AM on ‎12/‎8/‎2023 was unexpected.

 

Error: (12/08/2023 03:10:04 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (12/07/2023 08:09:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (12/07/2023 05:58:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.403.79.0) - Current Channel (Broad).

 

Error: (12/07/2023 05:58:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/07/2023 02:55:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

 

Error: (12/07/2023 11:48:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

This driver has been blocked from loading

 

 

Windows Defender:

================

Date: 2023-12-07 12:07:02

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...92&enterprise=0

Name: PUABundler:Win32/YTDVideoDownload

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:\Users\Lin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

Security intelligence Version: AV: 1.403.92.0, AS: 1.403.92.0, NIS: 1.403.92.0

Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2

 

Date: 2023-12-07 11:20:00

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...92&enterprise=0

Name: PUABundler:Win32/YTDVideoDownload

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: Unknown

Security intelligence Version: AV: 1.403.92.0, AS: 1.403.92.0, NIS: 1.403.92.0

Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2

 

Date: 2023-12-07 10:34:53

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2023-12-06 14:04:14

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...92&enterprise=0

Name: PUABundler:Win32/YTDVideoDownload

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: C:\Users\Lin\Desktop\FRST64.exe

Security intelligence Version: AV: 1.403.43.0, AS: 1.403.43.0, NIS: 1.403.43.0

Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2

 

Date: 2023-12-06 10:17:17

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...92&enterprise=0

Name: PUABundler:Win32/YTDVideoDownload

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\Lin\Downloads\YTDSetup.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: Unknown

Security intelligence Version: AV: 1.403.30.0, AS: 1.403.30.0, NIS: 1.403.30.0

Engine Version: AM: 1.1.23110.2, NIS: 1.1.23110.2

Event[0]:

 

Date: 2023-12-08 13:05:44

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.

Security intelligence Attempted: Current

Error Code: 0x80501102

Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 

Security intelligence Version: 1.403.137.0;1.403.137.0

Engine Version: 1.1.23110.2

 

Date: 2023-11-27 12:42:18

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.401.1290.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.23100.2009

Error code: 0x80070102

Error description: The wait operation timed out. 

 

Date: 2023-06-14 09:03:23

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.391.1305.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.23050.3

Error code: 0x80070050

Error description: The file exists. 

 

==================== Memory info =========================== 

 

BIOS: Dell Inc. A22 07/03/2018

Motherboard: Dell Inc. 0NKW6Y

Processor: Intel® Core™ i5-2400S CPU @ 2.50GHz

Percentage of memory in use: 47%

Total physical RAM: 8073.05 MB

Available physical RAM: 4263.5 MB

Total Virtual: 12681.05 MB

Available Virtual: 8943 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.21 GB) (Free:405.13 GB) (Model: TOSHIBA MQ01ACF050) NTFS

Drive d: (Nov 08 2021) (CDROM) (Total:4.37 GB) (Free:4.37 GB) UDF

 

\\?\Volume{000a8185-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

\\?\Volume{000a8185-0000-0000-0000-e05074000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 000A8185)

Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=508 MB) - (Type=27)

 

==================== End of Addition.txt =======================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[mx842]

The computer seems to be running ok. I did have one issue this morning when I tried to wake up the computer it wouldn't wake up until I re-booted the machine.

I haven't really done much on it today other than work on this thread but while on it I don't think the tab bar has shut down but one time.

My main effort here is to figure out how to keep people from using my credit cards. They got me for a little over $5400.00 on my credit and debit card. Hopefully I'll get it back one day. They were picking the money out of my pay pal account. They tried to get another $4755.00 but USAA put a stop to that.

So far, I have changed the passwords on my pay pal, e-bay e-mail provider, and they have a hold on all my accounts until I can get this sorted out. I've got to figure out a way to keep this from happening. I'm pretty sure this happened one day last week when I downloaded an equipment manual online. I have used that site before a few times with no problems.

Oh, I won't be around until Monday, but I'll check in if I get a chance.

Edited by mx842, 08 December 2023 - 01:41 PM.

[DR M]

Hello.

 

I attached the logs you posted, since, as I told you, it's much easier for me to review them that way.

 

 

My main effort here is to figure out how to keep people from using my credit cards. They got me for a little over $5400.00 on my credit and debit card. Hopefully I'll get it back one day. They were picking the money out of my pay pal account. They tried to get another $4755.00 but USAA put a stop to that.

 

So far, I have changed the passwords on my pay pal, e-bay e-mail provider, and they have a hold on all my accounts until I can get this sorted out. I've got to figure out a way to keep this from happening. I'm pretty sure this happened one day last week when I downloaded an equipment manual online.

 

The most important thing, when something like this happens, is to change ALL your account passwords (bank accounts, Paypal accounts, email accounts etc.) from a clean system. And of course, be careful about the sites you visit, the links you click on, the things you download.

 

I'll need some time to review your fresh logs.

 

Have a nice weekend. 

 

Attached Files

•  FRST.TXT   21.22KB   53 downloads
•  ADDITION.TXT   22.85KB   54 downloads

[DR M]

Your logs are clean now.
 
However, Windows Defender is disabled. Let's enable it.
 
1. Change a Malwarebytes Setting

• Open Malwarebytes.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

 

 

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

 

In your next reply please post:

1. If you successfully changed the Malwarebytes setting
2. The fixlog.txt

[mx842]

I removed this cut and paste and added an attachment below.

Edited by mx842, 11 December 2023 - 12:52 PM.

[mx842]

Going back and looking in security it looks like defender is still disabled.

[mx842]

Sorry

Attached Files

•  Fixlog.txt   46.75KB   60 downloads

[DR M]

Can you please take a screenshot of what you see at the Security window and attach it in your next reply? 

[mx842]

this is what I get when I click on Malwarebytes

[DR M]

And you mean that you didn't change the setting I ask you to change here (step 1)? 

[mx842]

I did all accept the middle one I couldn't find it.

[DR M]

Let me see what you see when you click on Malwarebytes settings (the little gear at the left).

[mx842]

 

 

 

[DR M]

The updated Malwarebytes has a different environment indeed.

 

Click on Protection. What do you get?