Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Supper slow computer windows 10 virus [Solved]

virus windows 10 slow

  • This topic is locked This topic is locked

#1
daniel.karakas

daniel.karakas

    Member

  • Member
  • PipPipPip
  • 146 posts

Windows10 home 64 bit

 

 

Computer extremely slow. Pages in chrome take forever to load or respond. 

 

Moving from tab to tab in chrome also takes a long time, and the loading circle comes up for more than a minute. sometimes get a black chrome screen. if I click on a youtube link for example, video takes a long time to load, not an internet problem but a chrome or OS/virus problem. 

 

Moving from one software to another takes a long time. Recently downloaded and installed game could be source of virus. I have uninstalled game and other programs been slow since. 

 

defenders keeps showing: pua:win32/asktoolbar

 

Pls help, thx!!

 

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2023

Ran by karakas (administrator) on DESKTOP-8ID5J9T (Acer Aspire TC-710) (06-12-2023 08:25:19)
Running from C:\Users\karakas\Desktop\FRST64.exe
Loaded Profiles: karakas
Platform: Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Acer\Acer Drive\AcerDriveTray.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveUI.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\karakas\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveTray.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21752.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21752.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21752.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\karakas\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2310.8.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2017-03-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [738936 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [MicrosoftEdgeAutoLaunch_8B6B36A51FDD9942B0BDEE33C0F85C3E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3896768 2023-11-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\karakas\AppData\Local\Microsoft\Teams\Update.exe [2588520 2023-09-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\MountPoints2: {6634c3aa-f170-11ec-9ed8-08d40c635faf} - "D:\WD SmartWare.exe" autoplay=true
HKLM\...\Windows x64\Print Processors\BJ Print Processor3: C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL [83968 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor3_2: C:\WINDOWS\system32\CNBLM3_2.DLL [211456 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON Stylus Photo RX580 Series 64MonitorBA: C:\WINDOWS\system32\E_ILMBPA.DLL [108032 2007-12-07] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-11-30] (Google LLC -> Google LLC)
Startup: C:\Users\karakas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2023-05-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {AE9BD731-6303-410F-B03B-9627E90E1568} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CD0ADC46-47D6-4774-B015-E1BFE02DC827} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2017-09-28] (Acer Incorporated -> )
Task: {6AC1DEB2-2B42-4C76-B7DB-5B7EE575E321} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2018-05-28] (Acer Incorporated -> )
Task: {837718D0-6BCE-4E65-A298-15DA87587329} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [40288 2015-07-10] (Acer Incorporated -> )
Task: {E9580651-3556-4C9A-9092-BF1A5BB3928C} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4696880 2018-05-28] (Acer Incorporated -> )
Task: {5463DF05-0E05-4FD8-9957-F2C1619C03FD} - System32\Tasks\AcerDriveProxyLauncher => C:\Program Files (x86)\Acer\Acer Drive\AcerDriveProxy.exe [2290016 2015-09-30] (Acer Incorporated -> Acer Incorporated)
Task: {B2B8F184-B0B2-48EE-8BBF-31D335878E08} - System32\Tasks\AcerDriveTrayLauncher => C:\Program Files (x86)\Acer\Acer Drive\AcerDriveTray.exe [598880 2015-09-30] (Acer Incorporated -> Acer Incorporated)
Task: {E3374CC1-4996-4843-A850-902265C1B8BC} - System32\Tasks\AcerDriveUpdateChecker => C:\Program Files (x86)\Acer\Acer Drive\CheckUpdate.exe [24416 2015-08-05] (Acer Incorporated -> Acer Incorporated)
Task: {39D48088-4082-41BA-B7C5-30B6D3BC5A29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {27366E41-74DE-4BDC-8148-F74F473917A1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [1281024 2017-09-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E7BD4E4F-A6E1-4CCE-92E9-01108211C9A9} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65824 2017-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {FA2B11B5-3F7A-4888-84E6-60623353EB5B} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [30976 2015-05-13] (Acer Incorporated -> )
Task: {7DD2F012-EB25-407E-B920-B80907B89D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-09] (Google LLC -> Google LLC)
Task: {91B66BFE-20BF-4292-8902-4AC1791B90D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-09] (Google LLC -> Google LLC)
Task: {E4D17F79-A08D-4215-A436-011395244421} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C23B727-CF52-4434-8F6A-6385A38E9FB6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {58DF8BBB-2396-4480-8887-B94406D26817} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {21F2B7DC-B7D4-4008-94FA-CB554A0D46C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {84D23F7D-4239-4982-A34F-0396F76391F0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
Task: {0414E387-E2BF-47C2-A4F0-4802B32C0539} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {16A0AA89-FBA5-4398-A3B0-DE77F5F443C9} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [379232 2015-07-17] (Acer Incorporated -> Acer Incorporated)
Task: {CF89C499-6DD1-4ABC-A8D4-C5A07BB4D41E} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-10] (Acer Incorporated -> Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{26ee6f90-3278-42b1-9877-54b81bdb78da}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{486657a2-4b8f-46dc-ba15-ddc9d9f2b981}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a26cefaa-f6ff-448f-9018-4ef6bcfb773d}: [DhcpNameServer] 45.44.103.26 45.44.103.27
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-04]
Edge Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-04]
Edge Extension: (Edge relevant text changes) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-30]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: 1wh4cpt7.default
FF ProfilePath: C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default [2022-01-08]
FF Homepage: Mozilla\Firefox\Profiles\1wh4cpt7.default -> www.google.com
FF Extension: (Avira Browser Safety) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-01-10] [UpdateUrl:hxxps://download.avira.com/package/abs/firefox/update-webext.rdf]
FF Extension: (Dashlane) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2021-05-24] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (English (US) Language Pack) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2021-05-24]
FF Extension: (Avira Password Manager) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-03-19] [UpdateUrl:hxxps://s3.eu-central-1.amazonaws.com/avira-pwm-extensions/update.rdf]
FF Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-04-18] [UpdateUrl:hxxps://package.avira.com/package/safesearch/firefox/update-plus2.rdf]
FF Extension: (Acer Locale Fix) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\features\{9917c7b2-023d-4dcd-b634-a2a6730e6935}\[email protected] [2018-05-08] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2021-05-24] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-11-14] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Plugin: @java.com/DTPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default [2023-12-06]
CHR DownloadDir: C:\Users\karakas\Downloads
CHR Notifications: Default -> hxxps://teams.microsoft.com
CHR Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-05-09]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5 [2023-03-03]
CHR Extension: (Foxit PDF Creator) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-03-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-03-03]
CHR Extension: (NordVPN - VPN Proxy for Privacy and Security) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2023-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-13]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-03-03]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2022-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-13]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6 [2023-03-20]
CHR Extension: (Foxit PDF Creator) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-03-20]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-03-20]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2022-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-11]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-23]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
CHR HKU\S-1-5-21-1880840183-2522925994-863313883-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fjoaledfpmneenckfbpdfhkmimnjocfa]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
 
Opera: 
=======
OPR Profile: C:\Users\karakas\AppData\Roaming\Opera Software\Opera Stable [2020-05-20]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
S4 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2122432 2022-12-13] (GameHouse Europe B.V. -> GameHouse)
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Incorporated -> Foxit Software Inc.)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
S4 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe [495240 2018-07-26] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-11-09] (Malwarebytes Inc. -> Malwarebytes)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [320088 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
S4 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-17] (Acer Incorporated -> Acer Incorporated)
S2 secureboot; C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe [699259556 2023-11-16] () [File not signed]
S4 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-26] (Acer Incorporated -> acer)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2021-09-14] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [154112 2021-10-12] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222800 2023-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl9342eb5a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37D19BBB-FA0E-4994-8586-7CE1735D9D0F}\MpKslDrv.sys [263560 2023-12-05] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\7.15.6.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2021-01-31] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-02-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-06 08:25 - 2023-12-06 08:38 - 000029139 _____ C:\Users\karakas\Desktop\FRST.txt
2023-12-06 08:20 - 2023-12-06 08:21 - 000136153 _____ C:\Users\karakas\AppData\Local\Temp\d379a597-9795-432b-9d5f-2a0763603535.tmp
2023-12-06 08:19 - 2023-12-06 08:22 - 000011408 _____ C:\Users\karakas\Downloads\RPG0046167.xlsx
2023-12-06 08:19 - 2023-12-06 08:20 - 006573004 _____ C:\Users\karakas\AppData\Local\Temp\21d734da-2ccf-41b2-b0cc-f1af4c8b2d1a.tmp
2023-12-06 08:18 - 2023-12-06 08:49 - 000322002 _____ C:\Users\karakas\AppData\Local\Temp\c07d3873-052b-4855-80e2-c9285a9824aa.tmp
2023-12-06 08:18 - 2023-12-06 08:22 - 000670570 _____ C:\Users\karakas\AppData\Local\Temp\8f5985b2-1f09-4e4f-b23c-2169819cad8a.tmp
2023-12-06 08:18 - 2023-12-06 08:19 - 000042509 _____ C:\Users\karakas\AppData\Local\Temp\a6a5ec79-4204-454c-b603-1406a39e16e8.tmp
2023-12-06 08:18 - 2023-12-06 08:19 - 000003121 _____ C:\Users\karakas\AppData\Local\Temp\003c5110-e5c9-4868-9516-5e800dcc5def.tmp
2023-12-06 08:17 - 2023-12-06 08:20 - 011140044 _____ C:\Users\karakas\AppData\Local\Temp\5e7620b5-0037-4b57-9a25-46ba0ebd3fc1.tmp
2023-12-06 08:17 - 2023-12-06 08:19 - 004403445 _____ C:\Users\karakas\AppData\Local\Temp\d5ebbeae-ff93-475d-ac34-c7ecd97fe42f.tmp
2023-12-06 07:55 - 2023-12-06 07:55 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\chrome_BITS_291492_191161906
2023-12-06 07:55 - 2023-12-06 07:55 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\chrome_BITS_291492_1608206140
2023-12-05 17:40 - 2023-12-05 17:40 - 000075809 _____ C:\Users\karakas\AppData\Local\Temp\wctC68F.tmp
2023-12-05 17:40 - 2023-12-05 17:40 - 000075809 _____ C:\Users\karakas\AppData\Local\Temp\wct78CD.tmp
2023-12-05 17:05 - 2023-12-05 17:05 - 000075809 _____ C:\Users\karakas\AppData\Local\Temp\wctA675.tmp
2023-12-05 16:35 - 2023-12-05 17:25 - 008137031 _____ C:\Users\karakas\AppData\Local\Temp\SAU{06~1.zmdownload
2023-12-05 16:35 - 2023-12-05 16:35 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\SAU{C74980C0-F278-42E3-BAD3-C336E824FAE0}
2023-12-05 16:35 - 2023-12-05 16:35 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\SAU{06C10877-9ABD-418D-8616-096A03D505A9}
2023-12-05 16:31 - 2023-12-05 16:33 - 000137024 _____ (Zoom Video Communications, Inc.) C:\Users\karakas\Downloads\Zoom_cm_f5beMkykfw4Z9vvrZo4_m6j+S7bZR6dpsDv2HF+rOn7RcQA4pat+dcVeT@ZQEFHFVM0mADnY6g_kf85b995e6a56650d_.exe
2023-12-05 16:24 - 2023-12-05 16:36 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\chrome_BITS_77960_350350272
2023-12-05 15:10 - 2023-12-05 15:10 - 000075809 _____ C:\Users\karakas\AppData\Local\Temp\wct5538.tmp
2023-12-05 13:07 - 2023-12-05 13:07 - 000000000 ____D C:\Users\karakas\Desktop\FRST-OlderVersion
2023-12-05 13:04 - 2023-12-05 13:07 - 002384384 _____ (Farbar) C:\Users\karakas\Desktop\FRST64.exe
2023-12-05 01:17 - 2023-12-05 01:17 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\chrome_BITS_20300_584129327
2023-12-04 18:10 - 2023-12-04 18:10 - 000075804 _____ C:\Users\karakas\AppData\Local\Temp\wctB0B3.tmp
2023-12-04 18:10 - 2023-12-04 18:10 - 000075804 _____ C:\Users\karakas\AppData\Local\Temp\wct8629.tmp
2023-12-04 17:05 - 2023-12-04 17:05 - 000075804 _____ C:\Users\karakas\AppData\Local\Temp\wctA159.tmp
2023-12-04 16:57 - 2023-12-04 16:57 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\chrome_BITS_11252_98203128
2023-12-04 15:10 - 2023-12-04 15:10 - 000075804 _____ C:\Users\karakas\AppData\Local\Temp\wctFCEB.tmp
2023-12-04 14:24 - 2023-12-04 14:24 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\edge_BITS_45960_1836659051
2023-12-04 13:24 - 2023-12-04 13:24 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\edge_BITS_33116_599184502
2023-12-04 13:08 - 2023-12-04 13:08 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\msedge_url_fetcher_17820_65457970
2023-12-04 13:08 - 2023-12-04 13:08 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\edge_BITS_17820_411718540
2023-12-04 13:08 - 2023-12-04 13:08 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\edge_BITS_17820_1850698785
2023-12-04 11:44 - 2023-12-04 11:44 - 001598243 _____ C:\Users\karakas\AppData\Local\Temp\36839647-1a53-4d73-a11f-8cd14200c971.tmp
2023-12-04 11:44 - 2023-12-04 11:44 - 000308390 _____ C:\Users\karakas\AppData\Local\Temp\15145b09-eebb-43b9-99a4-85b95ccf3f1b.tmp
2023-12-04 11:44 - 2023-12-04 11:44 - 000039828 _____ C:\Users\karakas\AppData\Local\Temp\c63f9dd3-b3f7-4fa3-b967-d458c3aefb19.tmp
2023-12-04 11:44 - 2023-12-04 11:44 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\5af01d76-c49f-4068-8f9e-4b51cd4b5acb.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000024548 _____ C:\Users\karakas\AppData\Local\Temp\19d08cc3-a343-4fa7-96dd-cd41f3bf11a6.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000013270 _____ C:\Users\karakas\AppData\Local\Temp\a9dc7294-f8c7-4ce4-879a-348b4051030b.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\f9dcc848-14c3-4bc7-af0f-08bfc8b0e6a0.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\b7b754c0-b58a-479d-849e-3a18b6409106.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\b54d8b25-20e6-4dbd-9084-085e02b03caf.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\a8d4a1a0-f096-4e6e-9f92-2aaa97cf40a0.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\a42ecf6a-a850-4a05-8c67-9b5f067e5403.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\8a8d8955-1047-4a94-aa87-7aa21e143bed.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\6489d903-bb5f-4856-9103-433b96b20290.tmp
2023-12-04 11:43 - 2023-12-04 11:43 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\3bebf599-9398-48fb-a7d8-ae7743c7ed6f.tmp
2023-12-04 11:42 - 2023-12-04 11:42 - 004003313 _____ C:\Users\karakas\AppData\Local\Temp\69f3ede0-69a4-47c7-9847-75aa2137a884.tmp
2023-12-04 11:42 - 2023-12-04 11:42 - 002882536 _____ C:\Users\karakas\AppData\Local\Temp\f81b00c1-6fb1-4d73-af49-6c0ea16dee10.tmp
2023-12-04 11:42 - 2023-12-04 11:42 - 000464817 _____ C:\Users\karakas\AppData\Local\Temp\13e7e8d7-ffff-4bbb-a2db-f088fbf835a3.tmp
2023-12-04 11:39 - 2023-12-04 11:39 - 000097181 _____ C:\Users\karakas\AppData\Local\Temp\7cfed7f8-bbef-434e-9eb3-8f5c32d0136f.tmp
2023-12-04 11:39 - 2023-12-04 11:39 - 000003231 _____ C:\Users\karakas\AppData\Local\Temp\39e8412c-2049-4fd6-b36d-c0653ff1c624.tmp
2023-12-04 11:36 - 2023-12-04 11:36 - 008585393 _____ C:\Users\karakas\AppData\Local\Temp\71298200-d24e-44f7-ab97-9033da767943.tmp
2023-12-04 11:36 - 2023-12-04 11:36 - 002213059 _____ C:\Users\karakas\AppData\Local\Temp\f0897007-68fc-4648-af42-c0b29acbee92.tmp
2023-12-04 11:36 - 2023-12-04 11:36 - 002101697 _____ C:\Users\karakas\AppData\Local\Temp\fdc20711-a8b2-4915-b10f-9026529e7dac.tmp
2023-12-04 11:35 - 2023-12-04 11:35 - 002339664 _____ C:\Users\karakas\AppData\Local\Temp\d3f8e28f-4287-4825-bc5d-a0485abc25a7.tmp
2023-12-04 11:29 - 2023-12-04 11:29 - 000129346 _____ C:\Users\karakas\AppData\Local\Temp\24f93041-f316-4965-b585-474177530dcf.tmp
2023-12-04 11:29 - 2023-12-04 11:29 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\5afd7761-9557-446d-b03a-293931849452.tmp
2023-12-04 11:29 - 2023-12-04 11:29 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\405e364a-5e0a-40ac-8828-c46f42802cbb.tmp
2023-12-04 11:28 - 2023-12-04 11:28 - 003418312 _____ C:\Users\karakas\AppData\Local\Temp\472b5782-3074-461e-98c2-99ae0c426906.tmp
2023-12-04 11:11 - 2023-12-04 11:11 - 004792503 _____ C:\Users\karakas\AppData\Local\Temp\50a5bcf3-8d53-4ebf-9a86-9d48027726e3.tmp
2023-12-04 11:11 - 2023-12-04 11:11 - 000959306 _____ C:\Users\karakas\AppData\Local\Temp\92afc27a-040f-4323-a9c0-b015e4ab154b.tmp
2023-12-04 10:51 - 2023-12-04 10:51 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\chrome_BITS_14736_1130276990
2023-12-04 09:59 - 2023-12-04 09:59 - 000000512 ____T C:\Users\karakas\AppData\Local\Temp\~DF713AE05DAD4D44A1.TMP
2023-12-04 09:47 - 2023-12-04 09:47 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\fox1AFE.tmp
2023-12-04 09:47 - 2023-12-04 09:47 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\fox1ABF.tmp
2023-12-04 08:08 - 2023-12-04 11:06 - 004605884 _____ C:\Users\karakas\AppData\Local\Temp\9eb1ba00-3b1f-4d51-bc19-b73ac9a4b847.tmp
2023-12-04 08:08 - 2023-12-04 08:08 - 000044488 _____ C:\Users\karakas\AppData\Local\Temp\24164724-f27e-4717-a795-244b82b1c7e0.tmp
2023-12-04 07:34 - 2023-12-04 07:34 - 011612553 _____ C:\Users\karakas\AppData\Local\Temp\bfd05f8b-5660-490c-af35-83b9c96bdcd0.tmp
2023-12-03 20:20 - 2023-12-03 20:20 - 003346757 _____ C:\Users\karakas\AppData\Local\Temp\6f3e7235-23d3-4122-9d7c-a240ebd29d13.tmp
2023-12-03 20:20 - 2023-12-03 20:20 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\99bde4e8-91e7-40d2-8b85-e45b033d04c3.tmp
2023-12-03 20:02 - 2023-12-03 20:02 - 000000512 ____T C:\Users\karakas\AppData\Local\Temp\~DFFCC3DA4F1EB5C860.TMP
2023-12-03 20:01 - 2023-12-03 20:01 - 000000134 _____ C:\Users\karakas\AppData\Local\Temp\2324406.od
2023-12-03 20:01 - 2023-12-03 20:01 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\CVR77B6.tmp.cvr
2023-12-03 19:50 - 2023-12-03 19:50 - 001677962 _____ C:\Users\karakas\AppData\Local\Temp\dd9d1328-dd15-450b-a648-96bfc501afa0.tmp
2023-12-03 19:50 - 2023-12-03 19:50 - 001031387 _____ C:\Users\karakas\AppData\Local\Temp\a15f38d6-43f9-4289-9233-e73bb9fe237e.tmp
2023-12-03 19:21 - 2023-12-03 19:21 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\f69772c3-e6b6-4d7e-ac2b-c467402b6130.tmp
2023-12-03 19:19 - 2023-12-03 19:19 - 000097181 _____ C:\Users\karakas\AppData\Local\Temp\20d7cff9-8bd7-4769-86e1-759e97525b38.tmp
2023-12-03 19:19 - 2023-12-03 19:19 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\683335be-dc85-47ae-b583-1788689075f0.tmp
2023-12-03 19:11 - 2023-12-03 19:11 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\dfe4a060-d2fe-4716-814e-965dea973cda.tmp
2023-12-03 19:10 - 2023-12-03 19:10 - 000161831 _____ C:\Users\karakas\AppData\Local\Temp\0143f148-2af8-46d7-b7ad-d7939135ae16.tmp
2023-12-03 19:06 - 2023-12-03 19:06 - 000073621 _____ C:\Users\karakas\AppData\Local\Temp\5d4dd8cc-78c8-492a-b969-a6c54381cc8f.tmp
2023-12-03 18:59 - 2023-12-03 18:59 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\a5937bd9-790d-4e47-89d6-99288e780264.tmp
2023-12-03 18:59 - 2023-12-03 18:59 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\53e2f194-ff9e-4110-bcfe-62d256ad4512.tmp
2023-12-03 18:59 - 2023-12-03 18:59 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\0f99bc5a-1186-4dbe-aa41-120978a24646.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 012704306 _____ C:\Users\karakas\AppData\Local\Temp\0808dc92-1390-42e8-8bd0-96f097a31fde.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 002410682 _____ C:\Users\karakas\AppData\Local\Temp\7a9c9226-4174-4629-b825-681adafdbd69.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 001430276 _____ C:\Users\karakas\AppData\Local\Temp\f946dfb3-2a1c-4a0a-b59f-9e2381beb8cf.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000865335 _____ C:\Users\karakas\AppData\Local\Temp\be991eb8-2dbd-4664-8c34-8f6d15e923ca.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000314223 _____ C:\Users\karakas\AppData\Local\Temp\67415adb-3629-470c-a981-6a13394c62e5.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000201841 _____ C:\Users\karakas\AppData\Local\Temp\55998f1d-9ef5-4899-8474-a277c0e466e5.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000013270 _____ C:\Users\karakas\AppData\Local\Temp\787df443-8557-4b37-be2d-04a2be88a0fd.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000004048 _____ C:\Users\karakas\AppData\Local\Temp\c52a1045-5444-430c-8aec-f87ff407a4d4.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\fda37caf-caca-45d5-a234-928aa7968447.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\fb9c5934-49d0-4f03-bcea-969f86269a9d.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\8b33c08b-d22b-4e35-b915-6470d31f1159.tmp
2023-12-03 18:57 - 2023-12-03 18:57 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\243ae047-6e22-406d-b9a8-cacd29e6d977.tmp
2023-12-03 18:55 - 2023-12-03 18:55 - 009351781 _____ C:\Users\karakas\AppData\Local\Temp\78f936d9-0554-4486-8a07-f8c74d8f0a35.tmp
2023-12-03 18:55 - 2023-12-03 18:55 - 000358821 _____ C:\Users\karakas\AppData\Local\Temp\70552ec9-eef3-46ab-aab4-2b0d8a006818.tmp
2023-12-03 17:34 - 2023-12-03 17:34 - 010458608 _____ C:\Users\karakas\AppData\Local\Temp\bcf83762-3849-428f-a4e1-687bfbb284ea.tmp
2023-12-03 17:05 - 2023-12-03 17:05 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct8583.tmp
2023-12-03 16:48 - 2023-12-03 16:48 - 010692618 _____ C:\Users\karakas\AppData\Local\Temp\33eceef2-53fe-4026-90d9-7d0138aa3ac0.tmp
2023-12-03 16:10 - 2023-12-03 16:10 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctDEA4.tmp
2023-12-03 16:10 - 2023-12-03 16:10 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctB409.tmp
2023-12-03 16:08 - 2023-12-03 16:08 - 001778365 _____ C:\Users\karakas\AppData\Local\Temp\f7747cfe-7b6a-408a-b1f6-cf026eef976c.tmp
2023-12-03 15:57 - 2023-12-03 15:57 - 000072709 _____ C:\Users\karakas\AppData\Local\Temp\dcfc11c9-de53-4b70-93e3-d0165074ff25.tmp
2023-12-03 15:57 - 2023-12-03 15:57 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\eab40a30-7dfc-4c2b-b9e4-ffdcd9e8353e.tmp
2023-12-03 15:57 - 2023-12-03 15:57 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\5099bfb7-5b60-44f0-b295-762b84d8caec.tmp
2023-12-03 15:57 - 2023-12-03 15:57 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\282e36da-9697-412c-8ec2-d25f5c4b030b.tmp
2023-12-03 15:57 - 2023-12-03 15:57 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\088c69bb-72f1-4768-a6db-eebd68331d20.tmp
2023-12-03 15:55 - 2023-12-03 15:55 - 000340408 _____ C:\Users\karakas\AppData\Local\Temp\9250b3e5-73df-45bb-b27f-0edba0099faf.tmp
2023-12-03 15:49 - 2023-12-03 15:49 - 000055588 _____ C:\Users\karakas\AppData\Local\Temp\0c6629cf-ee3c-41de-bfbe-d79c4615a12a.tmp
2023-12-03 15:47 - 2023-12-03 15:47 - 002525977 _____ C:\Users\karakas\AppData\Local\Temp\d7ece95e-fe6a-447e-8bc3-094219ab4859.tmp
2023-12-03 15:47 - 2023-12-03 15:47 - 001661574 _____ C:\Users\karakas\AppData\Local\Temp\6a110afb-c46c-4810-89c1-87f5d77f9550.tmp
2023-12-03 15:47 - 2023-12-03 15:47 - 000486636 _____ C:\Users\karakas\AppData\Local\Temp\e42f5916-f17f-4d9e-a45c-07c46198c7f8.tmp
2023-12-03 15:47 - 2023-12-03 15:47 - 000461930 _____ C:\Users\karakas\AppData\Local\Temp\b36c944b-46fc-449c-a34c-de1b50397ff3.tmp
2023-12-03 15:47 - 2023-12-03 15:47 - 000035990 _____ C:\Users\karakas\AppData\Local\Temp\6e7c88ec-4b56-460b-8251-12946df7c125.tmp
2023-12-03 15:47 - 2023-12-03 15:47 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\ef51a0f3-63fe-4bd5-996b-6bceb756f5c6.tmp
2023-12-03 15:41 - 2023-12-03 15:41 - 000013270 _____ C:\Users\karakas\AppData\Local\Temp\6ce8b049-2b29-4b0c-93c4-87a555c59e05.tmp
2023-12-03 15:41 - 2023-12-03 15:41 - 000005589 _____ C:\Users\karakas\AppData\Local\Temp\1fc4b4f9-3022-4464-8163-482a60830e50.tmp
2023-12-03 15:41 - 2023-12-03 15:41 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\c05b13c3-b836-46c7-919b-530f00a7266c.tmp
2023-12-03 15:41 - 2023-12-03 15:41 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\8220e0be-4cde-4a68-8414-479e669e8171.tmp
2023-12-03 15:41 - 2023-12-03 15:41 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\60d99e34-8667-48d7-8455-7baaf60241b6.tmp
2023-12-03 15:41 - 2023-12-03 15:41 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\23bea558-ccad-4b57-9b41-e2ecc4817888.tmp
2023-12-03 15:41 - 2023-12-03 15:41 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\0c05ae4f-0c8c-465d-a6f0-7daa6f153bc0.tmp
2023-12-03 15:40 - 2023-12-03 15:40 - 004907402 _____ C:\Users\karakas\AppData\Local\Temp\797e7341-9601-4938-a2dc-13d96a00f90a.tmp
2023-12-03 15:40 - 2023-12-03 15:40 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\37a36344-ee24-4a46-99d8-c4939fa8af03.tmp
2023-12-03 15:40 - 2023-12-03 15:40 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\171ac660-5f5b-4935-a742-56270bffdffa.tmp
2023-12-03 15:11 - 2023-12-03 15:11 - 011023802 _____ C:\Users\karakas\AppData\Local\Temp\846b2720-cbff-4055-bde7-d114457a7952.tmp
2023-12-03 15:10 - 2023-12-03 15:10 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct679.tmp
2023-12-03 12:38 - 2023-12-03 12:39 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\chrome_BITS_6312_282768741
2023-12-03 08:33 - 2023-12-03 08:33 - 000000512 ____T C:\Users\karakas\AppData\Local\Temp\~DF0C11894869A6E60B.TMP
2023-12-03 08:13 - 2023-12-03 08:13 - 000000134 _____ C:\Users\karakas\AppData\Local\Temp\2385703.od
2023-12-03 08:13 - 2023-12-03 08:13 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\CVR6707.tmp.cvr
2023-12-03 07:37 - 2023-12-03 08:53 - 000412490 _____ C:\Users\karakas\AppData\Local\Temp\e2753a1a-06c8-4788-bb77-2c3a908ae4de.tmp
2023-12-03 00:18 - 2023-12-05 11:29 - 000006830 _____ C:\Users\karakas\AppData\Local\Temp\au-descriptor-1.8.0_391-b13.xml
2023-12-02 19:39 - 2023-12-02 19:39 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\2b8e353f-98d4-4038-bb9b-b659c3cd6910.tmp
2023-12-02 18:40 - 2023-12-02 18:40 - 000270910 _____ C:\Users\karakas\AppData\Local\Temp\0ecdf40a-1fe2-48b2-93ac-a7ee970dd1dd.tmp
2023-12-02 17:05 - 2023-12-02 17:05 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct6680.tmp
2023-12-02 16:39 - 2023-12-02 16:49 - 001497468 _____ C:\WINDOWS\Minidump\120223-55562-01.dmp
2023-12-02 16:00 - 2023-12-02 16:00 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct3713.tmp
2023-12-02 15:10 - 2023-12-02 15:10 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct4BA1.tmp
2023-12-02 07:05 - 2023-12-02 07:05 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\3E1C3F8A-6529-4BEE-BF56-0999A7C229ED
2023-12-01 17:05 - 2023-12-01 17:05 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctF8C0.tmp
2023-12-01 16:05 - 2023-12-01 16:05 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctC7B9.tmp
2023-12-01 16:00 - 2023-12-01 16:00 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctA491.tmp
2023-12-01 15:10 - 2023-12-01 15:10 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctDACE.tmp
2023-12-01 12:30 - 2023-12-01 12:30 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\fox41CF.tmp
2023-12-01 12:30 - 2023-12-01 12:30 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\fox41CE.tmp
2023-12-01 10:28 - 2023-12-01 10:28 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\{DD8C1726-C442-4246-834E-6FE33EB62156}
2023-12-01 09:43 - 2023-12-01 09:45 - 000000000 ____D C:\Program Files\Guilty Pleasure
2023-11-30 23:39 - 2023-11-30 23:39 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\.qBittorrent
2023-11-30 23:32 - 2023-11-30 23:33 - 000143496 _____ C:\Users\karakas\AppData\Local\Temp\Setup Log 2023-11-30 #001.txt
2023-11-30 23:32 - 2023-11-30 23:33 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\is-JLP2E.tmp
2023-11-30 22:28 - 2023-11-30 22:28 - 003190292 _____ C:\Users\karakas\AppData\Local\Temp\0e793ef9-abf4-4753-9841-0b1a28cd2dd2.tmp
2023-11-30 22:28 - 2023-11-30 22:28 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\a518169f-d5d1-4386-92e2-49abc087baf3.tmp
2023-11-30 18:55 - 2023-11-30 18:55 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct5807.tmp
2023-11-30 18:55 - 2023-11-30 18:55 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct351E.tmp
2023-11-30 17:05 - 2023-11-30 17:05 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct4F9A.tmp
2023-11-30 15:10 - 2023-11-30 15:10 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct18EE.tmp
2023-11-29 22:24 - 2023-11-30 11:19 - 000016253 _____ C:\Users\karakas\Downloads\RPG0046053.xlsx
2023-11-29 17:05 - 2023-11-29 17:05 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctCE88.tmp
2023-11-29 17:05 - 2023-11-29 17:05 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctADB2.tmp
2023-11-29 17:00 - 2023-11-29 17:00 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wctD156.tmp
2023-11-29 15:10 - 2023-11-29 15:10 - 000075754 _____ C:\Users\karakas\AppData\Local\Temp\wct82BE.tmp
2023-11-29 12:25 - 2023-11-29 12:25 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\bbd20d6a-9dd3-4c72-a43c-b6d2cc867e43.tmp
2023-11-29 12:25 - 2023-11-29 12:25 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\22faed3a-169a-43d5-9e14-78c0c27c267b.tmp
2023-11-29 11:53 - 2023-11-29 11:53 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\f2734ced-d6a5-4c4d-aa29-b03972cf2d72.tmp
2023-11-29 11:38 - 2023-11-29 11:38 - 000000512 ____T C:\Users\karakas\AppData\Local\Temp\~DFF9788CEAFD46F0D9.TMP
2023-11-29 09:54 - 2023-11-29 09:54 - 014370512 _____ C:\Users\karakas\AppData\Local\Temp\23f5d7c6-b173-4ae0-bbd2-3ef07653f550.tmp
2023-11-29 09:54 - 2023-11-29 09:54 - 000109018 _____ C:\Users\karakas\AppData\Local\Temp\6e2fc62f-e45f-4bfd-b326-dbd8b6f9bff4.tmp
2023-11-29 09:42 - 2023-11-29 09:42 - 000000134 _____ C:\Users\karakas\AppData\Local\Temp\955046.od
2023-11-29 09:42 - 2023-11-29 09:42 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\CVR92A6.tmp.cvr
2023-11-29 09:39 - 2023-11-29 09:39 - 010966905 _____ C:\Users\karakas\AppData\Local\Temp\a1b4b388-4844-44de-af7f-094e257bfd73.tmp
2023-11-29 09:39 - 2023-11-29 09:39 - 009697940 _____ C:\Users\karakas\AppData\Local\Temp\2a957a4a-be3b-4b97-a428-6496df67dab2.tmp
2023-11-29 09:39 - 2023-11-29 09:39 - 002694851 _____ C:\Users\karakas\AppData\Local\Temp\8b0f2f1f-359c-4bdf-aadd-a32f5da5ad0b.tmp
2023-11-29 09:39 - 2023-11-29 09:39 - 000421052 _____ C:\Users\karakas\AppData\Local\Temp\0510d08f-9046-4247-94f8-edcffcbafec4.tmp
2023-11-29 09:25 - 2023-11-29 09:25 - 000097181 _____ C:\Users\karakas\AppData\Local\Temp\9bd3ef71-1d22-4c64-99d3-b258af9d9cc2.tmp
2023-11-29 09:25 - 2023-11-29 09:25 - 000003231 _____ C:\Users\karakas\AppData\Local\Temp\8c36e63a-b185-487a-b3de-d329532d189b.tmp
2023-11-29 09:24 - 2023-11-29 09:24 - 000495234 _____ C:\Users\karakas\AppData\Local\Temp\4790190a-508d-49ef-b534-cfd3a1409716.tmp
2023-11-29 09:24 - 2023-11-29 09:24 - 000168812 _____ C:\Users\karakas\AppData\Local\Temp\5cf7fa84-075e-4672-accc-9b096f568895.tmp
2023-11-29 09:24 - 2023-11-29 09:24 - 000000165 ____H C:\Users\karakas\Downloads\~$RPG0046053.xlsx
2023-11-29 09:24 - 2023-11-29 09:24 - 000000134 _____ C:\Users\karakas\AppData\Local\Temp\1513562.od
2023-11-29 09:24 - 2023-11-29 09:24 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\CVR185A.tmp.cvr
2023-11-29 09:24 - 2023-11-29 09:24 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\904b571b-da41-4bb0-87c5-8645805b8866.tmp
2023-11-29 09:18 - 2023-11-29 09:18 - 013917519 _____ C:\Users\karakas\AppData\Local\Temp\05fcf96a-0030-4885-9e56-08f520c83b4d.tmp
2023-11-29 09:14 - 2023-11-29 09:14 - 000000134 _____ C:\Users\karakas\AppData\Local\Temp\924656.od
2023-11-29 09:14 - 2023-11-29 09:14 - 000000000 _____ C:\Users\karakas\AppData\Local\Temp\CVR1BF0.tmp.cvr
2023-11-29 09:12 - 2023-11-29 09:12 - 003863460 _____ C:\Users\karakas\AppData\Local\Temp\6afb0d0d-9c88-41a3-a6b6-c5f807cd46ac.tmp
2023-11-29 09:10 - 2023-11-29 09:10 - 011059372 _____ C:\Users\karakas\AppData\Local\Temp\758a27d5-62e5-43ed-8662-f5a4f98c70d5.tmp
2023-11-29 09:10 - 2023-11-29 09:10 - 007810417 _____ C:\Users\karakas\AppData\Local\Temp\21b0194e-542c-4900-b074-274315a33159.tmp
2023-11-29 09:10 - 2023-11-29 09:10 - 000758985 _____ C:\Users\karakas\AppData\Local\Temp\fead8dee-0544-4887-b83d-166d6b6d9b0d.tmp
2023-11-29 08:38 - 2023-12-02 08:07 - 000000000 ____D C:\Users\karakas\Desktop\Nov29
2023-11-28 19:10 - 2023-11-28 19:10 - 000075699 _____ C:\Users\karakas\AppData\Local\Temp\wctAFE4.tmp
2023-11-28 19:10 - 2023-11-28 19:10 - 000075699 _____ C:\Users\karakas\AppData\Local\Temp\wct15F.tmp
2023-11-28 17:45 - 2023-11-28 17:45 - 000075699 _____ C:\Users\karakas\AppData\Local\Temp\wctD9EE.tmp
2023-11-28 17:00 - 2023-11-28 17:00 - 000075699 _____ C:\Users\karakas\AppData\Local\Temp\wct5A4C.tmp
2023-11-28 15:56 - 2023-11-28 15:56 - 019346349 _____ C:\Users\karakas\Downloads\Video.mov
2023-11-28 15:10 - 2023-11-28 15:10 - 000075699 _____ C:\Users\karakas\AppData\Local\Temp\wctA247.tmp
2023-11-25 15:58 - 2023-12-03 00:41 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\A7CEB126-DD62-4B66-A77E-945D928F0433
2023-11-21 12:11 - 2023-11-21 12:11 - 000082051 _____ C:\Users\karakas\Downloads\Notice- Owner Audit - Online Survey.docx (1).pdf
2023-11-21 07:18 - 2023-11-24 13:13 - 000011114 _____ C:\Users\karakas\Downloads\RPG0045911.xlsx
2023-11-20 08:02 - 2023-11-20 08:02 - 000000899 _____ C:\Users\karakas\AppData\Local\Temp\wctD1B6.tmp
2023-11-20 08:02 - 2023-11-20 08:02 - 000000899 _____ C:\Users\karakas\AppData\Local\Temp\wctC060.tmp
2023-11-20 08:02 - 2023-11-20 08:02 - 000000899 _____ C:\Users\karakas\AppData\Local\Temp\wctB14E.tmp
2023-11-20 08:02 - 2023-11-20 08:02 - 000000899 _____ C:\Users\karakas\AppData\Local\Temp\wctA81D.tmp
2023-11-20 08:02 - 2023-11-20 08:02 - 000000899 _____ C:\Users\karakas\AppData\Local\Temp\wct8BD8.tmp
2023-11-20 08:02 - 2023-11-20 08:02 - 000000899 _____ C:\Users\karakas\AppData\Local\Temp\wct8310.tmp
2023-11-20 08:02 - 2023-11-20 08:02 - 000000899 _____ C:\Users\karakas\AppData\Local\Temp\wct3ADC.tmp
2023-11-19 21:13 - 2023-11-27 00:41 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\msedge_url_fetcher_275084_1612636180
2023-11-17 11:07 - 2023-11-25 16:03 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\1A5677DF-7B6E-4F72-9522-FB8B01068020
2023-11-17 08:59 - 2023-11-17 08:59 - 000000165 ____H C:\Users\karakas\Downloads\~$RPG0045847.xlsx
2023-11-17 08:48 - 2023-11-17 08:48 - 000011195 _____ C:\Users\karakas\Downloads\RPG0045847.xlsx
2023-11-14 23:26 - 2023-11-14 23:26 - 000000000 ___HD C:\$WinREAgent
2023-11-14 10:23 - 2023-11-22 00:11 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\msedge_url_fetcher_731500_1489938570
2023-11-13 00:25 - 2023-11-20 00:40 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\8018C277-C327-4771-A5A2-85D857DE2FCC
2023-11-11 16:01 - 2023-11-11 16:01 - 000011213 _____ C:\Users\karakas\Downloads\RPG0045737 (3).xlsx
2023-11-11 15:02 - 2023-11-11 15:02 - 000011294 _____ C:\Users\karakas\Downloads\RPG0045737 (2).xlsx
2023-11-11 15:00 - 2023-11-11 15:00 - 000011294 _____ C:\Users\karakas\Downloads\RPG0045737 (1).xlsx
2023-11-11 12:03 - 2023-11-11 12:03 - 000199182 _____ C:\Users\karakas\Downloads\clarkwilson duty to repair- over- under deductibles.pdf
2023-11-11 12:03 - 2023-11-11 12:03 - 000167109 _____ C:\Users\karakas\Downloads\Alteration Request - Insuite Renovations.pdf
2023-11-11 12:03 - 2023-11-11 12:03 - 000082051 _____ C:\Users\karakas\Downloads\Notice- Owner Audit - Online Survey.docx.pdf
2023-11-11 12:03 - 2023-11-11 12:03 - 000035340 _____ C:\Users\karakas\Downloads\Form K - Fillable Form.pdf
2023-11-11 12:02 - 2023-11-11 12:03 - 000080558 _____ C:\Users\karakas\Downloads\Owner Information Sheet V2 - Fillable.pdf
2023-11-11 12:02 - 2023-11-11 12:02 - 000078335 _____ C:\Users\karakas\Downloads\Vehicle & Parking Registration - Fillable Form.pdf
2023-11-11 00:45 - 2023-11-18 01:57 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\071D456F-4347-45D6-AF0E-443C421A9AAF
2023-11-10 10:14 - 2023-11-10 10:14 - 000011294 _____ C:\Users\karakas\Downloads\RPG0045737.xlsx
2023-11-10 09:51 - 2023-11-10 09:51 - 000081942 _____ C:\Users\karakas\Downloads\INVOICE.pdf
2023-11-09 19:19 - 2023-11-09 19:19 - 002946312 _____ C:\Users\karakas\Downloads\Stormshot.PC.V1.0_1fc14e33f9.exe
2023-11-09 08:35 - 2023-11-09 08:35 - 000199182 _____ C:\Users\karakas\Downloads\07. clarkwilson duty to repair (1).pdf
2023-11-08 09:23 - 2023-11-08 09:23 - 000011171 _____ C:\Users\karakas\Downloads\RPG0045699.xlsx
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-06 08:37 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-06 08:33 - 2018-07-21 10:00 - 000000000 ____D C:\FRST
2023-12-06 08:14 - 2021-12-15 00:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-06 08:14 - 2016-04-16 16:58 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-06 07:50 - 2021-01-31 23:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-06 01:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-12-05 21:13 - 2016-04-20 06:51 - 000000000 ____D C:\Users\karakas\AppData\Roaming\Microsoft\Word
2023-12-05 19:09 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-05 19:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-05 17:42 - 2021-06-11 13:48 - 000000053 _____ C:\Users\karakas\AppData\Local\Temp\.ses
2023-12-05 13:10 - 2021-03-03 09:52 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\msohtmlclip1
2023-12-05 12:39 - 2020-10-07 13:54 - 000000000 ____D C:\Users\karakas\Desktop\new downloads
2023-12-05 11:55 - 2016-06-20 09:02 - 000000000 ____D C:\Users\karakas\Desktop\downloaded
2023-12-05 11:28 - 2021-01-31 23:58 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-05 11:28 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-05 11:21 - 2021-02-01 00:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-05 11:21 - 2021-01-31 23:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-05 11:21 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-12-04 19:23 - 2021-01-31 23:46 - 000000000 ____D C:\Users\karakas
2023-12-04 19:13 - 2021-05-31 12:38 - 000000000 ____D C:\Users\karakas\AppData\LocalLow\IGDump
2023-12-04 14:16 - 2021-05-20 17:47 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-04 09:33 - 2019-08-28 18:06 - 000000000 ____D C:\Users\karakas\Desktop\Master Marks
2023-12-02 16:49 - 2022-02-26 15:14 - 000000000 ____D C:\WINDOWS\Minidump
2023-12-02 16:47 - 2019-02-25 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paw Patrol On A Roll
2023-12-02 16:39 - 2019-12-31 06:51 - 1471840439 _____ C:\WINDOWS\MEMORY.DMP
2023-12-02 16:34 - 2016-08-07 15:07 - 000000000 ____D C:\Program Files (x86)\epson
2023-12-02 09:49 - 2021-08-18 20:23 - 000000000 ____D C:\Users\karakas\Desktop\SE Work
2023-12-02 08:25 - 2022-08-11 16:10 - 000000000 ____D C:\Users\karakas\AppData\Roaming\audacity
2023-12-02 07:45 - 2017-01-14 06:13 - 000000000 ____D C:\Users\karakas\AppData\Roaming\Microsoft\Excel
2023-12-01 09:46 - 2017-02-04 04:40 - 000000000 ____D C:\Users\karakas\AppData\Roaming\RenPy
2023-12-01 08:58 - 2018-12-10 16:17 - 000000000 ____D C:\Users\karakas\AppData\Roaming\qBittorrent
2023-11-30 23:34 - 2023-02-09 11:03 - 000000000 ____D C:\Program Files\NordVPN
2023-11-30 12:15 - 2021-11-09 14:43 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-26 10:34 - 2023-06-13 10:06 - 000000000 ____D C:\Users\karakas\Desktop\Music 2023
2023-11-18 16:06 - 2021-12-10 19:40 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1880840183-2522925994-863313883-1001
2023-11-18 16:06 - 2021-02-01 00:08 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1880840183-2522925994-863313883-1001
2023-11-18 16:06 - 2021-01-31 23:46 - 000002389 _____ C:\Users\karakas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-15 02:16 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-15 01:57 - 2021-01-31 23:40 - 000463376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-15 01:49 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-15 01:49 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-15 01:49 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-15 01:07 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-11-15 01:06 - 2019-12-07 01:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-11-15 01:06 - 2019-12-07 01:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-11-15 01:06 - 2019-12-07 01:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-11-15 00:22 - 2021-01-31 23:44 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-14 23:20 - 2016-04-16 17:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-14 23:14 - 2016-04-16 17:17 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 01:20 - 2021-02-01 00:08 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-11-14 01:19 - 2023-08-22 11:25 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-13 13:09 - 2021-11-09 14:41 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-11-13 13:09 - 2021-11-09 14:41 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-11-10 08:53 - 2020-09-30 10:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-11-06 13:41 - 2018-02-28 20:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-11-06 01:33 - 2023-10-29 05:58 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\E5A23F3C-1F89-4678-AD3B-0405C049E8DB
2023-11-06 01:33 - 2023-10-29 04:48 - 000000000 ____D C:\Users\karakas\AppData\Local\Temp\5CE91345-EBF7-4E01-A290-7A50BBA4584A
 
==================== Files in the root of some directories ========
 
2017-03-06 23:04 - 2018-12-08 15:36 - 000000770 _____ () C:\Users\karakas\AppData\Roaming\Rim.Desktop.Exception.log
2017-03-06 23:03 - 2019-05-13 15:31 - 000001937 _____ () C:\Users\karakas\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-03-06 23:04 - 2018-12-08 15:36 - 000000770 _____ () C:\Users\karakas\AppData\Roaming\Rim.DesktopHelper.Exception.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2023
Ran by karakas (06-12-2023 08:51:33)
Running from C:\Users\karakas\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2021-02-01 08:09:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1880840183-2522925994-863313883-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1880840183-2522925994-863313883-503 - Limited - Disabled)
Guest (S-1-5-21-1880840183-2522925994-863313883-501 - Limited - Disabled)
karakas (S-1-5-21-1880840183-2522925994-863313883-1001 - Administrator - Enabled) => C:\Users\karakas
WDAGUtilityAccount (S-1-5-21-1880840183-2522925994-863313883-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K YouTube to MP3 3.7 (HKLM\...\{921BEBDC-5874-4DEF-9A5F-CB2D03991FD6}) (Version: 3.7.2.2902 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
Acer Drive (HKLM-x32\...\{5D45E67C-B04E-411F-93BB-947DAAF355D5}) (Version: 1.00.3009 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3006 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Foxit PhantomPDF Business (HKLM-x32\...\{CAAA99A8-AB12-11E6-AA93-000C29FC3B44}) (Version: 8.1.1.1115 - Foxit Software Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.65 - GameHouse)
GenuTax Standard (HKLM-x32\...\{238715a6-57bf-488b-af18-c5247f885931}) (Version: 1.79 - GenuSource Consulting Inc) Hidden
GenuTax Standard (HKLM-x32\...\{2FB6BA60-4F55-486F-B7B9-AF0283344B85}) (Version: 1.79 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.200 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.32.7 - Google Inc.) Hidden
Instagiffer version 1.62 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.62 - Justin Todd)
Intel® Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{3C6C11C6-E094-4548-B032-73B4E4D0DEF7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{9E80CC7F-966F-4282-BE0A-36B5BA5F19B1}) (Version: 11.0.0.1177 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{1377B2D9-D825-441C-A775-318D25DA3F18}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{B66F70B4-34E5-429A-9F55-7129E0833A45}) (Version: 14.8.0.1042 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E6F800A9-64D3-4E93-8E8E-AB53E21D4840}) (Version: 20.50.0.1450 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
Java 8 Update 371 (64-bit) (HKLM\...\{71124AE4-039E-4CA4-87B4-2F64180371F0}) (Version: 8.0.3710.11 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.6.4 - PandoraTV)
Malwarebytes version 4.6.6.294 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.6.294 - Malwarebytes)
Microsoft Azure Information Protection (HKLM-x32\...\{21b41fcc-93c0-498f-a284-659d275b4076}) (Version: 1.54.59.0 - Microsoft Corporation)
Microsoft Azure Information Protection (HKLM-x32\...\{7FA8B359-E9D7-4037-8DE1-A28F2603D742}) (Version: 1.54.59.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910 (HKLM-x32\...\{53f1dc9d-ed94-4650-a079-129785ce7905}) (Version: 14.28.29910.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29910 (HKLM\...\{06F1FCFD-8F77-488A-A477-6CA8A783EDD7}) (Version: 14.28.29910 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29910 (HKLM\...\{DE015560-04E3-4915-8F99-5B29289E3998}) (Version: 14.28.29910 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft1.7.7 (HKLM-x32\...\Minecraft1.7.7) (Version:  - )
MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 88.0.1.7794 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.15.6.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Paw Patrol On A Roll (HKLM-x32\...\Paw Patrol On A Roll_is1) (Version:  - )
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7712 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Sin7 0.1 (HKLM-x32\...\Sin7 0.1) (Version: 0.1 - Sin7)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Zoom (HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\ZoomUMX) (Version: 5.15.7 (20303) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.3007.0_x86__48frkmn4z8aw4 [2022-07-13] (Acer Incorporated)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-14] ()
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-11-09] (MAGIX)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-05] (Microsoft Studios) [MS Ad]
Spider Solitaire++ -> C:\Program Files\WindowsApps\12291raymond.li.31631ED225837_1.1.16.0_x64__szs6zaftcmqhc [2022-02-25] (raymond.li)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-11-09] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\karakas\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\karakas\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e43bf4f1a295d985\igfxDTCM.dll [2016-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 

Edited by daniel.karakas, 06 December 2023 - 11:22 AM.

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Hello.

 

Your logs are not complete.

 

Please, run FRST tool once more and attach the 2 logs for me to check. 

 

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

  • 0

#3
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Thanks so much for your reply. 

Sorry for posting incomplete logs.

 

Please find the new FRST files below. 

 

Also, I was able to back up all my data, and am ready to do a complete recovery boot.

 

I tried to do one as I have a usb boot made when I first got the computer, however, I am unable to access the bios and so unable to do a factory reinstall.

 

I would be just as happy to do factory reboot if that is something you could help me with. 

Thanks!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2023
Ran by karakas (administrator) on DESKTOP-8ID5J9T (Acer Aspire TC-710) (07-12-2023 17:41:50)
Running from C:\Users\karakas\Desktop\FRST64.exe
Loaded Profiles: karakas
Platform: Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Acer\Acer Drive\AcerDriveTray.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveUI.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <21>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\karakas\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\Microsoft.SharePoint.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\OEM\Preload\FubTracking\FubTracking.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveTray.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\karakas\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2310.8.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2017-03-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [738936 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [MicrosoftEdgeAutoLaunch_8B6B36A51FDD9942B0BDEE33C0F85C3E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3896768 2023-11-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\karakas\AppData\Local\Microsoft\Teams\Update.exe [2588520 2023-09-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\MountPoints2: {6634c3aa-f170-11ec-9ed8-08d40c635faf} - "D:\WD SmartWare.exe" autoplay=true
HKLM\...\Windows x64\Print Processors\BJ Print Processor3: C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL [83968 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor3_2: C:\WINDOWS\system32\CNBLM3_2.DLL [211456 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON Stylus Photo RX580 Series 64MonitorBA: C:\WINDOWS\system32\E_ILMBPA.DLL [108032 2007-12-07] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.71\Installer\chrmstp.exe [2023-12-07] (Google LLC -> Google LLC)
Startup: C:\Users\karakas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2023-05-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {AE9BD731-6303-410F-B03B-9627E90E1568} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CD0ADC46-47D6-4774-B015-E1BFE02DC827} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2017-09-28] (Acer Incorporated -> )
Task: {6AC1DEB2-2B42-4C76-B7DB-5B7EE575E321} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2018-05-28] (Acer Incorporated -> )
Task: {837718D0-6BCE-4E65-A298-15DA87587329} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [40288 2015-07-10] (Acer Incorporated -> )
Task: {E9580651-3556-4C9A-9092-BF1A5BB3928C} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4696880 2018-05-28] (Acer Incorporated -> )
Task: {5463DF05-0E05-4FD8-9957-F2C1619C03FD} - System32\Tasks\AcerDriveProxyLauncher => C:\Program Files (x86)\Acer\Acer Drive\AcerDriveProxy.exe [2290016 2015-09-30] (Acer Incorporated -> Acer Incorporated)
Task: {B2B8F184-B0B2-48EE-8BBF-31D335878E08} - System32\Tasks\AcerDriveTrayLauncher => C:\Program Files (x86)\Acer\Acer Drive\AcerDriveTray.exe [598880 2015-09-30] (Acer Incorporated -> Acer Incorporated)
Task: {E3374CC1-4996-4843-A850-902265C1B8BC} - System32\Tasks\AcerDriveUpdateChecker => C:\Program Files (x86)\Acer\Acer Drive\CheckUpdate.exe [24416 2015-08-05] (Acer Incorporated -> Acer Incorporated)
Task: {39D48088-4082-41BA-B7C5-30B6D3BC5A29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {27366E41-74DE-4BDC-8148-F74F473917A1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [1281024 2017-09-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E7BD4E4F-A6E1-4CCE-92E9-01108211C9A9} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65824 2017-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {FA2B11B5-3F7A-4888-84E6-60623353EB5B} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [30976 2015-05-13] (Acer Incorporated -> )
Task: {7DD2F012-EB25-407E-B920-B80907B89D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-09] (Google LLC -> Google LLC)
Task: {91B66BFE-20BF-4292-8902-4AC1791B90D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-09] (Google LLC -> Google LLC)
Task: {E263E803-D6BF-4EAC-BA46-EFAF47E734BA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E8ED8ED-2A57-463C-BEA6-5EC419B72116} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AB02B0AC-B1A3-4D05-9771-174FE81A803E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {185BEA04-0EB9-443B-A31B-6698E1F1EBF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {84D23F7D-4239-4982-A34F-0396F76391F0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
Task: {0414E387-E2BF-47C2-A4F0-4802B32C0539} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {16A0AA89-FBA5-4398-A3B0-DE77F5F443C9} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [379232 2015-07-17] (Acer Incorporated -> Acer Incorporated)
Task: {CF89C499-6DD1-4ABC-A8D4-C5A07BB4D41E} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-10] (Acer Incorporated -> Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{26ee6f90-3278-42b1-9877-54b81bdb78da}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{486657a2-4b8f-46dc-ba15-ddc9d9f2b981}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a26cefaa-f6ff-448f-9018-4ef6bcfb773d}: [DhcpNameServer] 45.44.103.26 45.44.103.27
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-04]
Edge Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-04]
Edge Extension: (Edge relevant text changes) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-30]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: 1wh4cpt7.default
FF ProfilePath: C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default [2022-01-08]
FF Homepage: Mozilla\Firefox\Profiles\1wh4cpt7.default -> www.google.com
FF Extension: (Avira Browser Safety) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-01-10] [UpdateUrl:hxxps://download.avira.com/package/abs/firefox/update-webext.rdf]
FF Extension: (Dashlane) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2021-05-24] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (English (US) Language Pack) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2021-05-24]
FF Extension: (Avira Password Manager) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-03-19] [UpdateUrl:hxxps://s3.eu-central-1.amazonaws.com/avira-pwm-extensions/update.rdf]
FF Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-04-18] [UpdateUrl:hxxps://package.avira.com/package/safesearch/firefox/update-plus2.rdf]
FF Extension: (Acer Locale Fix) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\features\{9917c7b2-023d-4dcd-b634-a2a6730e6935}\[email protected] [2018-05-08] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2021-05-24] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-11-14] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Plugin: @java.com/DTPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default [2023-12-07]
CHR DownloadDir: C:\Users\karakas\Downloads
CHR Notifications: Default -> hxxps://teams.microsoft.com
CHR Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-19]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-05-09]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5 [2023-03-03]
CHR Extension: (Foxit PDF Creator) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-03-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-03-03]
CHR Extension: (NordVPN - VPN Proxy for Privacy and Security) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2023-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-13]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-03-03]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2022-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-13]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6 [2023-03-20]
CHR Extension: (Foxit PDF Creator) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-03-20]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-03-20]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2022-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-11]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-23]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
CHR HKU\S-1-5-21-1880840183-2522925994-863313883-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fjoaledfpmneenckfbpdfhkmimnjocfa]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
 
Opera: 
=======
OPR Profile: C:\Users\karakas\AppData\Roaming\Opera Software\Opera Stable [2020-05-20]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
S4 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2122432 2022-12-13] (GameHouse Europe B.V. -> GameHouse)
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Incorporated -> Foxit Software Inc.)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
S4 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe [495240 2018-07-26] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-11-09] (Malwarebytes Inc. -> Malwarebytes)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [320088 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
S4 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-17] (Acer Incorporated -> Acer Incorporated)
S2 secureboot; C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe [699259556 2023-11-16] () [File not signed]
S4 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-26] (Acer Incorporated -> acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2021-09-14] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [154112 2021-10-12] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222800 2023-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsla2d6e7cb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F8469E9-7314-490D-A318-F60F5E1973BE}\MpKslDrv.sys [263560 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 NDivert; C:\Program Files\NordVPN\7.15.6.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2021-01-31] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-02-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 MpKsl9fc3e1c8; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFB4E479-7157-4343-AB95-D363BEC7C31E}\MpKslDrv.sys [X]
S3 MpKslc6947ae7; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFB4E479-7157-4343-AB95-D363BEC7C31E}\MpKslDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-07 17:41 - 2023-12-07 17:44 - 000028875 _____ C:\Users\karakas\Desktop\FRST.txt
2023-12-07 17:41 - 2023-12-07 17:41 - 002384896 _____ (Farbar) C:\Users\karakas\Desktop\FRST64.exe
2023-12-07 17:41 - 2023-12-07 17:41 - 000000000 ____D C:\Users\karakas\Desktop\FRST-OlderVersion
2023-12-07 17:12 - 2023-12-07 17:12 - 000086323 _____ C:\Users\karakas\Desktop\DxDiag.txt
2023-12-06 22:23 - 2023-12-06 22:23 - 000299543 _____ C:\Users\karakas\Desktop\bookmarks_12_6_23.html
2023-12-06 22:09 - 2023-12-06 22:10 - 000000000 ____D C:\Users\karakas\Desktop\Music Cabinet
2023-12-06 20:07 - 2023-12-06 20:07 - 000000000 ____D C:\Users\karakas\Desktop\Docs2023
2023-12-06 20:00 - 2023-12-06 20:09 - 000000000 ____D C:\Users\karakas\Desktop\Travel Places
2023-12-06 09:50 - 2023-12-06 18:19 - 000000000 ____D C:\Users\karakas\Desktop\DEC06
2023-12-02 16:39 - 2023-12-02 16:49 - 001497468 _____ C:\WINDOWS\Minidump\120223-55562-01.dmp
2023-12-01 09:43 - 2023-12-01 09:45 - 000000000 ____D C:\Program Files\Guilty Pleasure
2023-11-29 09:24 - 2023-11-29 09:24 - 000000165 ____H C:\Users\karakas\Downloads\~$RPG0046053.xlsx
2023-11-17 08:59 - 2023-11-17 08:59 - 000000165 ____H C:\Users\karakas\Downloads\~$RPG0045847.xlsx
2023-11-14 23:26 - 2023-11-14 23:26 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-07 17:43 - 2018-07-21 10:00 - 000000000 ____D C:\FRST
2023-12-07 17:34 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-07 17:20 - 2021-12-15 00:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-07 17:20 - 2016-04-16 16:58 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-07 17:10 - 2021-01-31 23:58 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-07 17:10 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-07 17:05 - 2023-05-07 03:17 - 000000000 ____D C:\Users\karakas\AppData\Local\Malwarebytes
2023-12-07 17:03 - 2021-02-01 00:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-07 17:03 - 2021-01-31 23:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-07 17:03 - 2021-01-31 23:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-07 14:30 - 2021-01-31 23:46 - 000000000 ____D C:\Users\karakas
2023-12-07 14:30 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-12-07 14:28 - 2021-08-18 20:23 - 000000000 ____D C:\Users\karakas\Desktop\SE Work
2023-12-07 14:22 - 2021-11-09 14:43 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-12-06 23:13 - 2020-05-29 14:49 - 000000000 ____D C:\Users\karakas\Desktop\Jessica
2023-12-06 20:59 - 2018-02-28 20:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-12-06 20:57 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-06 20:12 - 2017-03-22 13:45 - 000000000 ___RD C:\Users\karakas\Desktop\File Cabinet
2023-12-06 19:36 - 2017-03-22 13:51 - 000000000 ____D C:\Users\karakas\Desktop\Photos Destop Transfer Oct 2022
2023-12-06 18:23 - 2022-08-11 16:10 - 000000000 ____D C:\Users\karakas\AppData\Roaming\audacity
2023-12-06 17:19 - 2021-05-31 12:38 - 000000000 ____D C:\Users\karakas\AppData\LocalLow\IGDump
2023-12-06 15:15 - 2021-11-09 14:41 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-06 15:15 - 2021-11-09 14:41 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-06 01:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-12-05 21:13 - 2016-04-20 06:51 - 000000000 ____D C:\Users\karakas\AppData\Roaming\Microsoft\Word
2023-12-05 19:09 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-05 12:39 - 2020-10-07 13:54 - 000000000 ____D C:\Users\karakas\Desktop\new downloads
2023-12-05 11:55 - 2016-06-20 09:02 - 000000000 ____D C:\Users\karakas\Desktop\downloaded
2023-12-04 14:16 - 2021-05-20 17:47 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-04 09:33 - 2019-08-28 18:06 - 000000000 ____D C:\Users\karakas\Desktop\Master Marks
2023-12-02 16:49 - 2022-02-26 15:14 - 000000000 ____D C:\WINDOWS\Minidump
2023-12-02 16:47 - 2019-02-25 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paw Patrol On A Roll
2023-12-02 16:39 - 2019-12-31 06:51 - 1471840439 _____ C:\WINDOWS\MEMORY.DMP
2023-12-02 16:34 - 2016-08-07 15:07 - 000000000 ____D C:\Program Files (x86)\epson
2023-12-02 07:45 - 2017-01-14 06:13 - 000000000 ____D C:\Users\karakas\AppData\Roaming\Microsoft\Excel
2023-12-01 11:10 - 2017-12-03 11:19 - 000000000 ____D C:\Users\karakas\AppData\Local\Packages
2023-12-01 09:46 - 2017-02-04 04:40 - 000000000 ____D C:\Users\karakas\AppData\Roaming\RenPy
2023-12-01 08:58 - 2018-12-10 16:17 - 000000000 ____D C:\Users\karakas\AppData\Roaming\qBittorrent
2023-11-30 23:36 - 2023-02-09 11:03 - 000000000 ____D C:\Users\karakas\AppData\Local\NordVPN
2023-11-30 23:34 - 2023-02-09 11:03 - 000000000 ____D C:\Program Files\NordVPN
2023-11-18 16:06 - 2021-12-10 19:40 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1880840183-2522925994-863313883-1001
2023-11-18 16:06 - 2021-02-01 00:08 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1880840183-2522925994-863313883-1001
2023-11-18 16:06 - 2021-01-31 23:46 - 000002389 _____ C:\Users\karakas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-15 02:16 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-15 01:57 - 2021-01-31 23:40 - 000463376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-15 01:49 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-15 01:49 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-15 01:49 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-15 01:07 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-11-15 01:06 - 2019-12-07 01:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-11-15 01:06 - 2019-12-07 01:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-11-15 01:06 - 2019-12-07 01:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-11-15 00:22 - 2021-01-31 23:44 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-14 23:20 - 2016-04-16 17:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-14 23:14 - 2016-04-16 17:17 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 01:20 - 2021-02-01 00:08 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-11-14 01:19 - 2023-08-22 11:25 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-10 08:53 - 2020-09-30 10:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
 
==================== Files in the root of some directories ========
 
2017-03-06 23:04 - 2018-12-08 15:36 - 000000770 _____ () C:\Users\karakas\AppData\Roaming\Rim.Desktop.Exception.log
2017-03-06 23:03 - 2019-05-13 15:31 - 000001937 _____ () C:\Users\karakas\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-03-06 23:04 - 2018-12-08 15:36 - 000000770 _____ () C:\Users\karakas\AppData\Roaming\Rim.DesktopHelper.Exception.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2023
Ran by karakas (07-12-2023 17:49:08)
Running from C:\Users\karakas\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2021-02-01 08:09:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1880840183-2522925994-863313883-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1880840183-2522925994-863313883-503 - Limited - Disabled)
Guest (S-1-5-21-1880840183-2522925994-863313883-501 - Limited - Disabled)
karakas (S-1-5-21-1880840183-2522925994-863313883-1001 - Administrator - Enabled) => C:\Users\karakas
WDAGUtilityAccount (S-1-5-21-1880840183-2522925994-863313883-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K YouTube to MP3 3.7 (HKLM\...\{921BEBDC-5874-4DEF-9A5F-CB2D03991FD6}) (Version: 3.7.2.2902 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
Acer Drive (HKLM-x32\...\{5D45E67C-B04E-411F-93BB-947DAAF355D5}) (Version: 1.00.3009 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3006 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Foxit PhantomPDF Business (HKLM-x32\...\{CAAA99A8-AB12-11E6-AA93-000C29FC3B44}) (Version: 8.1.1.1115 - Foxit Software Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.65 - GameHouse)
GenuTax Standard (HKLM-x32\...\{238715a6-57bf-488b-af18-c5247f885931}) (Version: 1.79 - GenuSource Consulting Inc) Hidden
GenuTax Standard (HKLM-x32\...\{2FB6BA60-4F55-486F-B7B9-AF0283344B85}) (Version: 1.79 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.71 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.32.7 - Google Inc.) Hidden
Instagiffer version 1.62 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.62 - Justin Todd)
Intel® Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{3C6C11C6-E094-4548-B032-73B4E4D0DEF7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{9E80CC7F-966F-4282-BE0A-36B5BA5F19B1}) (Version: 11.0.0.1177 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{1377B2D9-D825-441C-A775-318D25DA3F18}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{B66F70B4-34E5-429A-9F55-7129E0833A45}) (Version: 14.8.0.1042 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E6F800A9-64D3-4E93-8E8E-AB53E21D4840}) (Version: 20.50.0.1450 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
Java 8 Update 371 (64-bit) (HKLM\...\{71124AE4-039E-4CA4-87B4-2F64180371F0}) (Version: 8.0.3710.11 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.6.4 - PandoraTV)
Malwarebytes version 4.6.6.294 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.6.294 - Malwarebytes)
Microsoft Azure Information Protection (HKLM-x32\...\{21b41fcc-93c0-498f-a284-659d275b4076}) (Version: 1.54.59.0 - Microsoft Corporation)
Microsoft Azure Information Protection (HKLM-x32\...\{7FA8B359-E9D7-4037-8DE1-A28F2603D742}) (Version: 1.54.59.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910 (HKLM-x32\...\{53f1dc9d-ed94-4650-a079-129785ce7905}) (Version: 14.28.29910.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29910 (HKLM\...\{06F1FCFD-8F77-488A-A477-6CA8A783EDD7}) (Version: 14.28.29910 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29910 (HKLM\...\{DE015560-04E3-4915-8F99-5B29289E3998}) (Version: 14.28.29910 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft1.7.7 (HKLM-x32\...\Minecraft1.7.7) (Version:  - )
MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 88.0.1.7794 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.15.6.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Paw Patrol On A Roll (HKLM-x32\...\Paw Patrol On A Roll_is1) (Version:  - )
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7712 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Sin7 0.1 (HKLM-x32\...\Sin7 0.1) (Version: 0.1 - Sin7)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Zoom (HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\ZoomUMX) (Version: 5.15.7 (20303) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.3007.0_x86__48frkmn4z8aw4 [2022-07-13] (Acer Incorporated)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-14] ()
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-11-09] (MAGIX)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-05] (Microsoft Studios) [MS Ad]
Spider Solitaire++ -> C:\Program Files\WindowsApps\12291raymond.li.31631ED225837_1.1.16.0_x64__szs6zaftcmqhc [2022-02-25] (raymond.li)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-11-09] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\karakas\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\karakas\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e43bf4f1a295d985\igfxDTCM.dll [2016-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2015-09-25 13:50 - 2015-09-25 13:50 - 000194048 _____ () [File not signed] C:\Program Files (x86)\Acer\Acer Drive\curllib.dll
2015-09-25 13:50 - 2015-09-25 13:50 - 000110592 _____ () [File not signed] C:\Program Files (x86)\Acer\Acer Drive\OpenLDAP.dll
2015-09-25 13:50 - 2015-09-25 13:50 - 000077910 _____ (Carnegie Mellon University) [File not signed] C:\Program Files (x86)\Acer\Acer Drive\libsasl.dll
2016-04-21 08:51 - 2015-12-31 06:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2016-08-07 15:22 - 2007-12-07 01:08 - 000108032 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMBPA.DLL
2015-09-25 13:50 - 2015-09-25 13:50 - 001016832 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Acer\Acer Drive\LIBEAY32.dll
2015-09-25 13:50 - 2015-09-25 13:50 - 000200192 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Acer\Acer Drive\SSLEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\karakas\Desktop\IEBV5 BDs (larger font) .pdf:shield [117]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:newsfeed
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1880840183-2522925994-863313883-1001 -> {787519B8-5036-4DB3-8FDB-F9092DE448EF} URL = 
SearchScopes: HKU\S-1-5-21-1880840183-2522925994-863313883-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-11-14] (Foxit Software Incorporated -> )
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-11-14] (Foxit Software Incorporated -> )
Handler: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll No File
Handler: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll No File
Handler: intu-tt2018 - {c10cb859-8e11-44f1-833b-68a8e1ed7e1d} - C:\Program Files (x86)\TurboTax 2018\ic2018pp.dll No File
Handler: intu-tt2019 - {F526FF07-B913-4B56-85DC-D7014178A5B4} - C:\Program Files (x86)\TurboTax 2019\ic2019pp.dll No File
Handler: intu-tt2020 - {BA9B9DDA-C208-4938-90D6-0FAB2903CECE} - C:\Program Files (x86)\TurboTax 2020\ic2020pp.dll No File
Handler: intu-tt2021 - {B60E21DC-FB86-424A-BAA3-54B06685E3E7} - C:\Program Files (x86)\TurboTax 2021\ic2021pp.dll No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 03:04 - 2015-07-10 03:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\PROGRA~2\ThriXXX\3D SexVilla;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karakas\Desktop\File Cabinet\desktop background\NASA-news-Hubble-Space-Telescope-pictures-colliding-galaxies-UGC-2369-2005834.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMInstantService => 2
MSCONFIG\Services: BlackBerry Device Manager => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FoxitPhantomService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® Security Assist => 3
MSCONFIG\Services: isaHelperSvc => 2
MSCONFIG\Services: IsAppService => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NitroDriverReadSpool9 => 2
MSCONFIG\Services: NitroUpdateService => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: nordsec-threatprotection-service => 3
MSCONFIG\Services: NordUpdaterService => 2
MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: QASvc => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UEIPSvc => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8B6B36A51FDD9942B0BDEE33C0F85C3E"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{8BD62413-17C7-4450-9088-80577C1D7389}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{11457BE3-1611-49AE-AAE7-42AA8551338D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{47867D0A-5D5F-44D4-859C-6692595D26CF}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{12C24D02-8BBC-4625-94B7-8FA278B0FE9F}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{E18EE2CD-E292-4607-B6A5-CC03CDC2FFAE}] => (Block) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{56A5BBD6-3869-4AD5-8417-055FAD3F389B}] => (Block) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{167FDA60-0062-409B-BC12-27E94A9D8573}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{136F0BB3-7E37-41FA-BD4A-4502CB145C0D}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6B6CDB2A-D78C-493C-9A29-58E5AE31348F}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2D8ACD39-5ED9-4CE5-A9BD-0825C4551BE0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{825ABA35-BB4A-430C-9DC7-0B8F42BBD167}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{54BDB808-A02D-4E5C-A9F6-E0BC6B303832}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{D1937FF2-4364-4DBF-972F-36D0EA8DD9DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F6B8473E-2B34-408A-A3AB-2E04B01D6883}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F5AB9667-760B-41A7-8657-378838E455D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C2B17290-0B74-4A40-B926-1EF3B1D9830B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BAEA4320-CA17-418F-A4D1-6608949813BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{790FB505-E868-428E-8195-A9C61BF6CC4C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0BF20E27-FA34-4B3B-B5F9-F22033F7701F}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{D656A307-E46F-4007-A145-AA4CE5F5FF7B}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
 
==================== Restore Points =========================
 
06-12-2023 03:10:25 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/07/2023 05:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73
Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f
Exception code: 0xc0000005
Fault offset: 0x0000000000031744
Faulting process id: 0xecc
Faulting application start time: 0x01da29725353d385
Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 2cf1009b-82b4-47e4-adfc-8b15f9c2c643
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2023 02:43:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73
Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f
Exception code: 0xc0000005
Fault offset: 0x00000000000512b5
Faulting process id: 0xed4
Faulting application start time: 0x01da295e4c9a1456
Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f9105691-d24c-47ce-8edd-de8a0d3c6ea0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2023 01:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73
Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f
Exception code: 0xc0000005
Fault offset: 0x00000000000a22c7
Faulting process id: 0xf6c
Faulting application start time: 0x01da29579ce58801
Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 090e0bd2-e1bc-46e9-bbe6-81038fdb8399
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/06/2023 08:51:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73
Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f
Exception code: 0xc0000005
Fault offset: 0x00000000000a22c7
Faulting process id: 0xeec
Faulting application start time: 0x01da28c883ca1b70
Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9133452e-bcc4-4b5f-86bd-80b8515554d1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/06/2023 09:15:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73
Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f
Exception code: 0xc0000005
Fault offset: 0x00000000000a22c7
Faulting process id: 0xed0
Faulting application start time: 0x01da286749483388
Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: fe71ac9d-ed88-4a17-bd5d-0db69e6610b0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/06/2023 08:27:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3636 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 477bc
 
Start Time: 01da285c5cd9d66e
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: bea8a6f5-9936-4ad5-8a39-07d6c6351e7d
 
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ShellFeedsUI
 
Hang type: Quiesce
 
Error: (12/06/2023 03:10:12 AM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
Error: (12/06/2023 03:10:12 AM) (Source: SPP) (EventID: 16389) (User: )
Description: Writer COM+ REGDB Writer experienced retryable error during shadow copy creation. Retrying...
 
More info: .
 
 
System errors:
=============
Error: (12/07/2023 05:07:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The secureboot service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/07/2023 05:07:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (960000 milliseconds) while waiting for the secureboot service to connect.
 
Error: (12/07/2023 05:03:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The shpamsvc service terminated with the following error: 
Catastrophic failure
 
Error: (12/07/2023 05:03:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:39:50 PM on ‎12/‎7/‎2023 was unexpected.
 
Error: (12/07/2023 02:43:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The secureboot service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/07/2023 02:43:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (960000 milliseconds) while waiting for the secureboot service to connect.
 
Error: (12/07/2023 02:39:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The shpamsvc service terminated with the following error: 
Catastrophic failure
 
Error: (12/07/2023 02:39:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:31:34 PM on ‎12/‎7/‎2023 was unexpected.
 
 
Windows Defender:
================
Date: 2023-12-05 19:59:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-12-05 16:34:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2023-12-05 16:34:59
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanDownloader:Win32/Nemucod!ml
Severity: Severe
Category: Trojan Downloader
Path: containerfile:_C:\Users\karakas\AppData\Local\Opera Software\Opera Stable\Cache\f_00011b; file:_C:\Users\karakas\AppData\Local\Opera Software\Opera Stable\Cache\f_00011b->(GZip)
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.401.1717.0, AS: 1.401.1717.0, NIS: 1.401.1717.0
Engine Version: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
 
Date: 2023-12-02 15:34:52
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-12-01 15:03:00
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-08-18 22:37:37
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.511.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-08-18 22:37:37
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.511.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-08-18 22:37:37
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.511.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-08-14 10:10:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.393.2546.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-08-14 10:10:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.393.2546.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
CodeIntegrity:
===============
Date: 2023-12-07 17:19:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e43bf4f1a295d985\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-12-06 20:51:39
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e43bf4f1a295d985\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. R01-A1 11/10/2015
Motherboard: Acer Aspire TC-710
Processor: Intel® Core™ i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 78%
Total physical RAM: 8097.83 MB
Available physical RAM: 1755.49 MB
Total Virtual: 13217.83 MB
Available Virtual: 6490.49 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:590.35 GB) (Model: WDC WD10EZEX-21WN4A0) NTFS
 
\\?\Volume{3614c06c-99c1-4f1c-a29d-2de8ea94e04e}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{831f2bc5-6046-4056-abd0-dc56be36db65}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3A81C23D)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Hello.
 
Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:


1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

My first comments/instructions regarding your logs:
 
 
1. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads.
 
For now, just uninstall the old Java version Java 8 Update 371.
 
 
2. P2P program

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it now.

 

 

3. Avira SafeSearch Plus
 

Uninstall Avira SafeSearch Plus Chrome extension from all your Chrome profiles (in the logs the profiles appear as profile 5 and profile 6). To do that:

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Avira SafeSearch Plus, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

 

4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\karakas\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\karakas\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\karakas\Desktop\IEBV5 BDs (larger font) .pdf:shield [117]
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1880840183-2522925994-863313883-1001 -> {787519B8-5036-4DB3-8FDB-F9092DE448EF} URL = 
SearchScopes: HKU\S-1-5-21-1880840183-2522925994-863313883-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
Handler: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll No File
Handler: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll No File
Handler: intu-tt2018 - {c10cb859-8e11-44f1-833b-68a8e1ed7e1d} - C:\Program Files (x86)\TurboTax 2018\ic2018pp.dll No File
Handler: intu-tt2019 - {F526FF07-B913-4B56-85DC-D7014178A5B4} - C:\Program Files (x86)\TurboTax 2019\ic2019pp.dll No File
Handler: intu-tt2020 - {BA9B9DDA-C208-4938-90D6-0FAB2903CECE} - C:\Program Files (x86)\TurboTax 2020\ic2020pp.dll No File
Handler: intu-tt2021 - {B60E21DC-FB86-424A-BAA3-54B06685E3E7} - C:\Program Files (x86)\TurboTax 2021\ic2021pp.dll No File
FirewallRules: [{136F0BB3-7E37-41FA-BD4A-4502CB145C0D}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6B6CDB2A-D78C-493C-9A29-58E5AE31348F}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [Zoom] => [X]
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
Task: {AE9BD731-6303-410F-B03B-9627E90E1568} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {27366E41-74DE-4BDC-8148-F74F473917A1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [1281024 2017-09-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Extension: (Avira Browser Safety) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-01-10] [UpdateUrl:hxxps://download.avira.com/package/abs/firefox/update-webext.rdf]
FF Extension: (Avira Password Manager) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-03-19] [UpdateUrl:hxxps://s3.eu-central-1.amazonaws.com/avira-pwm-extensions/update.rdf]
FF Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-04-18] [UpdateUrl:hxxps://package.avira.com/package/safesearch/firefox/update-plus2.rdf]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
C:\WINDOWS\SysWOW64\Macromed
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. If you successfully uninstalled Java
  2. If you successfully uninstalled Avira extension from all your Chrome profiles
  3. What did you decided to do with qBitTorrent
  4. The fixlog.txt

  • 0

#6
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Thanks for your help!

 

I have:

 

1: successfully uninstalled Java

2: successfully uninstalled Avira extension from all your Chrome profiles

3: removed qbitTorrent

4: Find fixlog.txt below:

 

 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2023
Ran by karakas (08-12-2023 08:50:10) Run:1
Running from C:\Users\karakas\Desktop
Loaded Profiles: karakas
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\karakas\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\karakas\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\karakas\Desktop\IEBV5 BDs (larger font) .pdf:shield [117]
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1880840183-2522925994-863313883-1001 -> {787519B8-5036-4DB3-8FDB-F9092DE448EF} URL = 
SearchScopes: HKU\S-1-5-21-1880840183-2522925994-863313883-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
Handler: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll No File
Handler: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll No File
Handler: intu-tt2018 - {c10cb859-8e11-44f1-833b-68a8e1ed7e1d} - C:\Program Files (x86)\TurboTax 2018\ic2018pp.dll No File
Handler: intu-tt2019 - {F526FF07-B913-4B56-85DC-D7014178A5B4} - C:\Program Files (x86)\TurboTax 2019\ic2019pp.dll No File
Handler: intu-tt2020 - {BA9B9DDA-C208-4938-90D6-0FAB2903CECE} - C:\Program Files (x86)\TurboTax 2020\ic2020pp.dll No File
Handler: intu-tt2021 - {B60E21DC-FB86-424A-BAA3-54B06685E3E7} - C:\Program Files (x86)\TurboTax 2021\ic2021pp.dll No File
FirewallRules: [{136F0BB3-7E37-41FA-BD4A-4502CB145C0D}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6B6CDB2A-D78C-493C-9A29-58E5AE31348F}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [Zoom] => [X]
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
Task: {AE9BD731-6303-410F-B03B-9627E90E1568} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {27366E41-74DE-4BDC-8148-F74F473917A1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [1281024 2017-09-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Extension: (Avira Browser Safety) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-01-10] [UpdateUrl:hxxps://download.avira.com/package/abs/firefox/update-webext.rdf]
FF Extension: (Avira Password Manager) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-03-19] [UpdateUrl:hxxps://s3.eu-central-1.amazonaws.com/avira-pwm-extensions/update.rdf]
FF Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2018-04-18] [UpdateUrl:hxxps://package.avira.com/package/safesearch/firefox/update-plus2.rdf]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
C:\WINDOWS\SysWOW64\Macromed
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\ChromeHTML => removed successfully
HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully
HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\Users\karakas\Desktop\IEBV5 BDs (larger font) .pdf => ":shield" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => removed successfully
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{787519B8-5036-4DB3-8FDB-F9092DE448EF} => removed successfully
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => removed successfully
HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\intu-tt2015 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\intu-tt2016 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\intu-tt2018 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\intu-tt2019 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\intu-tt2020 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\intu-tt2021 => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{136F0BB3-7E37-41FA-BD4A-4502CB145C0D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B6CDB2A-D78C-493C-9A29-58E5AE31348F}" => removed successfully
"HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom" => removed successfully
C:\Program Files (x86)\Mozilla Firefox\distribution\policies.json => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE9BD731-6303-410F-B03B-9627E90E1568}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE9BD731-6303-410F-B03B-9627E90E1568}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27366E41-74DE-4BDC-8148-F74F473917A1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27366E41-74DE-4BDC-8148-F74F473917A1}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] => moved successfully
C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] => moved successfully
C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG" => not found
C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-10] (Avira Operations GmbH & Co. KG" => not found
"C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll" => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp => removed successfully
 
"C:\WINDOWS\SysWOW64\Macromed" folder move:
 
C:\WINDOWS\SysWOW64\Macromed => moved successfully
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 118723128 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 2908 B
Windows/system/drivers => 32803192 B
Edge => 12829651 B
Chrome => 2935656061 B
Firefox => 447065358 B
Opera => 51816639 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6664 B
systemprofile32 => 6664 B
LocalService => 6664 B
NetworkService => 2615906 B
karakas => 435785740 B
 
RecycleBin => 7623814443 B
EmptyTemp: => 10.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:02:50 ====

  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Great! 
 
Moving on!


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (scan only)

  • Open Malwarebytes you have already installed.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#8
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Exciting! 

 

Thanks again!

 

AdwCleaner txt:

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-08-2023
# Duration: 00:00:38
# OS:       Windows 10 (Build 19045.3693)
# Scanned:  32103
# Detected: 69
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.pokki                    C:\Users\Public\Pokki
PUP.Optional.AdvancedSystemCare C:\Users\karakas\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy             C:\Users\Public\Documents\Downloaded Installers
 
***** [ Files ] *****
 
PUP.Optional.Booking            C:\Users\karakas\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
PUP.Optional.Booking            C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.FakeChrome         HKLM\System\CurrentControlSet\Services\EventLog\Application\chromium
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\izito.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.izito.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\izito.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.izito.com
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy             Avira SafeSearch Plus - ipmkfpcnmccejididiaagpgchgjfajgp
PUP.Optional.Legacy             Avira SafeSearch Plus - ipmkfpcnmccejididiaagpgchgjfajgp
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.ACERAOPFramework   Folder   C:\Program Files (x86)\ACER\AOP FRAMEWORK 
Preinstalled.ACERAOPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent 
Preinstalled.ACERAOPFramework   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4A37A114-702F-4055-A4B6-16571D4A5353} 
Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B} 
Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B} 
Preinstalled.AcerCareCenter   Folder   C:\Program Files (x86)\ACER\CARE CENTER 
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{837718D0-6BCE-4E65-A298-15DA87587329}  
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{837718D0-6BCE-4E65-A298-15DA87587329}  
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9580651-3556-4C9A-9092-BF1A5BB3928C}  
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent 
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication 
Preinstalled.AcerCareCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719} 
Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCAGENT 
Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION 
Preinstalled.AcerDocsOfficeAddIn   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DCBF3379-246B-47E1-8173-639B63940838} 
Preinstalled.AcerDrive   Folder   C:\Program Files (x86)\ACER\ACER DRIVE 
Preinstalled.AcerDrive   Folder   C:\ProgramData\ACER\ACER DRIVE 
Preinstalled.AcerDrive   Folder   C:\Users\karakas\AppData\Local\ACER\ACER DRIVE 
Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5463DF05-0E05-4FD8-9957-F2C1619C03FD}  
Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B8F184-B0B2-48EE-8BBF-31D335878E08}  
Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3374CC1-4996-4843-A850-902265C1B8BC}  
Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerDriveProxyLauncher 
Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerDriveTrayLauncher 
Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerDriveUpdateChecker 
Preinstalled.AcerDrive   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5D45E67C-B04E-411F-93BB-947DAAF355D5} 
Preinstalled.AcerDrive   Task   C:\Windows\System32\Tasks\ACERDRIVEPROXYLAUNCHER 
Preinstalled.AcerDrive   Task   C:\Windows\System32\Tasks\ACERDRIVETRAYLAUNCHER 
Preinstalled.AcerDrive   Task   C:\Windows\System32\Tasks\ACERDRIVEUPDATECHECKER 
Preinstalled.AcerExplorerAgent   Folder   C:\Program Files\ACER\ACER EXPLORER AGENT 
Preinstalled.AcerExplorerAgent   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0} 
Preinstalled.AcerPortal   Folder   C:\Program Files (x86)\ACER\ACER PORTAL 
Preinstalled.AcerPortal   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AcerPortal 
Preinstalled.AcerPortal   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13} 
Preinstalled.AcerQuickAccess   Folder   C:\Program Files\ACER\ACER QUICK ACCESS 
Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16A0AA89-FBA5-4398-A3B0-DE77F5F443C9}  
Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access 
Preinstalled.AcerQuickAccess   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E3678E72-78E3-4F91-A9FB-913876FF6DA2} 
Preinstalled.AcerQuickAccess   Task   C:\Windows\System32\Tasks\QUICK ACCESS 
Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\FRAMEWORK 
Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\PLUGIN\APPMONITOR 
Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7} 
Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER 
Preinstalled.AcerabBox   Registry   HKLM\Software\Classes\CLSID\{5CCE71FA-9F61-4F24-9CD1-98D819B40D68} 
Preinstalled.AcerabDocs   Folder   C:\Program Files (x86)\ACER\ABDOCS 
Preinstalled.AcerabDocs   Folder   C:\Program Files (x86)\ACER\ABDOCS OFFICE ADDIN 
Preinstalled.AcerabDocs   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD0ADC46-47D6-4774-B015-E1BFE02DC827}  
Preinstalled.AcerabDocs   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\abDocsDllLoader 
Preinstalled.AcerabDocs   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|abDocsDllLoader 
Preinstalled.AcerabDocs   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A} 
Preinstalled.AcerabDocs   Task   C:\Windows\System32\Tasks\ABDOCSDLLLOADER 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
 
 
 
 
 
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/8/23
Scan Time: 10:29 AM
Log File: c8b33e22-95f7-11ee-9d32-08d40c635faf.json
 
-Software Information-
Version: 4.6.6.294
Components Version: 1.0.2189
Update Package Version: 1.0.78142
License: Free
 
-System Information-
OS: Windows 10 (Build 19045.3693)
CPU: x64
File System: NTFS
User: DESKTOP-8ID5J9T\karakas
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318599
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 35 min, 8 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 3
PUP.Optional.ASK, C:\USERS\KARAKAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 1658, 454822, 1.0.78142, , ame, , 1D44C9B72255EDD036C012CE7607CAEB, 98939E18BCD9425F94BCFF54D9A7C9CC74C0BB47CCAF5189322914F3B19B7BE1
PUP.Optional.ASK, C:\USERS\KARAKAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 1658, 454822, 1.0.78142, , ame, , 1D44C9B72255EDD036C012CE7607CAEB, 98939E18BCD9425F94BCFF54D9A7C9CC74C0BB47CCAF5189322914F3B19B7BE1
PUP.Optional.ASK, C:\USERS\KARAKAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 1658, 454822, 1.0.78142, , ame, , 1D44C9B72255EDD036C012CE7607CAEB, 98939E18BCD9425F94BCFF54D9A7C9CC74C0BB47CCAF5189322914F3B19B7BE1
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Hello.
 
Many things are detected. Let's clean.


1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply, please post:

  • The AdwCleaner[C0*].txt
  • The Malwarebytes report
  • Feedback: how is the computer running now? Any improvement? 

  • 0

#10
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Thanks

 

Adw:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-09-2023
# Duration: 00:00:21
# OS:       Windows 10 (Build 19045.3693)
# Cleaned:  69
# Awaiting reboot:1
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\Users\Public\Pokki
Deleted       C:\Users\karakas\AppData\Roaming\IObit\Advanced SystemCare
 
***** [ Files ] *****
 
Deleted       C:\Users\karakas\Favorites\Booking.com.url
Deleted       C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
Deleted       C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\izito.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.izito.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\izito.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.izito.com
Deleted       HKCU\Software\csastats
Deleted       HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\chromium
 
***** [ Chromium (and derivatives) ] *****
 
Deleted       Avira SafeSearch Plus - ipmkfpcnmccejididiaagpgchgjfajgp
Deleted       Avira SafeSearch Plus - ipmkfpcnmccejididiaagpgchgjfajgp
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.ACERAOPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent
Deleted       Preinstalled.ACERAOPFramework   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4A37A114-702F-4055-A4B6-16571D4A5353}
Deleted       Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted       Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted       Preinstalled.AcerCareCenter   Folder   C:\Program Files (x86)\ACER\CARE CENTER
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{837718D0-6BCE-4E65-A298-15DA87587329} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{837718D0-6BCE-4E65-A298-15DA87587329} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9580651-3556-4C9A-9092-BF1A5BB3928C} 
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Deleted       Preinstalled.AcerCareCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719}
Deleted       Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCAGENT
Deleted       Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Deleted       Preinstalled.AcerDocsOfficeAddIn   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DCBF3379-246B-47E1-8173-639B63940838}
Deleted       Preinstalled.AcerDrive   Folder   C:\Program Files (x86)\ACER\ACER DRIVE
Deleted       Preinstalled.AcerDrive   Folder   C:\ProgramData\ACER\ACER DRIVE
Deleted       Preinstalled.AcerDrive   Folder   C:\Users\karakas\AppData\Local\ACER\ACER DRIVE
Deleted       Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5463DF05-0E05-4FD8-9957-F2C1619C03FD} 
Deleted       Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B8F184-B0B2-48EE-8BBF-31D335878E08} 
Deleted       Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3374CC1-4996-4843-A850-902265C1B8BC} 
Deleted       Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerDriveProxyLauncher
Deleted       Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerDriveTrayLauncher
Deleted       Preinstalled.AcerDrive   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerDriveUpdateChecker
Deleted       Preinstalled.AcerDrive   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5D45E67C-B04E-411F-93BB-947DAAF355D5}
Deleted       Preinstalled.AcerDrive   Task   C:\Windows\System32\Tasks\ACERDRIVEPROXYLAUNCHER
Deleted       Preinstalled.AcerDrive   Task   C:\Windows\System32\Tasks\ACERDRIVETRAYLAUNCHER
Deleted       Preinstalled.AcerDrive   Task   C:\Windows\System32\Tasks\ACERDRIVEUPDATECHECKER
Deleted       Preinstalled.AcerExplorerAgent   Folder   C:\Program Files\ACER\ACER EXPLORER AGENT
Deleted       Preinstalled.AcerExplorerAgent   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}
Deleted       Preinstalled.AcerPortal   Folder   C:\Program Files (x86)\ACER\ACER PORTAL
Deleted       Preinstalled.AcerPortal   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AcerPortal
Deleted       Preinstalled.AcerPortal   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}
Deleted       Preinstalled.AcerQuickAccess   Folder   C:\Program Files\ACER\ACER QUICK ACCESS
Deleted       Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16A0AA89-FBA5-4398-A3B0-DE77F5F443C9} 
Deleted       Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Deleted       Preinstalled.AcerQuickAccess   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}
Deleted       Preinstalled.AcerQuickAccess   Task   C:\Windows\System32\Tasks\QUICK ACCESS
Deleted       Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\FRAMEWORK
Deleted       Preinstalled.AcerUEIPFramework   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM\PLUGIN\APPMONITOR
Deleted       Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Deleted       Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER
Deleted       Preinstalled.AcerabBox   Registry   HKLM\Software\Classes\CLSID\{5CCE71FA-9F61-4F24-9CD1-98D819B40D68}
Deleted       Preinstalled.AcerabDocs   Folder   C:\Program Files (x86)\ACER\ABDOCS
Deleted       Preinstalled.AcerabDocs   Folder   C:\Program Files (x86)\ACER\ABDOCS OFFICE ADDIN
Deleted       Preinstalled.AcerabDocs   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD0ADC46-47D6-4774-B015-E1BFE02DC827} 
Deleted       Preinstalled.AcerabDocs   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\abDocsDllLoader
Deleted       Preinstalled.AcerabDocs   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|abDocsDllLoader
Deleted       Preinstalled.AcerabDocs   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}
Deleted       Preinstalled.AcerabDocs   Task   C:\Windows\System32\Tasks\ABDOCSDLLLOADER
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDGAMES
Needs Reboot  Preinstalled.ACERAOPFramework   Folder   C:\Program Files (x86)\ACER\AOP FRAMEWORK
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
***** Reboot Required to Complete *****
 
 
***** [ Folders ] *****
 
Cleaning failed   C:\Program Files (x86)\ACER\AOP FRAMEWORK
 
*************************
 
AdwCleaner[S00].txt - [9483 octets] - [08/12/2023 09:53:17]
AdwCleaner[S01].txt - [9544 octets] - [09/12/2023 08:19:32]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
 
 
 
 
 
 
Malwarebytes:
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/9/23
Scan Time: 9:13 AM
Log File: 44852c4a-96b6-11ee-9997-08d40c635faf.json
 
-Software Information-
Version: 4.6.6.294
Components Version: 1.0.2189
Update Package Version: 1.0.78188
License: Free
 
-System Information-
OS: Windows 10 (Build 19045.3693)
CPU: x64
File System: NTFS
User: DESKTOP-8ID5J9T\karakas
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318576
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 40 min, 15 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 3
PUP.Optional.ASK, C:\USERS\KARAKAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 1658, 454822, 1.0.78188, , ame, , AE7D48D8D1AD6638D69F56A350120B3D, CDFFAF950B3C37A06EB59E0C02590DE4BCB0F18728C028932C90DD282D12BE33
PUP.Optional.ASK, C:\USERS\KARAKAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 1658, 454822, 1.0.78188, , ame, , AE7D48D8D1AD6638D69F56A350120B3D, CDFFAF950B3C37A06EB59E0C02590DE4BCB0F18728C028932C90DD282D12BE33
PUP.Optional.ASK, C:\USERS\KARAKAS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 1658, 454822, 1.0.78188, , ame, , AE7D48D8D1AD6638D69F56A350120B3D, CDFFAF950B3C37A06EB59E0C02590DE4BCB0F18728C028932C90DD282D12BE33
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
Feedback: I'll report back in a few hours.

  • 0

Advertisements


#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Good job!  :thumbsup:

 

Along with your feedback, I woold like to see fresh FRST logs (Addition and FRST), to ensure that everything is fine.

 

Please attach the two logs instead of copy/paste them in your next reply. 

 

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#12
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Thanks again for all your help. 
 
Seems like computer is running as before, pre-virus!

 

 

Please find files attached.

Thanks again!

Attached Files

  • Attached File  FRST.txt   36.57KB   39 downloads

Edited by daniel.karakas, 11 December 2023 - 12:56 AM.

  • 0

#13
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Here's the addition file

Attached Files


Edited by daniel.karakas, 11 December 2023 - 12:57 AM.

  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,045 posts

Hello!
 
I completely forgot to ask you to remove Adobe Flash Player 26 PPAPI, which reached its end of life since January 2021. Also, since you don't have Wondershare programs, you don't need Wondershare Helper. In the fix below these programs will get uninstalled. 
 
Question: Do you recognize Sin7 0.1 ? What is it?
 
Something else: I still can see Avira SafeSearch Plus in Profiles 5 and 6 in Chrome. 
 
To uninstall:

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Avira SafeSearch Plus, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

And finally:

 
FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} =>  -> No File
AlternateDataStreams: C:\Users\karakas\Downloads\[MP3DL.CC] Earthquake-320k.mp3:shield [182]
AlternateDataStreams: C:\Users\karakas\Downloads\[MP3DL.CC] LILA IKE DUBPLATE {King AP} @ dainjamentalz u$a 4-320k.mp3:shield [221]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll => No File
Handler: intu-tt2020 - {BA9B9DDA-C208-4938-90D6-0FAB2903CECE} - C:\Program Files (x86)\TurboTax 2020\ic2020pp.dll No File
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\MountPoints2: {6634c3aa-f170-11ec-9ed8-08d40c635faf} - "D:\WD SmartWare.exe" autoplay=true
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
Task: {6AC1DEB2-2B42-4C76-B7DB-5B7EE575E321} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe  -auto (No File)
FF Plugin: @java.com/DTPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [No File]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [No File]
S4 QASvc; "C:\Program Files\Acer\Acer Quick Access\QASvc.exe" [X]
S4 UEIPSvc; "C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe" [X]
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. A reply about Sin7
  2. If you successfully uninstalled Avira extensions
  3. The fixlog.txt

  • 0

#15
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Hi, thanks for your attention to detail!

 

  1. I searched Chrome extensions but cannot find Avira SafeSearch Plus. The only extension that is shown is Google Docs Offline.
  2. I do not recognize Sin7 0.1 and have removed it.
  3. Removed Adobe Flash Player 26 PPAPI and Wondershare Helper.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-12-2023
Ran by karakas (11-12-2023 09:58:12) Run:2
Running from C:\Users\karakas\Desktop
Loaded Profiles: karakas
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} =>  -> No File
AlternateDataStreams: C:\Users\karakas\Downloads\[MP3DL.CC] Earthquake-320k.mp3:shield [182]
AlternateDataStreams: C:\Users\karakas\Downloads\[MP3DL.CC] LILA IKE DUBPLATE {King AP} @ dainjamentalz u$a 4-320k.mp3:shield [221]
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll => No File
Handler: intu-tt2020 - {BA9B9DDA-C208-4938-90D6-0FAB2903CECE} - C:\Program Files (x86)\TurboTax 2020\ic2020pp.dll No File
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\MountPoints2: {6634c3aa-f170-11ec-9ed8-08d40c635faf} - "D:\WD SmartWare.exe" autoplay=true
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
Task: {6AC1DEB2-2B42-4C76-B7DB-5B7EE575E321} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe  -auto (No File)
FF Plugin: @java.com/DTPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [No File]
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [No File]
S4 QASvc; "C:\Program Files\Acer\Acer Quick Access\QASvc.exe" [X]
S4 UEIPSvc; "C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe" [X]
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSynced => removed successfully
C:\Users\karakas\Downloads\[MP3DL.CC] Earthquake-320k.mp3 => ":shield" ADS removed successfully
C:\Users\karakas\Downloads\[MP3DL.CC] LILA IKE DUBPLATE {King AP} @ dainjamentalz u$a 4-320k.mp3 => ":shield" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\intu-tt2020 => not found
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6634c3aa-f170-11ec-9ed8-08d40c635faf} => removed successfully
C:\Program Files (x86)\Mozilla Firefox\distribution\policies.json => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6AC1DEB2-2B42-4C76-B7DB-5B7EE575E321}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AC1DEB2-2B42-4C76-B7DB-5B7EE575E321}" => removed successfully
C:\WINDOWS\System32\Tasks\ACC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACC" => removed successfully
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.371.2 => removed successfully
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.371.2 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@scout.avira-update.com/Avira Scout Update;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@scout.avira-update.com/Avira Scout Update;version=9 => removed successfully
HKLM\System\CurrentControlSet\Services\QASvc => removed successfully
QASvc => service removed successfully
HKLM\System\CurrentControlSet\Services\UEIPSvc => removed successfully
UEIPSvc => service removed successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1 => not found
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.3636
 
Image Version: 10.0.19045.3693
 
 
[==                         3.8%                           ] 
 
[==                         3.8%                           ] 
 
[==                         3.9%                           ] 
 
[==                         4.0%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.4%                           ] 
 
[==                         4.5%                           ] 
 
[==                         4.7%                           ] 
 
[==                         4.8%                           ] 
 
[==                         4.9%                           ] 
 
[==                         5.0%                           ] 
 
[==                         5.0%                           ] 
 
[==                         5.1%                           ] 
 
[==                         5.1%                           ] 
 
[===                        5.2%                           ] 
 
[===                        5.3%                           ] 
 
[===                        5.3%                           ] 
 
[===                        5.4%                           ] 
 
[===                        5.4%                           ] 
 
[===                        5.5%                           ] 
 
[===                        5.7%                           ] 
 
[===                        5.7%                           ] 
 
[===                        5.8%                           ] 
 
[===                        5.9%                           ] 
 
[===                        6.0%                           ] 
 
[===                        6.2%                           ] 
 
[===                        6.3%                           ] 
 
[===                        6.4%                           ] 
 
[===                        6.4%                           ] 
 
[===                        6.5%                           ] 
 
[===                        6.6%                           ] 
 
[===                        6.6%                           ] 
 
[===                        6.7%                           ] 
 
[===                        6.8%                           ] 
 
[===                        6.9%                           ] 
 
[====                       6.9%                           ] 
 
[====                       7.1%                           ] 
 
[====                       7.2%                           ] 
 
[====                       7.3%                           ] 
 
[====                       7.5%                           ] 
 
[====                       7.5%                           ] 
 
[====                       7.7%                           ] 
 
[====                       7.8%                           ] 
 
[====                       8.0%                           ] 
 
[====                       8.1%                           ] 
 
[====                       8.2%                           ] 
 
[====                       8.5%                           ] 
 
[====                       8.5%                           ] 
 
[=====                      8.7%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      8.9%                           ] 
 
[=====                      9.0%                           ] 
 
[=====                      9.1%                           ] 
 
[=====                      9.1%                           ] 
 
[=====                      9.2%                           ] 
 
[=====                      9.2%                           ] 
 
[=====                      9.2%                           ] 
 
[=====                      9.3%                           ] 
 
[=====                      9.4%                           ] 
 
[=====                      9.5%                           ] 
 
[=====                      9.7%                           ] 
 
[=====                      9.8%                           ] 
 
[=====                      9.9%                           ] 
 
[=====                      10.0%                          ] 
 
[=====                      10.0%                          ] 
 
[=====                      10.2%                          ] 
 
[=====                      10.3%                          ] 
 
[======                     10.4%                          ] 
 
[======                     10.5%                          ] 
 
[======                     10.6%                          ] 
 
[======                     10.6%                          ] 
 
[======                     10.9%                          ] 
 
[======                     11.0%                          ] 
 
[======                     11.2%                          ] 
 
[======                     11.3%                          ] 
 
[======                     11.5%                          ] 
 
[======                     11.5%                          ] 
 
[======                     11.7%                          ] 
 
[======                     11.9%                          ] 
 
[======                     12.0%                          ] 
 
[=======                    12.2%                          ] 
 
[=======                    12.4%                          ] 
 
[=======                    12.5%                          ] 
 
[=======                    12.7%                          ] 
 
[=======                    12.8%                          ] 
 
[=======                    12.9%                          ] 
 
[=======                    13.1%                          ] 
 
[=======                    13.1%                          ] 
 
[=======                    13.2%                          ] 
 
[=======                    13.3%                          ] 
 
[=======                    13.4%                          ] 
 
[=======                    13.6%                          ] 
 
[=======                    13.7%                          ] 
 
[=======                    13.7%                          ] 
 
[========                   13.9%                          ] 
 
[========                   14.0%                          ] 
 
[========                   14.2%                          ] 
 
[========                   14.4%                          ] 
 
[========                   14.4%                          ] 
 
[========                   14.5%                          ] 
 
[========                   14.6%                          ] 
 
[========                   14.7%                          ] 
 
[========                   14.9%                          ] 
 
[========                   15.0%                          ] 
 
[========                   15.2%                          ] 
 
[========                   15.4%                          ] 
 
[========                   15.5%                          ] 
 
[=========                  15.6%                          ] 
 
[=========                  15.8%                          ] 
 
[=========                  15.9%                          ] 
 
[=========                  16.1%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  16.6%                          ] 
 
[=========                  16.7%                          ] 
 
[=========                  16.8%                          ] 
 
[=========                  16.9%                          ] 
 
[=========                  17.1%                          ] 
 
[=========                  17.2%                          ] 
 
[==========                 17.4%                          ] 
 
[==========                 17.4%                          ] 
 
[==========                 17.5%                          ] 
 
[==========                 17.6%                          ] 
 
[==========                 17.7%                          ] 
 
[==========                 17.9%                          ] 
 
[==========                 18.1%                          ] 
 
[==========                 18.3%                          ] 
 
[==========                 18.3%                          ] 
 
[==========                 18.5%                          ] 
 
[==========                 18.5%                          ] 
 
[==========                 18.7%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.0%                          ] 
 
[===========                19.1%                          ] 
 
[===========                19.3%                          ] 
 
[===========                19.4%                          ] 
 
[===========                19.6%                          ] 
 
[===========                19.8%                          ] 
 
[===========                19.8%                          ] 
 
[===========                19.8%                          ] 
 
[===========                20.0%                          ] 
 
[===========                20.2%                          ] 
 
[===========                20.3%                          ] 
 
[===========                20.5%                          ] 
 
[===========                20.6%                          ] 
 
[============               20.8%                          ] 
 
[============               21.1%                          ] 
 
[============               21.1%                          ] 
 
[============               21.1%                          ] 
 
[============               21.1%                          ] 
 
[============               21.2%                          ] 
 
[============               21.2%                          ] 
 
[============               21.4%                          ] 
 
[============               21.5%                          ] 
 
[============               21.7%                          ] 
 
[============               21.7%                          ] 
 
[============               21.9%                          ] 
 
[============               22.0%                          ] 
 
[============               22.2%                          ] 
 
[============               22.2%                          ] 
 
[=============              22.4%                          ] 
 
[=============              22.6%                          ] 
 
[=============              22.7%                          ] 
 
[=============              22.7%                          ] 
 
[=============              22.8%                          ] 
 
[=============              22.8%                          ] 
 
[=============              22.8%                          ] 
 
[=============              22.9%                          ] 
 
[=============              22.9%                          ] 
 
[=============              22.9%                          ] 
 
[=============              22.9%                          ] 
 
[=============              23.1%                          ] 
 
[=============              23.2%                          ] 
 
[=============              23.4%                          ] 
 
[=============              23.5%                          ] 
 
[=============              23.5%                          ] 
 
[=============              23.7%                          ] 
 
[=============              23.9%                          ] 
 
[==============             24.3%                          ] 
 
[==============             25.1%                          ] 
 
[==============             25.4%                          ] 
 
[==============             25.5%                          ] 
 
[==============             25.7%                          ] 
 
[==============             25.8%                          ] 
 
[===============            25.9%                          ] 
 
[===============            26.0%                          ] 
 
[===============            26.0%                          ] 
 
[===============            26.3%                          ] 
 
[===============            26.3%                          ] 
 
[===============            26.5%                          ] 
 
[===============            26.7%                          ] 
 
[===============            26.8%                          ] 
 
[===============            27.1%                          ] 
 
[===============            27.3%                          ] 
 
[================           27.6%                          ] 
 
[================           27.8%                          ] 
 
[================           28.2%                          ] 
 
[================           28.5%                          ] 
 
[================           28.8%                          ] 
 
[================           29.1%                          ] 
 
[================           29.2%                          ] 
 
[================           29.3%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.7%                          ] 
 
[=================          29.8%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.1%                          ] 
 
[=================          30.4%                          ] 
 
[=================          30.5%                          ] 
 
[=================          30.7%                          ] 
 
[=================          30.8%                          ] 
 
[=================          30.9%                          ] 
 
[=================          30.9%                          ] 
 
[=================          30.9%                          ] 
 
[=================          30.9%                          ] 
 
[=================          31.0%                          ] 
 
[=================          31.0%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.3%                          ] 
 
[==================         31.4%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.7%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.9%                          ] 
 
[==================         32.1%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.4%                          ] 
 
[==================         32.5%                          ] 
 
[==================         32.7%                          ] 
 
[===================        32.9%                          ] 
 
[===================        33.0%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.2%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.5%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.8%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.2%                          ] 
 
[===================        34.4%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.0%                          ] 
 
[====================       35.1%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.4%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.6%                          ] 
 
[====================       35.8%                          ] 
 
[====================       36.1%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.6%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.2%                          ] 
 
[=====================      37.3%                          ] 
 
[=====================      37.4%                          ] 
 
[=====================      37.5%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.8%                          ] 
 
[=====================      37.9%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.2%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.5%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.8%                          ] 
 
[======================     38.8%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.4%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.6%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.4%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.6%                          ] 
 
[=======================    40.6%                          ] 
 
[=======================    40.7%                          ] 
 
[=======================    40.9%                          ] 
 
[=======================    41.0%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.4%                          ] 
 
[========================   41.4%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.8%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.6%                          ] 
 
[========================   42.7%                          ] 
 
[========================   42.7%                          ] 
 
[========================   42.8%                          ] 
 
[========================   42.8%                          ] 
 
[========================   42.8%                          ] 
 
[========================   42.8%                          ] 
 
[========================   42.8%                          ] 
 
[========================   42.9%                          ] 
 
[========================   42.9%                          ] 
 
[========================   42.9%                          ] 
 
[========================   43.0%                          ] 
 
[========================   43.0%                          ] 
 
[========================   43.1%                          ] 
 
[========================   43.1%                          ] 
 
[========================   43.1%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.3%                          ] 
 
[=========================  43.4%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.6%                          ] 
 
[=========================  43.6%                          ] 
 
[=========================  43.7%                          ] 
 
[=========================  43.7%                          ] 
 
[=========================  43.7%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  43.9%                          ] 
 
[=========================  44.0%                          ] 
 
[=========================  44.1%                          ] 
 
[=========================  44.1%                          ] 
 
[=========================  44.1%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.3%                          ] 
 
[=========================  44.4%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.6%                          ] 
 
[=========================  44.6%                          ] 
 
[=========================  44.6%                          ] 
 
[=========================  44.7%                          ] 
 
[=========================  44.7%                          ] 
 
[=========================  44.7%                          ] 
 
[=========================  44.8%                          ] 
 
[=========================  44.8%                          ] 
 
[=========================  44.8%                          ] 
 
[=========================  44.8%                          ] 
 
[========================== 44.8%                          ] 
 
[========================== 44.9%                          ] 
 
[========================== 44.9%                          ] 
 
[========================== 45.0%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.2%                          ] 
 
[========================== 45.2%                          ] 
 
[========================== 45.3%                          ] 
 
[========================== 45.3%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.5%                          ] 
 
[========================== 45.5%                          ] 
 
[========================== 45.6%                          ] 
 
[========================== 45.6%                          ] 
 
[========================== 45.7%                          ] 
 
[========================== 45.7%                          ] 
 
[========================== 45.8%                          ] 
 
[========================== 45.9%                          ] 
 
[========================== 45.9%                          ] 
 
[========================== 46.0%                          ] 
 
[========================== 46.0%                          ] 
 
[========================== 46.1%                          ] 
 
[========================== 46.2%                          ] 
 
[========================== 46.2%                          ] 
 
[========================== 46.3%                          ] 
 
[========================== 46.3%                          ] 
 
[========================== 46.3%                          ] 
 
[========================== 46.4%                          ] 
 
[========================== 46.5%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.7%                          ] 
 
[===========================46.7%                          ] 
 
[===========================46.8%                          ] 
 
[===========================46.8%                          ] 
 
[===========================46.9%                          ] 
 
[===========================46.9%                          ] 
 
[===========================47.0%                          ] 
 
[===========================47.0%                          ] 
 
[===========================47.1%                          ] 
 
[===========================47.2%                          ] 
 
[===========================47.2%                          ] 
 
[===========================47.3%                          ] 
 
[===========================47.4%                          ] 
 
[===========================47.4%                          ] 
 
[===========================47.5%                          ] 
 
[===========================47.5%                          ] 
 
[===========================47.5%                          ] 
 
[===========================47.5%                          ] 
 
[===========================47.6%                          ] 
 
[===========================47.7%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.9%                          ] 
 
[===========================47.9%                          ] 
 
[===========================47.9%                          ] 
 
[===========================48.0%                          ] 
 
[===========================48.0%                          ] 
 
[===========================48.1%                          ] 
 
[===========================48.2%                          ] 
 
[===========================48.2%                          ] 
 
[===========================48.2%                          ] 
 
[===========================48.3%                          ] 
 
[===========================48.4%                          ] 
 
[===========================48.4%                          ] 
 
[===========================48.5%                          ] 
 
[===========================48.5%                          ] 
 
[===========================48.6%                          ] 
 
[===========================48.6%                          ] 
 
[===========================48.6%                          ] 
 
[===========================48.7%                          ] 
 
[===========================48.7%                          ] 
 
[===========================48.8%                          ] 
 
[===========================48.8%                          ] 
 
[===========================48.9%                          ] 
 
[===========================49.0%                          ] 
 
[===========================49.1%                          ] 
 
[===========================49.1%                          ] 
 
[===========================49.1%                          ] 
 
[===========================49.3%                          ] 
 
[===========================49.3%                          ] 
 
[===========================49.3%                          ] 
 
[===========================49.4%                          ] 
 
[===========================49.4%                          ] 
 
[===========================49.5%                          ] 
 
[===========================49.6%                          ] 
 
[===========================49.7%                          ] 
 
[===========================49.7%                          ] 
 
[===========================49.7%                          ] 
 
[===========================49.8%                          ] 
 
[===========================49.9%                          ] 
 
[===========================50.0%                          ] 
 
[===========================50.0%                          ] 
 
[===========================50.2%                          ] 
 
[===========================50.3%                          ] 
 
[===========================50.3%                          ] 
 
[===========================50.5%                          ] 
 
[===========================50.6%                          ] 
 
[===========================50.9%                          ] 
 
[===========================51.1%                          ] 
 
[===========================51.4%                          ] 
 
[===========================51.6%                          ] 
 
[===========================51.8%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.8%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.2%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.6%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.8%=                         ] 
 
[===========================57.8%=                         ] 
 
[===========================57.8%=                         ] 
 
[===========================57.9%=                         ] 
 
[===========================57.9%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.3%=                         ] 
 
[===========================58.3%=                         ] 
 
[===========================58.4%=                         ] 
 
[===========================59.2%==                        ] 
 
[===========================59.6%==                        ] 
 
[===========================59.7%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================60.2%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14745048 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 12779939 B
Edge => 0 B
Chrome => 626675968 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3510 B
karakas => 21161626 B
 
RecycleBin => 84947 B
EmptyTemp: => 644.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:49:00 ====

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP