Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Supper slow computer windows 10 virus [Solved]

Started by daniel.karakas , Dec 05 2023 03:31 PM
virus windows 10 slow

  • This topic is locked This topic is locked

#16
DR M
Posted 11 December 2023 - 01:34 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

See below. It seems that you have these Chrome profiles, aside from the Default one.

 

CHR Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2022-02-13]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2022-03-11]
 

Everything else looks fine. 


  • 0

Advertisements

#17
DR M
Posted 11 December 2023 - 01:36 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

See here how to switch profiles in Chrome: Use Chrome with multiple profiles - Computer - Google Chrome Help


  • 0

#18
daniel.karakas
Posted 11 December 2023 - 02:34 PM

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

I have checked out the multiple profiles only have three listed. Could not see profile 5 or 6 or any instances of Avira SafeSearch Plus. 

 

Anyways all seems good again, thanks to your help.

 

Thanks again Dr. M appreciate you!


  • 0

#19
DR M
Posted 11 December 2023 - 02:38 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Perhaps the names of the profiles are different from Profile 5 or 6. The thing is to look in every profile of these 3 profiles you have, and find Avira. Not a big deal, but you don't really need it there. 

 

 

 

Thanks again Dr. M appreciate you!

 

You are welcome!


  • 0

#20
DR M
Posted 12 December 2023 - 01:57 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

In case no other issues/questions/concerns...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.


  • 0

#21
daniel.karakas
Posted 12 December 2023 - 09:52 PM

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Hi again.

 

I’m starting to notice slowdowns again: slow loading on Chrome pages and when switching from Chrome to other programs like MS Word; getting some black pages in Chrome, or white and (Google Chrome not responding); slow in MS Word like saving and stuff, just slow all around at times and then goes back to normal.

 

It works ok for a few minutes, then it is all slow like this for a while. 

 

Thanks


Edited by daniel.karakas, 12 December 2023 - 10:23 PM.

  • 0

#22
DR M
Posted 13 December 2023 - 01:50 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

I would like to see fresh FRST, please, Addition and FRST.


  • 0

#23
daniel.karakas
Posted 13 December 2023 - 12:21 PM

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Thanks!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2023
Ran by karakas (administrator) on DESKTOP-8ID5J9T (Acer Aspire TC-710) (13-12-2023 09:27:13)
Running from C:\Users\karakas\Desktop\FRST64.exe
Loaded Profiles: karakas
Platform: Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\Audacity\Audacity.exe ->) (Musecy SM Ltd. -> ) C:\Program Files\Audacity\crashpad_handler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(explorer.exe ->) (Musecy SM Ltd. -> Audacity Team) C:\Program Files\Audacity\Audacity.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\OEM\Preload\FubTracking\FubTracking.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2017-03-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [738936 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [MicrosoftEdgeAutoLaunch_8B6B36A51FDD9942B0BDEE33C0F85C3E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788736 2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\karakas\AppData\Local\Microsoft\Teams\Update.exe [2588520 2023-09-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\Policies\Explorer: [DisallowCpl] 1
HKLM\...\Windows x64\Print Processors\BJ Print Processor3: C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL [83968 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor3_2: C:\WINDOWS\system32\CNBLM3_2.DLL [211456 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON Stylus Photo RX580 Series 64MonitorBA: C:\WINDOWS\system32\E_ILMBPA.DLL [108032 2007-12-07] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.71\Installer\chrmstp.exe [2023-12-07] (Google LLC -> Google LLC)
Startup: C:\Users\karakas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2023-05-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {39D48088-4082-41BA-B7C5-30B6D3BC5A29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {E7BD4E4F-A6E1-4CCE-92E9-01108211C9A9} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65824 2017-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {FA2B11B5-3F7A-4888-84E6-60623353EB5B} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [30976 2015-05-13] (Acer Incorporated -> )
Task: {7DD2F012-EB25-407E-B920-B80907B89D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-09] (Google LLC -> Google LLC)
Task: {91B66BFE-20BF-4292-8902-4AC1791B90D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-09] (Google LLC -> Google LLC)
Task: {E263E803-D6BF-4EAC-BA46-EFAF47E734BA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E8ED8ED-2A57-463C-BEA6-5EC419B72116} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AB02B0AC-B1A3-4D05-9771-174FE81A803E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {185BEA04-0EB9-443B-A31B-6698E1F1EBF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {84D23F7D-4239-4982-A34F-0396F76391F0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
Task: {0414E387-E2BF-47C2-A4F0-4802B32C0539} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {CF89C499-6DD1-4ABC-A8D4-C5A07BB4D41E} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-10] (Acer Incorporated -> Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{26ee6f90-3278-42b1-9877-54b81bdb78da}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{486657a2-4b8f-46dc-ba15-ddc9d9f2b981}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a26cefaa-f6ff-448f-9018-4ef6bcfb773d}: [DhcpNameServer] 45.44.103.26 45.44.103.27
Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 103.86.96.100,103.86.99.100
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-08]
Edge Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-04]
Edge Extension: (Edge relevant text changes) - C:\Users\karakas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-30]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: 1wh4cpt7.default
FF ProfilePath: C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default [2023-12-11]
FF Homepage: Mozilla\Firefox\Profiles\1wh4cpt7.default -> www.google.com
FF Extension: (Dashlane) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2021-05-24] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (English (US) Language Pack) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\Extensions\[email protected] [2021-05-24]
FF Extension: (Acer Locale Fix) - C:\Users\karakas\AppData\Roaming\Mozilla\Firefox\Profiles\1wh4cpt7.default\features\{9917c7b2-023d-4dcd-b634-a2a6730e6935}\[email protected] [2018-05-08] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected] [2021-05-24] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-11-14] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default [2023-12-13]
CHR DownloadDir: C:\Users\karakas\Downloads
CHR Notifications: Default -> hxxps://teams.microsoft.com
CHR Extension: (Google Docs Offline) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-12-11]
CHR Profile: C:\Users\karakas\AppData\Local\Google\Chrome\User Data\System Profile [2023-12-11]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10]
CHR HKU\S-1-5-21-1880840183-2522925994-863313883-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fjoaledfpmneenckfbpdfhkmimnjocfa]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\karakas\AppData\Roaming\Opera Software\Opera Stable [2023-12-08]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
S4 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2122432 2022-12-13] (GameHouse Europe B.V. -> GameHouse)
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Incorporated -> Foxit Software Inc.)
S4 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
S4 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.3.241\IsAppService.exe [495240 2018-07-26] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-11-09] (Malwarebytes Inc. -> Malwarebytes)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [320088 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
S2 secureboot; C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe [699259556 2023-11-16] () [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222800 2023-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl552d9162; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56AD06B4-6258-4688-A341-3D336D622845}\MpKslDrv.sys [263560 2023-12-12] (Microsoft Windows -> Microsoft Corporation)
S3 mshield; C:\WINDOWS\System32\DRIVERS\mshield.sys [43112 2023-11-13] (nordvpn s.a. -> Nordvpn S.A.)
R2 NDivert; C:\Program Files\NordVPN\7.15.6.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-02-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-13 09:27 - 2023-12-13 09:37 - 000020596 _____ C:\Users\karakas\Desktop\FRST.txt
2023-12-13 09:16 - 2023-12-13 09:44 - 000000000 ____D C:\Users\karakas\Desktop\Dec13
2023-12-13 09:09 - 2023-12-13 09:09 - 000000000 ___HD C:\$WinREAgent
2023-12-11 12:10 - 2023-12-11 12:10 - 000000000 ____D C:\Users\karakas\AppData\Local\MediaHuman
2023-12-11 12:09 - 2023-12-11 12:09 - 000001138 _____ C:\Users\karakas\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2023-12-11 12:09 - 2023-12-11 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2023-12-11 12:08 - 2023-12-11 12:08 - 000000000 ____D C:\Program Files\MediaHuman
2023-12-11 11:48 - 2023-12-11 11:52 - 000000000 ____D C:\Users\karakas\AppData\Roaming\youtube-dl-gui
2023-12-11 11:48 - 2023-12-11 11:48 - 000000000 ____D C:\Users\karakas\AppData\Local\youtube-dl-gui-updater
2023-12-11 11:22 - 2023-12-11 19:17 - 000000000 ____D C:\Users\karakas\Desktop\MP3 downloads
2023-12-11 11:22 - 2023-12-11 11:22 - 000000753 _____ C:\Users\karakas\Videos - Shortcut.lnk
2023-12-11 11:19 - 2023-12-11 11:26 - 000000000 ____D C:\Users\karakas\AppData\Roaming\youtube-dlg
2023-12-10 11:34 - 2023-12-10 11:35 - 000000000 ____D C:\Users\karakas\Desktop\FRST
2023-12-08 09:52 - 2023-12-09 08:32 - 000000000 ____D C:\AdwCleaner
2023-12-08 09:51 - 2023-12-08 09:51 - 008791352 _____ (Malwarebytes) C:\Users\karakas\Desktop\AdwCleaner.exe
2023-12-07 17:41 - 2023-12-13 09:25 - 002386432 _____ (Farbar) C:\Users\karakas\Desktop\FRST64.exe
2023-12-07 17:41 - 2023-12-13 09:25 - 000000000 ____D C:\Users\karakas\Desktop\FRST-OlderVersion
2023-12-06 22:23 - 2023-12-06 22:23 - 000299543 _____ C:\Users\karakas\Desktop\bookmarks_12_6_23.html
2023-12-06 22:09 - 2023-12-06 22:10 - 000000000 ____D C:\Users\karakas\Desktop\Music Cabinet
2023-12-06 20:07 - 2023-12-06 20:07 - 000000000 ____D C:\Users\karakas\Desktop\Docs2023
2023-12-06 20:00 - 2023-12-11 11:01 - 000000000 ____D C:\Users\karakas\Desktop\Travel Places
2023-12-06 09:50 - 2023-12-06 18:19 - 000000000 ____D C:\Users\karakas\Desktop\DEC06
2023-12-05 11:15 - 2023-12-05 21:13 - 000011982 ____H C:\Users\karakas\Desktop\~WRL0772.tmp
2023-12-02 16:39 - 2023-12-02 16:49 - 001497468 _____ C:\WINDOWS\Minidump\120223-55562-01.dmp
2023-12-01 09:43 - 2023-12-01 09:45 - 000000000 ____D C:\Program Files\Guilty Pleasure
2023-11-30 23:33 - 2023-11-13 15:12 - 000043112 _____ (Nordvpn S.A.) C:\WINDOWS\system32\Drivers\mshield.sys
2023-11-29 09:24 - 2023-11-29 09:24 - 000000165 ____H C:\Users\karakas\Downloads\~$RPG0046053.xlsx
2023-11-17 08:59 - 2023-11-17 08:59 - 000000165 ____H C:\Users\karakas\Downloads\~$RPG0045847.xlsx
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-13 09:53 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-13 09:52 - 2016-04-20 06:51 - 000000000 ____D C:\Users\karakas\AppData\Roaming\Microsoft\Word
2023-12-13 09:48 - 2016-05-18 23:57 - 000000000 ____D C:\Users\karakas\AppData\Local\CrashDumps
2023-12-13 09:46 - 2022-08-11 16:10 - 000000000 ____D C:\Users\karakas\AppData\Roaming\audacity
2023-12-13 09:31 - 2018-07-21 10:00 - 000000000 ____D C:\FRST
2023-12-13 09:21 - 2021-12-15 00:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-13 09:21 - 2016-04-16 16:58 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-13 09:16 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-13 08:58 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-13 08:44 - 2023-02-09 11:03 - 000000000 ____D C:\Program Files\NordVPN
2023-12-13 08:41 - 2023-05-07 03:17 - 000000000 ____D C:\Users\karakas\AppData\Local\Malwarebytes
2023-12-12 20:37 - 2019-08-28 18:06 - 000000000 ____D C:\Users\karakas\Desktop\Master Marks
2023-12-12 19:11 - 2021-01-31 23:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-11 19:07 - 2021-01-31 23:58 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-11 19:07 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-11 19:01 - 2021-02-01 00:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-11 19:01 - 2021-01-31 23:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-11 19:00 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-12-11 12:10 - 2021-01-31 23:46 - 000000000 ____D C:\Users\karakas
2023-12-11 11:44 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-11 11:06 - 2020-10-07 13:54 - 000000000 ____D C:\Users\karakas\Desktop\new downloads
2023-12-09 17:58 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-12-09 15:31 - 2021-05-31 12:38 - 000000000 ____D C:\Users\karakas\AppData\LocalLow\IGDump
2023-12-09 08:33 - 2016-04-16 13:37 - 000000000 ____D C:\Users\karakas\AppData\Local\Acer
2023-12-09 08:33 - 2015-09-07 19:58 - 000000000 ____D C:\Program Files\Acer
2023-12-09 08:33 - 2015-09-07 19:52 - 000000000 ____D C:\ProgramData\Acer
2023-12-09 08:33 - 2015-09-07 19:52 - 000000000 ____D C:\Program Files (x86)\Acer
2023-12-09 08:32 - 2017-12-04 14:03 - 000000000 ____D C:\Users\karakas\AppData\Roaming\IObit
2023-12-09 07:59 - 2021-05-20 17:47 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-08 09:01 - 2016-11-15 19:00 - 000000000 ____D C:\Users\karakas\AppData\LocalLow\Temp
2023-12-07 14:28 - 2021-08-18 20:23 - 000000000 ____D C:\Users\karakas\Desktop\SE Work
2023-12-07 14:22 - 2021-11-09 14:43 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-12-06 23:13 - 2020-05-29 14:49 - 000000000 ____D C:\Users\karakas\Desktop\Jessica
2023-12-06 20:59 - 2018-02-28 20:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-12-06 20:12 - 2017-03-22 13:45 - 000000000 ___RD C:\Users\karakas\Desktop\File Cabinet
2023-12-06 19:36 - 2017-03-22 13:51 - 000000000 ____D C:\Users\karakas\Desktop\Photos Destop Transfer Oct 2022
2023-12-06 15:15 - 2021-11-09 14:41 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-06 15:15 - 2021-11-09 14:41 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-05 11:55 - 2016-06-20 09:02 - 000000000 ____D C:\Users\karakas\Desktop\downloaded
2023-12-02 16:49 - 2022-02-26 15:14 - 000000000 ____D C:\WINDOWS\Minidump
2023-12-02 16:47 - 2019-02-25 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paw Patrol On A Roll
2023-12-02 16:39 - 2019-12-31 06:51 - 1471840439 _____ C:\WINDOWS\MEMORY.DMP
2023-12-02 16:34 - 2016-08-07 15:07 - 000000000 ____D C:\Program Files (x86)\epson
2023-12-02 07:45 - 2017-01-14 06:13 - 000000000 ____D C:\Users\karakas\AppData\Roaming\Microsoft\Excel
2023-12-01 11:10 - 2017-12-03 11:19 - 000000000 ____D C:\Users\karakas\AppData\Local\Packages
2023-12-01 09:46 - 2017-02-04 04:40 - 000000000 ____D C:\Users\karakas\AppData\Roaming\RenPy
2023-11-30 23:36 - 2023-02-09 11:03 - 000000000 ____D C:\Users\karakas\AppData\Local\NordVPN
2023-11-18 16:06 - 2021-12-10 19:40 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1880840183-2522925994-863313883-1001
2023-11-18 16:06 - 2021-02-01 00:08 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1880840183-2522925994-863313883-1001
2023-11-18 16:06 - 2021-01-31 23:46 - 000002389 _____ C:\Users\karakas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-15 02:16 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-15 01:57 - 2021-01-31 23:40 - 000463376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-15 01:50 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-15 01:49 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-15 01:49 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-15 01:49 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-15 01:49 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-15 01:06 - 2019-12-07 01:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-11-15 01:06 - 2019-12-07 01:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-11-15 01:06 - 2019-12-07 01:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-11-15 00:22 - 2021-01-31 23:44 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-14 23:20 - 2016-04-16 17:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-14 23:14 - 2016-04-16 17:17 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 01:20 - 2021-02-01 00:08 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-11-14 01:19 - 2023-08-22 11:25 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
 
==================== Files in the root of some directories ========
 
2017-03-06 23:04 - 2018-12-08 15:36 - 000000770 _____ () C:\Users\karakas\AppData\Roaming\Rim.Desktop.Exception.log
2017-03-06 23:03 - 2019-05-13 15:31 - 000001937 _____ () C:\Users\karakas\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-03-06 23:04 - 2018-12-08 15:36 - 000000770 _____ () C:\Users\karakas\AppData\Roaming\Rim.DesktopHelper.Exception.log
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2023
Ran by karakas (13-12-2023 09:58:22)
Running from C:\Users\karakas\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2021-02-01 08:09:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1880840183-2522925994-863313883-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1880840183-2522925994-863313883-503 - Limited - Disabled)
Guest (S-1-5-21-1880840183-2522925994-863313883-501 - Limited - Disabled)
karakas (S-1-5-21-1880840183-2522925994-863313883-1001 - Administrator - Enabled) => C:\Users\karakas
WDAGUtilityAccount (S-1-5-21-1880840183-2522925994-863313883-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K YouTube to MP3 3.7 (HKLM\...\{921BEBDC-5874-4DEF-9A5F-CB2D03991FD6}) (Version: 3.7.2.2902 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Foxit PhantomPDF Business (HKLM-x32\...\{CAAA99A8-AB12-11E6-AA93-000C29FC3B44}) (Version: 8.1.1.1115 - Foxit Software Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.65 - GameHouse)
GenuTax Standard (HKLM-x32\...\{238715a6-57bf-488b-af18-c5247f885931}) (Version: 1.79 - GenuSource Consulting Inc) Hidden
GenuTax Standard (HKLM-x32\...\{2FB6BA60-4F55-486F-B7B9-AF0283344B85}) (Version: 1.79 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.71 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.32.7 - Google Inc.) Hidden
Instagiffer version 1.62 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.62 - Justin Todd)
Intel® Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{3C6C11C6-E094-4548-B032-73B4E4D0DEF7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{9E80CC7F-966F-4282-BE0A-36B5BA5F19B1}) (Version: 11.0.0.1177 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{1377B2D9-D825-441C-A775-318D25DA3F18}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{B66F70B4-34E5-429A-9F55-7129E0833A45}) (Version: 14.8.0.1042 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E6F800A9-64D3-4E93-8E8E-AB53E21D4840}) (Version: 20.50.0.1450 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.6.4 - PandoraTV)
Malwarebytes version 4.6.6.294 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.6.294 - Malwarebytes)
MediaHuman YouTube to MP3 Converter 3.9.9.87 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.87 - MediaHuman)
Microsoft Azure Information Protection (HKLM-x32\...\{21b41fcc-93c0-498f-a284-659d275b4076}) (Version: 1.54.59.0 - Microsoft Corporation)
Microsoft Azure Information Protection (HKLM-x32\...\{7FA8B359-E9D7-4037-8DE1-A28F2603D742}) (Version: 1.54.59.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.61 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.61 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910 (HKLM-x32\...\{53f1dc9d-ed94-4650-a079-129785ce7905}) (Version: 14.28.29910.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29910 (HKLM\...\{06F1FCFD-8F77-488A-A477-6CA8A783EDD7}) (Version: 14.28.29910 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29910 (HKLM\...\{DE015560-04E3-4915-8F99-5B29289E3998}) (Version: 14.28.29910 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft1.7.7 (HKLM-x32\...\Minecraft1.7.7) (Version:  - )
MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 88.0.1.7794 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.16.4.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7712 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\ZoomUMX) (Version: 5.15.7 (20303) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.3007.0_x86__48frkmn4z8aw4 [2022-07-13] (Acer Incorporated)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-14] ()
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-11-09] (MAGIX)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-05] (Microsoft Studios) [MS Ad]
Spider Solitaire++ -> C:\Program Files\WindowsApps\12291raymond.li.31631ED225837_1.1.16.0_x64__szs6zaftcmqhc [2022-02-25] (raymond.li)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-11-09] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1880840183-2522925994-863313883-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-10-01] (Acer Incorporated -> Acer Incorporated)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e43bf4f1a295d985\igfxDTCM.dll [2016-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-27] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2016-04-21 08:51 - 2015-12-31 06:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2016-08-07 15:22 - 2007-12-07 01:08 - 000108032 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMBPA.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:newsfeed
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-11-14] (Foxit Software Incorporated -> )
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-11-14] (Foxit Software Incorporated -> )
Handler: intu-tt2020 - {BA9B9DDA-C208-4938-90D6-0FAB2903CECE} - C:\Program Files (x86)\TurboTax 2020\ic2020pp.dll No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 03:04 - 2015-07-10 03:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\PROGRA~2\ThriXXX\3D SexVilla;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karakas\Desktop\File Cabinet\desktop background\NASA-news-Hubble-Space-Telescope-pictures-colliding-galaxies-UGC-2369-2005834.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMInstantService => 2
MSCONFIG\Services: BlackBerry Device Manager => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FoxitPhantomService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® Security Assist => 3
MSCONFIG\Services: isaHelperSvc => 2
MSCONFIG\Services: IsAppService => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NitroDriverReadSpool9 => 2
MSCONFIG\Services: NitroUpdateService => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: nordsec-threatprotection-service => 3
MSCONFIG\Services: NordUpdaterService => 2
MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: QASvc => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: UEIPSvc => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1880840183-2522925994-863313883-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8B6B36A51FDD9942B0BDEE33C0F85C3E"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{8BD62413-17C7-4450-9088-80577C1D7389}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{11457BE3-1611-49AE-AAE7-42AA8551338D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{167FDA60-0062-409B-BC12-27E94A9D8573}] => (Allow) C:\Users\karakas\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{825ABA35-BB4A-430C-9DC7-0B8F42BBD167}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{54BDB808-A02D-4E5C-A9F6-E0BC6B303832}] => (Allow) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{D1937FF2-4364-4DBF-972F-36D0EA8DD9DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F6B8473E-2B34-408A-A3AB-2E04B01D6883}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F5AB9667-760B-41A7-8657-378838E455D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C2B17290-0B74-4A40-B926-1EF3B1D9830B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{790FB505-E868-428E-8195-A9C61BF6CC4C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{07D1CA39-FE35-436B-8947-2BCBF4E64A82}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B275326E-423D-4F5C-942D-9D1B86220C0C}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{9EE60F3E-E9BE-49DE-9798-2062662C8AEA}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
 
==================== Restore Points =========================
 
12-12-2023 02:01:19 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/13/2023 09:48:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.3693, time stamp: 0x73148b4c
Faulting module name: DUI70.dll, version: 10.0.19041.3636, time stamp: 0xedabea6e
Exception code: 0xc0000005
Fault offset: 0x000000000002435d
Faulting process id: 0xa3c
Faulting application start time: 0x01da2de30a6b2b49
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\DUI70.dll
Report Id: b1dd570b-ebd2-481b-968d-e91791045295
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/13/2023 09:20:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/13/2023 09:12:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1ca6d487-b061-4f63-8179-550d9186c9f6}
 
Error: (12/12/2023 08:34:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3636 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 4bf7c
 
Start Time: 01da2d59e812d7fe
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: 6bf4be7b-d5f9-4c78-9040-99bd61d83722
 
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ShellFeedsUI
 
Hang type: Quiesce
 
Error: (12/12/2023 04:05:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3636 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: d00
 
Start Time: 01da2caa6b630f80
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: a3989acf-9e10-4805-b09a-405ae921e51c
 
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ShellFeedsUI
 
Hang type: Quiesce
 
Error: (12/12/2023 03:26:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Acer (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (12/11/2023 07:04:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: secureboot.exe, version: 0.0.0.0, time stamp: 0x65567c73
Faulting module name: ntdll.dll, version: 10.0.19041.3636, time stamp: 0x9b64aa6f
Exception code: 0xc0000005
Fault offset: 0x00000000000a22c7
Faulting process id: 0xef8
Faulting application start time: 0x01da2ca77a614e1b
Faulting application path: C:\ProgramData\WindowsPowerShell\Modules\SecureBoot\secureboot.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 834fbed3-57d1-46c0-834f-06f207724f5a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/11/2023 07:00:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
 
System errors:
=============
Error: (12/11/2023 07:04:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The secureboot service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/11/2023 07:04:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (960000 milliseconds) while waiting for the secureboot service to connect.
 
Error: (12/11/2023 07:01:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The shpamsvc service terminated with the following error: 
Catastrophic failure
 
Error: (12/11/2023 10:56:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The secureboot service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/11/2023 10:56:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (960000 milliseconds) while waiting for the secureboot service to connect.
 
Error: (12/11/2023 10:53:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The shpamsvc service terminated with the following error: 
Catastrophic failure
 
Error: (12/11/2023 10:51:58 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (12/11/2023 10:51:58 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
 
Windows Defender:
================
Date: 2023-12-10 22:22:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-12-09 21:22:52
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-12-09 18:27:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-12-05 19:59:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-12-05 16:34:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Event[0]:
 
Date: 2023-08-18 22:37:37
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.511.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-08-18 22:37:37
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.511.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-08-18 22:37:37
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.395.511.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23070.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-08-14 10:10:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.393.2546.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2023-08-14 10:10:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.393.2546.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
CodeIntegrity:
===============
Date: 2023-12-13 08:39:34
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e43bf4f1a295d985\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. R01-A1 11/10/2015
Motherboard: Acer Aspire TC-710
Processor: Intel® Core™ i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 95%
Total physical RAM: 8097.83 MB
Available physical RAM: 381.21 MB
Total Virtual: 20076.42 MB
Available Virtual: 3392.34 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:930.91 GB) (Free:595.96 GB) (Model: WDC WD10EZEX-21WN4A0) NTFS
 
\\?\Volume{3614c06c-99c1-4f1c-a29d-2de8ea94e04e}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{831f2bc5-6046-4056-abd0-dc56be36db65}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3A81C23D)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#24
DR M
Posted 14 December 2023 - 01:35 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Have you been working with the computer while the scan was in progress?
 
This is from your logs:

Percentage of memory in use: 95%
Total physical RAM: 8097.83 MB
Available physical RAM: 381.21 MB

As you can see, you don't have enough memory to run your programs, and no wonder why you are experiencing slowness. In your initial logs, no such issue appeared, that's why I'm asking if you were using the computer. 
 
 
Next thing: I told you not to download anything while the cleaning process is in progress. The following are from your new logs:

2023-12-11 12:10 - 2023-12-11 12:10 - 000000000 ____D C:\Users\karakas\AppData\Local\MediaHuman
2023-12-11 12:09 - 2023-12-11 12:09 - 000001138 _____ C:\Users\karakas\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2023-12-11 12:09 - 2023-12-11 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman
2023-12-11 12:08 - 2023-12-11 12:08 - 000000000 ____D C:\Program Files\MediaHuman
2023-12-11 11:48 - 2023-12-11 11:52 - 000000000 ____D C:\Users\karakas\AppData\Roaming\youtube-dl-gui
2023-12-11 11:48 - 2023-12-11 11:48 - 000000000 ____D C:\Users\karakas\AppData\Local\youtube-dl-gui-updater
2023-12-11 11:22 - 2023-12-11 19:17 - 000000000 ____D C:\Users\karakas\Desktop\MP3 downloads
2023-12-11 11:22 - 2023-12-11 11:22 - 000000753 _____ C:\Users\karakas\Videos - Shortcut.lnk
2023-12-11 11:19 - 2023-12-11 11:26 - 000000000 ____D C:\Users\karakas\AppData\Roaming\youtube-dlg

It is very difficult to download new programs during the procedure. I can't review the same parts of the logs every time as if it is the first time. Plus, what we fix, may gets un-fixed with just a download.
 
A couple of things for you to do:


1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [738936 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
2023-12-09 08:32 - 2017-12-04 14:03 - 000000000 ____D C:\Users\karakas\AppData\Roaming\IObit
2023-12-05 11:15 - 2023-12-05 21:13 - 000011982 ____H C:\Users\karakas\Desktop\~WRL0772.tmp
C:\Program Files (x86)\Common Files\Java
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

2. Check disk

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
       chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

 

 

In your next reply please post:

  1. Your reply in my first question above (about using the computer while scanning)
  2. The fixlog.txt
  3. The chkdsk report

  • 0

#25
daniel.karakas
Posted 14 December 2023 - 06:48 PM

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Hi,

 

Thanks for your reply. Yes I was using the computer during the FRST scan, I was not aware that I shouldn't be using it at the same time. The extreme slow speeds I was experiencing were also during just normal internet browsing with a few tabs open, it is like it was before.

 

Sorry about downloading new software, my bad, I did this after I thought we had resolved the problem, but wont do it again and understand why that would complicate things. 

 

I ran the FRST fix, rebooted and ran the CHKDSK then was asked if i wanted to run on restart I selected yes and the computer went to restart and I left the house. When I came back the computer light was on but nothing was displayed on the monitor. I will leave it for the night and then turn the computer off and restart by the power button, unless you instruct otherwise.

 

Thanks


  • 0

Advertisements

#26
daniel.karakas
Posted 15 December 2023 - 12:20 AM

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Ok, the computer turned back on.

 

Here is the fix log and chkdsk report, it did not find a log, I will wait for your reply to see if I should try to do chkdsk again.

 

Thanks!

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-12-2023
Ran by karakas (14-12-2023 11:52:35) Run:3
Running from C:\Users\karakas\Desktop
Loaded Profiles: karakas
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [738936 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
2023-12-09 08:32 - 2017-12-04 14:03 - 000000000 ____D C:\Users\karakas\AppData\Roaming\IObit
2023-12-05 11:15 - 2023-12-05 21:13 - 000011982 ____H C:\Users\karakas\Desktop\~WRL0772.tmp
C:\Program Files (x86)\Common Files\Java
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
 
"C:\Users\karakas\AppData\Roaming\IObit" folder move:
 
C:\Users\karakas\AppData\Roaming\IObit => moved successfully
C:\Users\karakas\Desktop\~WRL0772.tmp => moved successfully
 
"C:\Program Files (x86)\Common Files\Java" folder move:
 
C:\Program Files (x86)\Common Files\Java => moved successfully
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26425256 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 271843 B
Edge => 0 B
Chrome => 1007165098 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2340 B
karakas => 40486628 B
 
RecycleBin => 26112 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:00:14 ====
 
 
 
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 2023-12-14 10:18:14 PM >------
No Events found for Winlogon, Chkdsk or Wininit!
 

Edited by daniel.karakas, 15 December 2023 - 12:23 AM.

  • 0

#27
DR M
Posted 15 December 2023 - 04:45 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Hello.

 

The chkdsk scan didn't run properly.

 

Try once more and let me know the result. 


  • 0

#28
daniel.karakas
Posted 15 December 2023 - 04:46 PM

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

It worked this time.

 

Thanks!!

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 2023-12-15 2:45:54 PM >------
Category: 0
Computer Name: DESKTOP-8ID5J9T
Event Code: 1001
Record Number: 1043498
Source Name: Microsoft-Windows-Wininit
Time Written: 12-15-2023 @ 21:58:04
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Acer.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
Stage 1: Examining basic file system structure ...
  1148928 file records processed.                                                        
 
 
File verification completed.
 Phase duration (File record verification): 43.84 seconds.
  32629 large file records processed.                                   
 
 
 Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                     
 
 
 Phase duration (Bad file record checking): 1.91 milliseconds.
 
Stage 2: Examining file name linkage ...
  96019 reparse records processed.                                      
 
 
  1558020 index entries processed.                                                       
 
 
Index verification completed.
 Phase duration (Index verification): 3.37 minutes.
  0 unindexed files scanned.                                        
 
 
 Phase duration (Orphan reconnection): 9.21 seconds.
  0 unindexed files recovered to lost and found.                    
 
 
 Phase duration (Orphan recovery to lost and found): 259.47 milliseconds.
  96019 reparse records processed.                                      
 
 
 Phase duration (Reparse point and Object ID verification): 210.11 milliseconds.
 
Stage 3: Examining security descriptors ...
Cleaning up 26 unused index entries from index $SII of file 0x9.
Cleaning up 26 unused index entries from index $SDH of file 0x9.
Cleaning up 26 unused security descriptors.
Security descriptor verification completed.
 Phase duration (Security descriptor verification): 161.39 milliseconds.
  204547 data files processed.                                           
 
 
 Phase duration (Data attribute verification): 2.21 milliseconds.
CHKDSK is verifying Usn Journal...
  34721968 USN bytes processed.                                                           
 
 
Usn Journal verification completed.
 Phase duration (USN journal verification): 885.07 milliseconds.
 
Stage 4: Looking for bad clusters in user file data ...
  1148912 files processed.                                                               
 
 
File data verification completed.
 Phase duration (User file recovery): 1.89 hours.
 
Stage 5: Looking for bad, free clusters ...
  154364833 free clusters processed.                                                       
 
 
Free space verification is complete.
 Phase duration (Free space recovery): 0.00 milliseconds.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 976130047 KB total disk space.
 356838708 KB in 732044 files.
    539340 KB in 204548 indexes.
         0 KB in bad sectors.
   1292667 KB in use by the system.
     65536 KB occupied by the log file.
 617459332 KB available on disk.
 
      4096 bytes in each allocation unit.
 244032511 total allocation units on disk.
 154364833 allocation units available on disk.
Total duration: 1.96 hours (7090606 ms).
 
Internal Info:
00 88 11 00 4b 4a 0e 00 a8 e6 19 00 00 00 00 00  ....KJ..........
59 0f 00 00 ba 67 01 00 00 00 00 00 00 00 00 00  Y....g..........
 
-----------------------------------------------------------------------

  • 0

#29
DR M
Posted 17 December 2023 - 12:49 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Hello, and thanks for your patience. Dealing with Covid here, and it is really really bad.

 

I see no disk problems.

 

Can you please now give to me a detailed feedback? What issues are you dealing with exactly? 


  • 0

#30
daniel.karakas
Posted 17 December 2023 - 08:34 AM

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts

Sorry to hear that hope you are feeling better.

 

It seems to work ok with 6 tabs or so opened in Chrome but starts to get high memory and 100% disk when I go to open more. It is overall super slow and basically not unsuable unless I only have a few Chrome tabs opened.

 

If I have several Chrome tabs open and word and excel for example it can take 20 seconds to go from one tab to the next. 

 

I checked my RAM and it seems fine; HD seems to fine on the check and is only around 40% full.

 

Disk goes to 100% when I start up the computer and when I start new software. I cant post a screen shot of task manager but with 12 tabs opened an nothing else I get 100% disk, 82% memory, 51% CPU and it is almost all attributable to Chrome. Then after 20 seconds or so they all start to go down.

 

 

 

Thanks


Edited by daniel.karakas, 17 December 2023 - 09:27 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP