Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange things on my computer after run in with Amazon [Closed]


  • This topic is locked This topic is locked

#1
Keyboardclick

Keyboardclick

    Member

  • Member
  • PipPip
  • 55 posts

I had a strange run in with Amazon, and don't know what to think. I know there are a lot of Amazon scams out there, and after this incident things appeared on my desktop from amazon that I did not put there my self. I don't know if I'm over reacting, I don't know what's going on. Brace yourself for a long story:

 

I have a Windows 10 computer, and use Firefox as my browser.

 

Yesterday, I received an item I ordered from Amazon, but they sent the wrong style (not what I ordered). I went to send it back, calling the customer service number I always use for Amazon (1-866-216-1072) and the representative told me to send them my photo id in order to be refunded. This set off alarm bells: I've had this amazon account since the early '90s, and have never sent in my id. I hung up, called again, this representative repeated the same thing. I explained how this does not make sense, I am not comfortable with this, how would sending my id help anything? They sent me the wrong item, etc. They would not explain themselves, and maintained that I must send in my id. I tried chatting on the Amazon website, same response. These were all foreign call center people, I asked to speak with an American supervisor, and was refused.

 

I did some looking online, and it seems most people believe this to be a scam by some rogue Indian Amazon employees who take people's id's and are able to steal their identities, using their id and their payment method. I didn't know what to think of this, as I called what I knew to be a legitimate amazon number and went to amazon to find the chat. But, what good will an id do them, other than to feed their ai facial recognition? They can't prove I am the person who opened the account in the 90s, as they didn't ask for my id at the start. Can't one also open an amazon account saying they were Humpty Dumpty? If so, would they refuse a refund unless Humpty Dumpty provided his ID? It feels like an invasion of privacy to me, as this is not standard online shopping policy (at least not for Walmart or Target) and they would refund to my original payment method, so the money could not go to a scammer.

 

Anyway, I don't need your expert geek help in assessing Amazon's business practices, but thoughts on whether or not this sounds like a scam (or could somehow not really be Amazon) are welcome. Here is where I need your help:

 

Today, I was browsing through Walmart's policies, to see if Amazon's were really out of the ordinary. I found a place on Walmart I wanted to screenshot, so I did, and when I went to save it to my folder where I dump stuff like this, I found a strange Amazon folder I did not make, and a strange Amazon shortcut I did not make. A screenshot of the shortcuts I found is attached. I'm afraid to open the one that looks like a web browser link. I opened the folder and found lots of crazy stuff, along with what looks like things I had in my Amazon cart that I was just browsing through. I have screen shots of the inside of the folder if you want to see it, but it looks like here I can only attach one thing at a time.

 

So, I freaked out a little bit. I didn't do this (can one do something like this by accident? If so, let me know. I admit I'm accident prone, but it seems to me that to do this I would have some how had to download the Amazon cart and all it's components onto my desktop and put them in my folder, which seems like a big and difficult accident to make). Was Amazon scamming me, and somehow in doing the "validate your account" email, did I let them on my computer? I did some research, and tried to follow the steps to look on the Event Viewer to see if someone else accessed my computer during the time that these files were made, and as far as I can tell it doesn't look like anyone did. I tried to go through my task manager and see if anything looked unusual to me, and (aside from the fact that it ALL looks unusual to me) I didn't see anything strange that particularly stood out. I searched a few things that seemed odd, and they turned out to be a normal part of windows. When I go to the task manager, and look under User, it seems to only be me, but these shortcuts were made yesterday, so I guess if someone was on there they could be gone now.

 

I'm not sure what else to do from here. I'm hoping somehow I accidentally did whatever was done with this amazon folder and shortcut, but don't think I did. I'll start running scans now, and follow your list and be putting up logs. Please let me know what you all think and if there's something else I should be doing.

 

Thanks!

 


  • 0

Advertisements


#2
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Here are my Frst logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
Ran by User (administrator) on LAPTOP-1755NSUL (LENOVO 81DE) (16-09-2024 17:32:22)
Running from C:\Users\User\Desktop\FRST64.exe
Loaded Profiles: User
Platform: Microsoft Windows 10 Home Version 22H2 19045.4894 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\QuickTime\qttask.exe
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (20E7E2C9-A2A9-4A02-BB29-6FCFB9E042BB -> Lenovo(beijing) Limited) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.46.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_7c484f80872e1cd8\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [427304 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2019-09-16] (Apple Computer, Inc.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Run: [f.lux] => C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-01-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Policies\Explorer: [NoLogOff] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2019-09-16]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8E42FD95-95C2-4895-BBBD-E207D9250084} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5173032 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {2D079743-8060-490B-92E1-BCB1AE9C0789} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-01] (Avast Software s.r.o. -> Avast Software)
Task: {586FE4FE-6957-416E-8D06-EAA00293F635} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-14] (HP Inc. -> HP Inc.)
Task: {8CD36375-BA6D-4BAB-B5E9-39984CF6868B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-14] (HP Inc. -> HP Inc.)
Task: {00F2EA6E-B0AF-478A-AF2C-45EE6DAF1A0C} - System32\Tasks\IObit StpSale (One-Time) => "C:\Program Files (x86)\IObit\Smart Defrag\pub\Stpsale.exe"  -> C:\Program Files (x86)\IObit\Smart Defrag\pub\\/stp
Task: {19DCA661-18B7-4311-B46F-C783E6928E6D} - System32\Tasks\IObit SumSale2024 (One-Time) => "C:\Program Files (x86)\IObit\Smart Defrag\pub\sumsale.exe"  -> C:\Program Files (x86)\IObit\Smart Defrag\pub\\/rpop
Task: {921E2E1C-15D1-4929-B3D7-023C72139098} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {94607245-E93A-4C80-B692-B97E8FB3E1F8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {14C87044-63B7-4671-AC72-40CE4F278118} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {07E8C8F6-27B9-4414-857C-23C2701B93A3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\39898a6c-abd8-4872-a91c-66fadac41753 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {B9F45627-5FE3-43C4-A2EF-2E4D55B7626B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3ef7a0bb-f57c-4da8-9d67-893cecaf32b9 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {26CB748C-6555-4F40-A766-5A42817BD2FF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\599328e5-c945-48db-a739-3fd7be1211bd => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {05FFBD61-BC24-475F-8A4C-2A43E0AC4FEA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6bc79892-85fa-4f02-bef1-ef3d6d576ae1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {6624974B-4805-4FAB-AFE0-ADE8DE5FBAA2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dbb061ce-8b7b-44b2-a9c7-f6131d751331 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {9A63893B-3426-45E4-BAA6-B6FD6034D957} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe [5786440 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {DC960A03-262D-4F7B-8FDE-6B9AEB012E67} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {23E7A971-068D-403E-B6FE-9DDE17D2FE59} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
Task: {3F4CFC6C-8E54-44F5-8143-C2AC6299CB93} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {39BF1E4F-231F-43D9-8EF6-DFF98CE38665} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7130D55B-51E0-41F7-BD7C-6B11495C631F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {8A298AA7-86DD-497C-84D4-99D68F5BEF68} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {E1EEF567-250D-4149-9E97-6FB05956879F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B45A18E2-87D9-44EB-9CF9-BDFC93B6FEDA} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3721576 2024-04-09] (IObit CO., LTD -> IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5f488a56-4358-42ad-8336-f7518937ab4f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A4372414: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A4372414: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A43724142366E674: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A43724142366E674: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\75F6C6667616E676: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\75F6C6667616E676: [DhcpDomain] attlocal.net

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-15]
Edge Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-08-07]

FireFox:
========
FF DefaultProfile: h7vtrih6.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default [2024-09-16]
FF DownloadDir: C:\Users\User\Desktop
FF Homepage: Mozilla\Firefox\Profiles\h7vtrih6.default -> www.duckduckgo.com
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\Extensions\[email protected] [2024-07-30]
FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\Extensions\[email protected] [2024-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-12-08]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-08]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-08]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-08]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-08]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7248680 2024-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [771880 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1217832 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-30] (Avast Software s.r.o. -> AVAST Software)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2019-06-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-14] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-11] (Malwarebytes Inc. -> Malwarebytes)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2019-05-26] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2019-05-26] (Even Balance, Inc. -> )
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20536 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229832 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [381400 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [293944 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27744 2024-08-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28616 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [273456 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [549968 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [97736 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69176 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [949816 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1198648 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203832 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306744 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2024-03-22] (IObit Information Technology -> IObit)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-02-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-02-09] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-09-16 17:32 - 2024-09-16 17:36 - 000023223 _____ C:\Users\User\Desktop\FRST.txt
2024-09-16 17:30 - 2024-09-16 17:30 - 002397696 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2024-09-14 23:55 - 2024-09-14 23:55 - 000000000 ____D C:\Users\User\AppData\Roaming\com.playtinum.Halloween-Jigsaw
2024-09-14 23:52 - 2024-09-14 23:52 - 000002196 _____ C:\Users\Public\Desktop\Play Halloween Jigsaw Puzzle Stash.lnk
2024-09-14 23:52 - 2024-09-14 23:52 - 000001248 _____ C:\Users\Public\Desktop\More Great Games.lnk
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Halloween Jigsaw Puzzle Stash
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halloween Jigsaw Puzzle Stash
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\Program Files (x86)\Halloween Jigsaw Puzzle Stash
2024-09-13 16:54 - 2024-09-13 16:54 - 000013444 _____ C:\Users\User\Desktop\handyforms.odt
2024-09-12 16:03 - 2024-09-12 16:03 - 000000353 _____ C:\Users\User\Desktop\Jojo Siwa Hair Bows in Hair Accessories - Walmart.com.url
2024-09-12 16:02 - 2024-09-12 16:02 - 000000353 _____ C:\Users\User\Desktop\Packed Party Hair Tools & Accessories in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Scrunchies in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Head Wraps in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Hair Bows in Hair Accessories - Walmart.com.url
2024-09-12 16:00 - 2024-09-12 16:00 - 000000353 _____ C:\Users\User\Desktop\Headbands in Hair Accessories - Walmart.com.url
2024-09-12 16:00 - 2024-09-12 16:00 - 000000353 _____ C:\Users\User\Desktop\Clip In Extensions in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Hair Ties in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Hair Clips in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Barrettes in Hair Accessories - Walmart.com.url
2024-09-11 23:36 - 2024-09-11 23:36 - 000000328 _____ C:\Users\User\Desktop\For Sale_ 1013 N Sunnyvale Ln Unit E, Madison, WI 53713 _ realtor.com®.url
2024-09-11 09:47 - 2024-09-11 09:45 - 000315176 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2024-09-10 22:47 - 2024-09-10 22:47 - 000000000 ___HD C:\$WinREAgent
2024-09-08 13:44 - 2024-09-08 13:44 - 000000299 _____ C:\Users\User\Desktop\Final Meeting Agenda_June 2024_6-24_v2.xlsx - agenda-2024-06-26-28-508.pdf.url
2024-09-06 15:14 - 2024-09-06 15:14 - 000000240 _____ C:\Users\User\Desktop\Masks - HALOLIFE.url
2024-09-03 09:42 - 2024-09-03 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-03 09:37 - 2024-09-10 14:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-01 00:43 - 2024-09-01 00:43 - 000000000 ____D C:\Users\User\AppData\Roaming\JetFun
2024-08-31 01:25 - 2024-08-31 01:25 - 000000242 _____ C:\Users\User\Desktop\RMV Workforce Corp.url
2024-08-28 19:21 - 2024-08-28 19:21 - 000000271 _____ C:\Users\User\Desktop\West Nile Virus_ Symptoms, Treatment & Prevention.url
2024-08-26 16:06 - 2024-08-26 16:06 - 000000242 _____ C:\Users\User\Desktop\A Website For Property Management And Multi-Family Housing.url
2024-08-26 16:02 - 2024-08-26 16:02 - 000000260 _____ C:\Users\User\Desktop\Tools For Maintenance Technicians That Can Make You Easy Money.url
2024-08-26 14:53 - 2024-08-26 14:53 - 000000331 _____ C:\Users\User\Desktop\Woodford Adjustable Rod with Pressure Relief Valve to Prevent Bursting (10-Piece) RK-ADJ-PRV - The Home Depot.url
2024-08-26 14:53 - 2024-08-26 14:53 - 000000243 _____ C:\Users\User\Desktop\RK-ADJ-PRV Upgrade the Model 14, 16, 17, 19, 22 and V22 to PRV 4-in to – Eagle Mountain.url
2024-08-26 14:28 - 2024-08-26 14:28 - 000000271 _____ C:\Users\User\Desktop\Woodford Model 17 Freezeless Faucet.url
2024-08-26 13:56 - 2024-08-26 13:56 - 000000234 _____ C:\Users\User\Desktop\Your Shopping Cart – woodfordfaucet.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-09-16 17:35 - 2021-02-19 16:46 - 000000000 ____D C:\FRST
2024-09-16 17:09 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-16 16:58 - 2022-12-28 17:04 - 000000000 ____D C:\Users\User\Desktop\pics for returns
2024-09-16 16:07 - 2020-09-28 08:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-16 15:34 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-16 15:34 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-16 13:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-09-16 13:44 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2024-09-16 00:21 - 2024-07-29 17:42 - 000002738 _____ C:\WINDOWS\system32\Tasks\IObit SumSale2024 (One-Time)
2024-09-16 00:21 - 2024-03-12 22:08 - 000002728 _____ C:\WINDOWS\system32\Tasks\IObit StpSale (One-Time)
2024-09-16 00:21 - 2024-01-11 20:43 - 000002442 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2024-09-16 00:21 - 2020-09-28 09:14 - 000003492 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Task
2024-09-16 00:21 - 2020-09-28 09:14 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-16 00:21 - 2020-09-28 09:14 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-16 00:21 - 2020-09-28 09:14 - 000002764 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2024-09-16 00:21 - 2020-09-28 09:14 - 000002352 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON
2024-09-16 00:21 - 2020-09-28 09:14 - 000002306 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_Dolby
2024-09-16 00:21 - 2020-09-28 09:14 - 000002302 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2024-09-16 00:21 - 2018-11-23 18:49 - 000000000 ____D C:\ProgramData\TEMP
2024-09-15 23:51 - 2021-02-09 20:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2024-09-15 19:27 - 2018-11-22 11:36 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2024-09-15 19:26 - 2018-11-22 13:39 - 000000000 ____D C:\ProgramData\AVAST Software
2024-09-15 19:25 - 2020-09-28 09:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-09-15 19:25 - 2020-09-28 08:42 - 000008192 ___SH C:\DumpStack.log.tmp
2024-09-15 19:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-09-15 19:24 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-09-14 23:52 - 2018-11-23 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2024-09-14 12:51 - 2021-12-16 16:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-14 12:08 - 2020-06-23 14:55 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-13 14:48 - 2018-11-22 15:54 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2024-09-12 08:23 - 2020-09-28 09:04 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-09-11 12:09 - 2021-05-30 17:00 - 000000000 ____D C:\Users\User\AppData\Local\Avast Software
2024-09-11 11:09 - 2024-06-10 16:56 - 000456288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-09-11 11:01 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-09-11 11:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-09-11 10:57 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-09-11 10:32 - 2020-09-28 08:46 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-09-11 09:49 - 2021-02-09 20:52 - 000949816 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-09-11 09:49 - 2021-02-09 20:52 - 000381400 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-09-11 09:47 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-09-11 09:46 - 2021-02-09 20:52 - 001198648 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000549968 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000306744 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000293944 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000273456 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000097736 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000084536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000069176 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000028616 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-09-11 09:45 - 2021-02-09 20:52 - 000229832 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-09-11 09:45 - 2021-02-09 20:52 - 000020536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2024-09-10 14:42 - 2018-11-22 13:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-09-10 14:36 - 2018-11-22 13:37 - 199688632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-09-10 14:17 - 2018-11-22 14:03 - 000000000 ____D C:\ProgramData\Packages
2024-09-10 14:17 - 2018-11-22 11:36 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2024-09-10 14:09 - 2018-11-22 13:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-07 22:23 - 2024-07-20 10:16 - 000000258 _____ C:\Users\User\Desktop\Respiratory Illnesses Data Channel _ Respiratory Illnesses _ CDC.url
2024-09-03 09:42 - 2018-11-22 13:27 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

==================== Files in the root of some directories ========

2019-06-23 17:48 - 2019-06-23 17:48 - 000001536 _____ () C:\Users\User\AppData\Local\GfxMetrics.cfg
2019-06-23 17:48 - 2019-06-23 17:48 - 000206336 _____ () C:\Users\User\AppData\Local\GfxMetrics.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

And this is the Addition log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by User (16-09-2024 17:42:08)
Running from C:\Users\User\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4894 (X64) (2020-09-28 14:15:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4161042128-27025238-194098315-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4161042128-27025238-194098315-503 - Limited - Disabled)
Guest (S-1-5-21-4161042128-27025238-194098315-501 - Limited - Disabled)
User (S-1-5-21-4161042128-27025238-194098315-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-4161042128-27025238-194098315-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader 7.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.8.6127 - Avast Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.5.0.0 - )
Curse at Twilight: Thief of Souls (HKLM-x32\...\BFG-Curse at Twilight - Thief of Souls) (Version:  - )
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
f.lux (HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Flux) (Version: 4.131 - f.lux Software LLC)
Fishdom - Spooky Splash (HKLM-x32\...\BFG-Fishdom - Spooky Splash) (Version:  - )
Fishdom (HKLM-x32\...\BFG-Fishdom) (Version:  - )
Halloween Jigsaw Puzzle Stash (HKLM-x32\...\BFG-Halloween Jigsaw Puzzle Stash) (Version:  - )
Hotel (HKLM-x32\...\BFG-Hotel) (Version:  - )
Infected: The Twin Vaccine (HKLM-x32\...\BFG-Infected - The Twin Vaccine) (Version:  - )
Intel® Chipset Device Software (HKLM\...\{7FB35D08-C75C-4A18-B593-1D7C3E8970AD}) (Version: 10.1.1.45 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{125B62DE-4575-4D4D-982F-AB6F9E913B54}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{DF4E2424-348F-4227-9096-8EA478DFAB4E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{258E992F-46AD-45FB-B83B-0CE0EC6FC549}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
LibreOffice 7.1.5.2 (HKLM\...\{4F0D0C39-A2CD-4908-AA4C-A1CC9BDCD71A}) (Version: 7.1.5.2 - The Document Foundation)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{8B4DBB94-B69B-4C4F-AADD-C10CFB220F1F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{56C76A75-BF3A-41E9-96D6-929E058DD38F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 130.0 (x64 en-US)) (Version: 130.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla)
NAPS2 6.1.2 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version:  - Ben Olden-Cooligan)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Smart Defrag 9 (HKLM-x32\...\Smart Defrag_is1) (Version: 9.4.0.342 - IObit)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-4) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\ZoomUMX) (Version: 5.17.10 (33775) - Zoom Video Communications, Inc.)

Packages:
=========

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-14] (HP Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.9.183.0_x86__k1h2ywk1493x8 [2018-06-17] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.46.0_x64__5grkq8ppsgwt4 [2018-11-22] (LENOVO INC) [Startup Task]
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2019-12-07] (Skype)
VitalSource Bookshelf -> C:\Program Files\WindowsApps\VitalSourceTechnologiesIn.VitalSourceBookshelf_9.3.11.0_x64__wasrd15zsyawm [2020-08-24] (VitalSource Technologies Inc)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxDTCM.dll [2018-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Ed in a Box 2.4\DEB Website.lnk -> hxxp://www.driveredinabox.com
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Ed in a Box 2.4\Report Error.lnk -> hxxp://www.driveredinabox.com/support/index.ph

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:00AFE22A [456]
AlternateDataStreams: C:\ProgramData\TEMP:0125B9F7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:021703B2 [232]
AlternateDataStreams: C:\ProgramData\TEMP:07C99568 [211]
AlternateDataStreams: C:\ProgramData\TEMP:0E8117B1 [221]
AlternateDataStreams: C:\ProgramData\TEMP:0FF28C38 [255]
AlternateDataStreams: C:\ProgramData\TEMP:145E3D35 [249]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE [215]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [213]
AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96 [233]
AlternateDataStreams: C:\ProgramData\TEMP:3407CC28 [257]
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230 [222]
AlternateDataStreams: C:\ProgramData\TEMP:408A104E [244]
AlternateDataStreams: C:\ProgramData\TEMP:410A2E9A [232]
AlternateDataStreams: C:\ProgramData\TEMP:4329D25A [237]
AlternateDataStreams: C:\ProgramData\TEMP:507C1BA0 [242]
AlternateDataStreams: C:\ProgramData\TEMP:51E66512 [227]
AlternateDataStreams: C:\ProgramData\TEMP:52886450 [229]
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 [222]
AlternateDataStreams: C:\ProgramData\TEMP:5C0CABC7 [237]
AlternateDataStreams: C:\ProgramData\TEMP:5E9EE2DE [227]
AlternateDataStreams: C:\ProgramData\TEMP:60E755E6 [249]
AlternateDataStreams: C:\ProgramData\TEMP:6FD26134 [207]
AlternateDataStreams: C:\ProgramData\TEMP:717F51DE [229]
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB [228]
AlternateDataStreams: C:\ProgramData\TEMP:87E3D720 [248]
AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [226]
AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1 [240]
AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [233]
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [464]
AlternateDataStreams: C:\ProgramData\TEMP:9DB344BB [235]
AlternateDataStreams: C:\ProgramData\TEMP:A4CDE823 [238]
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67 [240]
AlternateDataStreams: C:\ProgramData\TEMP:C16218C3 [148]
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1 [246]
AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C [247]
AlternateDataStreams: C:\ProgramData\TEMP:D5151683 [233]
AlternateDataStreams: C:\ProgramData\TEMP:D5F4DEBF [257]
AlternateDataStreams: C:\ProgramData\TEMP:DCB8068C [247]
AlternateDataStreams: C:\ProgramData\TEMP:E402E439 [250]
AlternateDataStreams: C:\ProgramData\TEMP:ECFD9449 [436]
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [238]
AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C [248]
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D [229]
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790 [231]
AlternateDataStreams: C:\ProgramData\TEMP:FBE06E1D [466]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4161042128-27025238-194098315-1001 -> DefaultScope {DC664FD2-F673-4866-B722-5372B6511B33} URL =
SearchScopes: HKU\S-1-5-21-4161042128-27025238-194098315-1001 -> {DC664FD2-F673-4866-B722-5372B6511B33} URL =
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-11-29 18:57 - 2024-06-10 11:27 - 000454626 ____R C:\WINDOWS\system32\drivers\etc\hosts
104.129.18.2 us-central-016.staticnetcontent.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15604 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Control Panel\Desktop\\Wallpaper -> c:\users\mariah\appdata\roaming\mozilla\firefox\desktop background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Qualcomm Atheros QCA9377 Wireless Network Adapter -> Qcamain10x64.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{156723D8-E0D2-45BC-8F99-7235682D219E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2C76ED30-C25B-4C42-B753-DCF7B6724405}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{3BA09F13-4EF6-4D98-BC32-F93C8FDBE180}C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe] => (Allow) C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe (Respondus, Inc. -> )
FirewallRules: [TCP Query User{7DC9AC5D-1503-487B-8CB9-E4853CDF15A9}C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe] => (Allow) C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe (Respondus, Inc. -> )
FirewallRules: [{9E874C3E-29D7-4825-965B-0E643C1BE226}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D46FC6F8-E5CA-40A1-9C47-2CE534415A05}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FAFE5243-D959-4CB9-928B-1A024702687B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5A4E17E0-8BFC-4585-BC09-015E0D1DDCED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{82A48892-3554-4D15-891D-92457F4AF409}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{8C67835F-CAA6-4063-83D3-1E48A51F1624}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5180858E-BF8D-4DD6-93CA-84E2540D1E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barrow Hill\Barrow Hill.exe (Macromedia, Inc.) [File not signed]
FirewallRules: [{49719C84-5817-4668-A95A-DA8438364CE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barrow Hill\Barrow Hill.exe (Macromedia, Inc.) [File not signed]
FirewallRules: [{5E264F81-EF6D-42EE-BF49-C66AD7853037}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{14ADC9EC-F919-4865-8BED-9E2ECDC61F9D}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{EFF7194F-CC11-4B8D-A3AE-E53B5C6DECD3}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F83DAFE8-69F7-49D0-8E87-EAFC9DDEC073}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A20D8879-D92D-4203-90E2-B541FF9F03C0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{8C585ADC-9819-4A8C-870F-C889791B0C5B}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Block) C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [UDP Query User{C0ED26EC-9BB5-4D12-BFFE-24385C9E58FC}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Block) C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [{31EB38E0-7557-424B-A5F0-8E22350CE856}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{C455D791-F662-4635-AFAA-AC5DA00AD146}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{BFE3F978-7398-4C9E-8212-03E5D5FAB49E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

30-08-2024 10:18:59 Scheduled Checkpoint
10-09-2024 14:43:19 Windows Modules Installer
11-09-2024 08:45:32 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (09/16/2024 05:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2e98
Faulting application start time: 0x01db08896e126b5f
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: fb16bf39-2ceb-4fdf-96ac-8c7353a2eff5
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:50:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0xc8c
Faulting application start time: 0x01db087a101f5568
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 8f9567ec-0b5b-4bd2-ad2a-128df637d32c
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:44:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x58c
Faulting application start time: 0x01db0878aa7e7238
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: 983b3afd-3f78-4cd9-bcce-b325771d9f6a
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x58c
Faulting application start time: 0x01db0878aa7e7238
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 9c93b72a-8fe7-4a42-a42d-84ad4e2821db
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:32:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x8d0
Faulting application start time: 0x01db0874799a1224
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: e1214d07-87c7-4331-9157-768253098764
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:10:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x8d0
Faulting application start time: 0x01db0874799a1224
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 77a73837-0898-44eb-b938-e29c598ef28c
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x2efc
Faulting application start time: 0x01db0870a3344d9d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: 44eaeb66-15be-44f7-9f88-86146698bacd
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 02:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2efc
Faulting application start time: 0x01db0870a3344d9d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 0cada336-487c-4b83-a00d-b93a108ab41b
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (09/16/2024 01:35:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtkAudioService service.

Error: (09/15/2024 07:25:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/15/2024 01:08:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/15/2024 01:03:31 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (09/15/2024 12:59:28 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (09/15/2024 12:55:25 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (09/15/2024 12:51:23 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (09/15/2024 12:46:58 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.


Windows Defender:
================
Date: 2021-02-11 14:27:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-10 14:57:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-10 14:01:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-09 23:16:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-09 22:03:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Event[0]:

Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.413.253.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error code: 0x80004004
Error description: Operation aborted

Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.413.253.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error code: 0x80004004
Error description: Operation aborted

Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error Code: 0x80004004
Error description: Operation aborted

Date: 2024-05-15 12:32:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.154.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.19800.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2024-05-15 12:32:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.154.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.19800.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2024-09-16 17:44:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8TCN61WW 05/19/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 83%
Total physical RAM: 4005.22 MB
Available physical RAM: 659.74 MB
Total Virtual: 7205.22 MB
Available Virtual: 2792.28 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:860.55 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{65961297-bb8f-4dc0-b48d-610e36976871}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.35 GB) NTFS
\\?\Volume{58b07d5c-9037-4c4f-8447-1c8ba7f8e41f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EC695FFA)

Partition: GPT.

==================== End of Addition.txt =======================

 

 

Thanks again


  • 0

#3
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

I haven't gotten a response, I guess that means everyone is stumped? I'm getting nervous about leaving this on my computer, so I am going to delete the Amazon shortcuts I did not make, empty my recycle bin, clear my cookies/cache/history, and run a virus scan. Please let me know what else you think I should do.


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Hello.

 

Please, if you still need assistance, post fresh FRST logs, Addition and FRST. 

 

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP