This topic is locked
All my data folders/files copying themselves into all other data folders/files. Obviously this has been very time-consuming to rectify and unfortunately it seems that no sooner have I done it start over again.
Initially I put this down to syncing issues with my cloud storage (pcloud). However I now believe it was malware.
A full scan with Avast premium security found no infections, but 2 different scans with Malwarebytes in the space of a few days found infections, including one called sandbox.17. However, googling seems to suggest this was a false positive and caused by FRST Toolbox?
However, I then ran ESET Online Scanner and its detected three HTML/Phishing generic Trojans, seemingly emanating from a Saudi Arabian based company.
Please see my logs below: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by APS (administrator) on DESKTOP-G3KB352 (12-04-2024 10:52:36)
Running from C:\Users\User\Downloads\FRST64.exe
Loaded Profiles: APS
Platform: Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files (x86)\Dolphin\Sam\sam.exe ->) (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.) C:\Program Files (x86)\Dolphin\Sam\VocExpr\sam.VocExpr.exe
(C:\Program Files (x86)\Dolphin\SnovaReadMag1905\Lunpls.EXE ->) (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.) C:\Program Files (x86)\Dolphin\Sam\sam.exe
(C:\Program Files (x86)\Dolphin\SnovaReadMag1905\Lunpls.EXE ->) (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.) C:\Program Files (x86)\Dolphin\SnovaReadMag1905\amd64\x64whook.exe
(C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\FuncRun.exe
(C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(C:\Program Files (x86)\GlassWire\GWCtlSrv.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\natspeak.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking15\dgnuiasvr.exe
(C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\natspeak.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking15\dragonbar.exe
(C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\natspeak.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking15\x64\dgnuiasvr_x64.exe
(C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe ->) (International Business Machines Corporation -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> ) C:\Program Files\Malwarebytes\Anti-Malware\MBAMCrashHandler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe
(cmd.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\dgnria_nmhost.exe
(explorer.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\Vpn.exe <4>
(explorer.exe ->) (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.) C:\Program Files (x86)\Dolphin\SnovaReadMag1905\Lunpls.EXE
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\natspeak.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIXKE.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(International Business Machines Corporation -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Secure VPN\VpnSvc.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(services.exe ->) (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.) C:\Windows\System32\dol_start.exe
(services.exe ->) (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.) C:\Windows\System32\dolsrvcbar2.exe
(services.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (International Business Machines Corporation -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(services.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (VIA Technologies, Inc -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\iSkysoft\UniConverter(IS)\WSVCUUpdateHelper.exe [33960 2021-04-07] (Wondershare Technology Co.,Ltd -> )
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [455968 2023-05-26] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [397656 2023-05-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [423832 2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [970536 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [1309992 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DXM6Patch_981116] => C:\Windows\p_981116.exe [497376 1998-11-30] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> ) <==== ATTENTION
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking15\Ereg\Ereg.exe [3144536 2017-03-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2756368 2023-08-09] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [1021960 2024-03-05] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Policies\Explorer: [AllowOnlineTips] 0
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [DisableAcrylicBackgroundOnLogon] 1
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe [391416 2024-03-27] (pCloud International AG -> )
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123171760 2024-03-27] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2591920 2024-02-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [Dolphin Notifications] => C:\ProgramData\Dolphin\Dolphin Notifications.exe [138240 2021-03-15] (Dolphin Computer Access Ltd.) [File not signed]
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [DolphinOceanicAccess] => C:\Program Files (x86)\Dolphin\SnovaReadMag1905\Lunpls.EXE [17087792 2021-03-15] (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [WPSTool] => C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\TWCU.exe [1891840 2018-01-30] (TP-Link Technologies Co., Ltd) [File not signed]
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [33526600 2024-03-24] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [11630984 2023-11-15] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45285792 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [com.messenger] => C:\Users\User\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (No File)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIXKE.EXE [421736 2021-11-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\RunOnce: [Application Restart #5] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKU\S-1-5-18\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [11630984 2023-11-15] (GlassWire -> SecureMix LLC)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Dolphin\SnovaReadMag1905\amd64\dol_secure.exe [437552 2021-03-15] (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\WINDOWS\system32\EFXLM16A.DLL [182784 2023-07-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-3620 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBKEE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON WF-3820 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBXKE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.107\Installer\chrmstp.exe [2024-04-11] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{BC455173-F501-4356-804F-571FAFB6EA9A}] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2024-04-05]
ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk [2020-03-02]
ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office-Bibliothek-Direktsuche.lnk [2020-02-18]
ShortcutTarget: Office-Bibliothek-Direktsuche.lnk -> C:\Program Files (x86)\Office-Bibliothek\PCLib.exe () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {5F2329B2-C794-45CF-8996-BF22B71A7265} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {021972B0-5441-47A5-B26B-DC07247053E2} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5188504 2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {485E4C78-6889-49CC-9095-6B3055EDF195} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-07-12] (Avast Software s.r.o. -> Avast Software)
Task: {38D1981A-ADC7-4539-B5C6-06B49DE7024C} - System32\Tasks\AVG\AVG Secure VPN Bug Report => C:\Program Files\AVG\Secure VPN\AvBugReport.exe [5002168 2024-04-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 12 --programpath "C:\Program Files\AVG\Secure VPN" --configpath "C:\ProgramData\AVG\Secure VPN" --path "C:\ProgramData\AVG\Secure VPN\log" --path "C:\ProgramData\AVG\Icarus\Logs" --logpath "C:\ProgramData\AVG\Secure VPN\log" --guid 5399e247-5d04-48aa-b1bd-ea (the data entry has 10 more characters).
Task: {D1B28277-6717-428B-90C6-B1B4A5A74A92} - System32\Tasks\AVG\AVG Secure VPN Emergency Update => C:\Program Files\AVG\Secure VPN\VpnUpdate.exe [1474496 2024-04-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {AB45A7D1-C615-4E11-AA5B-38DACE320E99} - System32\Tasks\AVG\AVG Secure VPN Update => C:\Program Files\Common Files\AVG\Icarus\avg-vpn\icarus.exe [7523256 2024-03-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {3D37C197-584E-4C4F-9B7B-B7CE4439B152} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {9641C3CB-680B-4A65-ABBB-89FFD0ECB667} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "b41e1308-97c5-4299-93cc-d2d314a0f647" --version "6.22.10977" --silent
Task: {25A252F4-C649-4DE5-919C-96DCA28BB18B} - System32\Tasks\CCleanerSkipUAC - APS => C:\Program Files\CCleaner\CCleaner.exe [39024544 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {6F625B1B-A61E-4BB3-A4C0-C5F4C070B535} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\User\Downloads\esetonlinescanner.exe [15274968 2023-06-21] (ESET, spol. s r.o. -> ESET)
Task: {151390E6-AB49-42B9-89D5-C4CB5D6465FC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\User\Downloads\esetonlinescanner.exe [15274968 2023-06-21] (ESET, spol. s r.o. -> ESET)
Task: {3493282E-45FC-4DB2-A516-74D4D80CAE73} - System32\Tasks\EPSON WF-3620 Series Invitation {53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB} => C:\Windows\System32\spool\drivers\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {216594D4-7FAF-48E6-BA79-95B03D8C71DD} - System32\Tasks\EPSON WF-3620 Series Update {53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB} => C:\Windows\System32\spool\drivers\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {E82294AD-4867-4A59-8A27-F2198F6CD93F} - System32\Tasks\EPSON WF-3820 Series Update {B201DF76-3DD5-4A5B-85C9-2EE85EA5916F} => C:\Windows\System32\spool\drivers\x64\3\E_YTSXKE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {4F543994-7EDD-42A7-BDE4-893804CF6A2E} - System32\Tasks\GoogleUpdateTaskMachineCore{DF12B07F-A97A-4ACB-93C2-37BB8E66D4BF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-11-02] (Google LLC -> Google LLC)
Task: {DAC73F23-42A9-4E11-84A0-959CFE84B04E} - System32\Tasks\GoogleUpdateTaskMachineUA{36DE27B0-37EA-4D3A-A6C3-4C4BBEC8B973} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-11-02] (Google LLC -> Google LLC)
Task: {2C4847AE-0D08-4DD9-931C-B396A52DD434} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4910680 2024-02-21] (Intel Corporation -> Intel Corporation)
Task: {8654691D-EE66-4EA2-A503-FE364D9109AF} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4910680 2024-02-21] (Intel Corporation -> Intel Corporation)
Task: {498A2A17-4EF1-4C18-AFEC-535D703F9FC2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {254CCDFC-CD39-4379-981B-CF905B67CE4C} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-1612592072-1675306049-690807718-1001 => C:\Users\User\AppData\Local\Programs\Messenger\MessengerHelper.exe [2265336 2023-11-24] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {2FB444C9-EAB2-4A84-963B-D6C5C42B672A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {6406D62D-EB9B-4507-8B9F-C7AFE8F764AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {68461B0F-1061-40C2-85B9-F3613DECE874} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221152 2024-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {40AC1C6D-9C9C-478F-A050-B42742C3C60E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221152 2024-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {E05992E9-BF09-428E-B94F-559E69210D66} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-03] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {3504F4AE-F576-4BEB-9360-C6A4FC25E4AB} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1612592072-1675306049-690807718-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-03] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {87B48E29-2773-4B50-854E-4FE8A7151177} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {557F285E-9E52-43D0-9200-64B9EE0EDA66} - System32\Tasks\update-S-1-5-21-1612592072-1675306049-690807718-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {50F882FF-7D27-41E1-BDC3-F32F424F571D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {BF4EACCE-99CC-4636-823E-083F10F0EA94} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-11] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB} /F:UpdateWORKGROUP\DESKTOP-G3KB352$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3820 Series Update {B201DF76-3DD5-4A5B-85C9-2EE85EA5916F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSXKE.EXE:/EXE:{B201DF76-3DD5-4A5B-85C9-2EE85EA5916F} /F:UpdateWORKGROUP\DESKTOP-G3KB352$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1612592072-1675306049-690807718-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 202.170.0.1
Tcpip\..\Interfaces\{41766173-7453-6f66-7477-617265415647}: [NameServer] 100.126.0.1
Tcpip\..\Interfaces\{5431fe88-df98-4b2c-a3f8-a9d76f6638fe}: [DhcpNameServer] 202.170.0.1
Tcpip\..\Interfaces\{5431fe88-df98-4b2c-a3f8-a9d76f6638fe}: [DhcpDomain] Home
HKLM\System\...\Parameters\PersistentRoutes: [202.170.0.6,255.255.255.255,202.170.0.1,1]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-12]
Edge DownloadDir: Default -> C:\Users\User\Desktop
Edge HomePage: Default -> hxxps://google.co.uk/
Edge StartupUrls: Default -> "hxxps://google.co.uk/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (DuckDuckGo) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-02-12]
Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-11-30]
Edge Extension: (Dragon Web Extension) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2023-01-05]
Edge Extension: (Dashlane — Password Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gehmmocbbkpblljhkekmfhjpfbkclbph [2024-02-12]
Edge Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-02-12]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-12]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-12]
Edge Extension: (IBM Security Rapport) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kajikgogckeajjplomldcempamhidmcc [2023-10-27]
Edge Extension: (BlockSite: Block Websites & Stay Focused) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lbnblmjlpifpfpefbcgefbhnlcnnjgjk [2022-11-02]
Edge Extension: (Password Alert) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhfklnnep [2021-11-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [kajikgogckeajjplomldcempamhidmcc]
FireFox:
========
FF DefaultProfile: 2utbbobo.default
FF DefaultProfile: uyjynct7.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Waterfox\Profiles\2utbbobo.default [2020-10-29]
FF ProfilePath: C:\Users\User\AppData\Roaming\Waterfox\Profiles\deg0b1s8.68-edition-default [2021-12-06]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uyjynct7.default [2023-11-02]
FF Extension: (IBM Security Rapport) - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2022-10-05] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (IBM Security Rapport) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\uyjynct7.default\Extensions\rapportext@trusteer.com.xpi [2024-04-12] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\omebjf83.default-release [2024-04-11]
FF Notifications: Mozilla\Firefox\Profiles\omebjf83.default-release -> hxxps://tinder.com; hxxps://www.youtube.com
FF Extension: (Dragon Professional Web Extension) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\omebjf83.default-release\Extensions\dgnria_pro.firefox@nuance.com.xpi [2021-05-12] [UpdateUrl:hxxps://dnsriacontent.nuance.com/15/ff/updates.json]
FF Extension: (Dashlane) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\omebjf83.default-release\Extensions\jetpack-extension@dashlane.com.xpi [2024-04-11]
FF Extension: (IBM Security Rapport) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\omebjf83.default-release\Extensions\rapportext@trusteer.com.xpi [2024-04-12] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\omebjf83.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-11-01]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2020-02-17] [Legacy] [not signed]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\x64\npDgnRia2_x64.dll [2020-11-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.401.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.401.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\npDgnRia2.dll [2020-11-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 6
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-03-20]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 18 [2024-03-20]
CHR Extension: (IBM Security Rapport) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2023-11-07]
CHR Extension: (NordVPN - VPN proxy for privacy and security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2024-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-19]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-19]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2023-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-11-07]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6 [2024-04-12]
CHR Notifications: Profile 6 -> hxxps://my.pcloud.com
CHR Extension: (Dragon Web Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2023-08-28]
CHR Extension: (Dashlane — Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2024-04-04]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-21]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-20]
CHR Extension: (Cookie Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\okckmdcaaieknndlpbpjjnfmbakdjnbe [2023-11-23]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2024-04-12]
CHR HKU\S-1-5-21-1612592072-1675306049-690807718-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [fjoaledfpmneenckfbpdfhkmimnjocfa]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
Brave:
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-12-15]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
BRA DefaultSearchKeyword: Default -> duckduckgo.com
BRA DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (DuckDuckGo) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-12-18]
BRA Extension: (Adblock Plus - free ad blocker) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-15]
BRA Extension: (Foxit PDF Creator) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2020-09-22]
BRA Extension: (Dragon Web Extension) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2020-08-15]
BRA Extension: (BlockSite - Stay Focused & Control Your Time) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2020-12-28]
BRA Extension: (Dashlane - Password Manager) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-12-15]
BRA Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-12-16]
BRA Extension: (Grammarly for Chrome) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-12-23]
BRA Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2020-08-15]
BRA Extension: (Google Hangouts) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-15]
BRA Extension: (Save to Pocket) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-10]
BRA Extension: (Liveclass Screen Sharing Jitsi) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pihbojbhdjkmimodbkleehchoniiobkj [2020-08-15]
BRA Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2020-12-06]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2020-12-02]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdjnpippjnphaeahihhpafnneefcnnfh [2020-12-08]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-01-02]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-08-15]
BRA Extension: (Brave User Model Installer) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2020-12-08]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2020-08-15]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-08-15]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2021-01-02]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-01-01]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5323592 2024-04-02] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9139608 2024-04-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [766360 2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2275736 2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1201560 2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081248 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221280 2024-04-10] (Microsoft Corporation -> Microsoft Corporation)
S3 Dashlane Vpn Service; C:\Program Files (x86)\Dashlane\VPN\Service\VpnService.exe [3403264 2020-10-06] (Dashlane USA, Inc. -> AnchorFree Inc.)
R2 DCAgent; C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe [19288 2023-05-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 DolphinCBarSrv2; C:\Windows\system32\dolsrvcbar2.exe [695088 2021-03-15] (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.)
R2 DolStart; C:\Windows\system32\dol_start.exe [167728 2021-03-15] (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [167992 2020-11-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-03-27] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [291592 2024-03-27] (Intel Corporation -> Intel)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [45064 2024-03-05] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2023-01-05] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2020-01-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8313736 2023-11-15] (GlassWire -> SecureMix LLC)
S3 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [123320 2024-03-24] (The Document Foundation -> The Document Foundation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-07-23] (OLYMPUS IMAGING CORP.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3032400 2023-06-19] (International Business Machines Corporation -> IBM Corp.)
R2 SecureVPN; C:\Program Files\AVG\Secure VPN\VpnSvc.exe [12322752 2024-04-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [18079544 2024-01-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2021-03-27] (Reason Software Company Inc. -> Reason Software Company Inc.)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [41952 2016-10-27] (VIA Technologies, Inc -> VIA Technologies, Inc.)
R3 VssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{4685DB0F-BF96-4757-876F-04E7D1305A51} [22384 2023-10-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2020-02-19] (AnchorFree Inc -> The OpenVPN Project)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [230448 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [379960 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [292920 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27760 2024-02-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28728 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [268856 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [548912 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [93752 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69176 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [935992 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695864 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [201784 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306232 2024-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgTap; C:\WINDOWS\System32\drivers\avgTap.sys [54888 2018-09-05] (AVG Technologies CZ, s.r.o. -> The OpenVPN Project)
S3 avgVpnRdr; C:\WINDOWS\System32\drivers\avgVpnRdr.sys [78664 2024-02-29] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
S3 avgWintun; C:\WINDOWS\System32\drivers\avgWintun.sys [40768 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
S3 avgWireGuard; C:\WINDOWS\System32\drivers\avgWireguard.sys [174520 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [457768 2022-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [481296 2020-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 dlcdcncm; C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [92400 2017-05-29] (DISPLAYLINK -> DisplayLink Corp.)
S3 dlusbaudio; C:\WINDOWS\System32\drivers\dlusbaudio_x64.sys [238320 2017-05-29] (DISPLAYLINK -> DisplayLink Corp.)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [33592 2020-03-17] (DEV47 APPS -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [229432 2020-03-17] (DEV47 APPS -> Dev47Apps)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [75848 2023-01-05] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EUBAKUP0; C:\WINDOWS\system32\drivers\EUBAKUP0.sys [75848 2023-01-05] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [55352 2023-11-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EUBKMON0; C:\WINDOWS\system32\drivers\EUBKMON0.sys [55352 2023-01-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [24152 2023-01-05] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [565456 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EUFDDISK0; C:\WINDOWS\system32\drivers\EUFDDISK0.sys [556112 2023-01-05] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R3 euimgprt; C:\WINDOWS\System32\DRIVERS\euimgprt.sys [29248 2023-08-29] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EUSSRDVR; C:\WINDOWS\System32\drivers\EUSSRDVR.sys [66768 2023-11-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2023-11-15] (GlassWire -> SecureMix LLC)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [201280 2024-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-04-12] (Malwarebytes Inc. -> Malwarebytes)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [451992 2023-06-19] (International Business Machines Corporation -> IBM Corp.)
R1 RapportCerberus_2304045; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_2304045.sys [1453424 2023-10-10] (International Business Machines Corporation -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544664 2023-06-19] (International Business Machines Corporation -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [398744 2023-06-19] (International Business Machines Corporation -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [448880 2023-06-19] (International Business Machines Corporation -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557464 2023-06-19] (International Business Machines Corporation -> IBM Corp.)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [4776176 2017-12-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2023-02-20] (nordvpn s.a. -> The OpenVPN Project)
S3 usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [49152 2020-08-15] (Microsoft Corporation) [File not signed]
S3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2020-03-23] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20704 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [55856 2023-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [594304 2023-12-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-13] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-06-15] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2019-12-07] (Microsoft Windows -> Marvell)
U1 aswbdisk; no ImagePath
U1 avgbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-12 10:32 - 2024-04-12 10:40 - 000070050 _____ C:\Users\User\Downloads\Addition.txt
2024-04-12 10:29 - 2024-04-12 10:53 - 000057850 _____ C:\Users\User\Downloads\FRST.txt
2024-04-12 10:28 - 2024-04-12 10:28 - 002394112 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2024-04-12 10:02 - 2024-04-12 10:02 - 002092544 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2024-04-12 10:02 - 2024-04-12 10:02 - 000000000 ____D C:\Users\User\AppData\LocalLow\IGDump
2024-04-12 09:42 - 2024-04-12 09:42 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-04-11 15:02 - 2024-04-12 10:45 - 000001271 _____ C:\Users\User\Desktop\ESET Online Scanner.lnk
2024-04-11 14:15 - 2024-04-11 14:15 - 000093893 _____ C:\Users\User\Downloads\Loaddocstore (87).Pdf
2024-04-11 14:14 - 2024-04-11 14:14 - 000093351 _____ C:\Users\User\Downloads\Loaddocstore (86).Pdf
2024-04-11 14:13 - 2024-04-11 14:13 - 000094312 _____ C:\Users\User\Downloads\Loaddocstore (85).Pdf
2024-04-11 14:13 - 2024-04-11 14:13 - 000094312 _____ C:\Users\User\Downloads\Loaddocstore (84).Pdf
2024-04-11 14:10 - 2024-04-11 14:10 - 000093470 _____ C:\Users\User\Downloads\Loaddocstore (83).Pdf
2024-04-10 08:18 - 2024-04-10 08:18 - 000000000 ___HD C:\$WinREAgent
2024-04-10 07:51 - 2024-04-10 07:51 - 000000000 ____D C:\WINDOWS\system32\o2
2024-04-09 11:06 - 2024-04-09 12:25 - 000336883 _____ C:\Users\User\Downloads\Statement--600704-08503486--03-02-2024-04-03-2024 (2).pdf
2024-04-09 11:06 - 2024-04-09 11:06 - 000331418 _____ C:\Users\User\Downloads\Statement--600704-08503486--03-02-2024-04-03-2024.pdf
2024-04-09 11:06 - 2024-04-09 11:06 - 000331418 _____ C:\Users\User\Downloads\Statement--600704-08503486--03-02-2024-04-03-2024 (3).pdf
2024-04-09 11:06 - 2024-04-09 11:06 - 000331418 _____ C:\Users\User\Downloads\Statement--600704-08503486--03-02-2024-04-03-2024 (1).pdf
2024-04-09 10:29 - 2024-04-09 10:29 - 000000972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\pCloud Drive.lnk
2024-04-09 10:29 - 2024-04-09 10:29 - 000000000 ____D C:\Program Files\pCloud Drive
2024-04-09 10:00 - 2024-04-09 10:00 - 000314776 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2024-04-08 15:45 - 2024-02-22 09:58 - 000047240 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2024-04-08 15:44 - 2024-04-08 15:44 - 000003670 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-04-05 09:46 - 2024-04-05 09:46 - 000001944 _____ C:\Users\Public\Desktop\AVG Secure VPN.lnk
2024-04-03 15:26 - 2024-04-03 15:26 - 000001408 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Home.lnk
2024-04-03 15:26 - 2024-04-03 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup
2024-04-03 15:25 - 2024-03-05 01:17 - 000029704 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2024-04-03 15:23 - 2024-04-03 15:24 - 000000000 ____D C:\Users\User\AppData\Local\unali-14520515
2024-04-03 15:23 - 2024-04-03 15:23 - 000000000 ____D C:\Users\User\AppData\Local\unali-14519031
2024-04-02 14:39 - 2024-04-02 14:40 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 24.2
2024-04-02 14:20 - 2024-04-02 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2024-03-29 14:17 - 2024-03-29 14:17 - 000116453 _____ C:\Users\User\Downloads\statement_3379399_33484606.pdf
2024-03-29 14:17 - 2024-03-29 14:17 - 000116453 _____ C:\Users\User\Downloads\statement_3379399_33484606 (1).pdf
2024-03-28 17:00 - 2024-03-28 17:00 - 000002716 _____ C:\Users\User\Downloads\transcript (8).txt
2024-03-28 17:00 - 2024-03-28 17:00 - 000002716 _____ C:\Users\User\Downloads\transcript (7).txt
2024-03-27 11:16 - 2024-03-27 11:16 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-27 11:15 - 2024-03-27 11:15 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-25 15:13 - 2024-03-25 15:13 - 000861496 _____ C:\Users\User\Documents\cc_20240325_141316.reg
2024-03-20 14:01 - 2024-03-21 15:28 - 000000000 ____D C:\Users\User\AppData\Local\pCloud
2024-03-20 14:00 - 2024-03-20 14:01 - 097783008 _____ (pCloud AG) C:\Users\User\Downloads\pCloud_Windows_4.1.4_x64 (1).exe
2024-03-19 13:25 - 2024-03-19 13:25 - 097783008 _____ (pCloud AG) C:\Users\User\Downloads\pCloud_Windows_4.1.4_x64.exe
2024-03-18 13:30 - 2024-03-18 13:30 - 000110320 _____ C:\Users\User\Downloads\Risk Assessment Form.pdf
2024-03-18 13:23 - 2024-03-18 13:23 - 000080656 _____ C:\Users\User\Downloads\Host Family Responsibilities (English) (1).pdf
2024-03-18 13:10 - 2024-03-18 13:10 - 000427445 _____ C:\Users\User\Downloads\English Test V2 Cambridge Quick Placement.pdf
2024-03-18 13:09 - 2024-03-18 13:09 - 000430260 _____ C:\Users\User\Downloads\English Test V1 Cambridge Quick Placement.pdf
2024-03-18 11:42 - 2024-03-18 11:42 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-03-16 13:43 - 2024-03-16 13:44 - 000434108 _____ C:\WINDOWS\Minidump\031624-8859-01.dmp
2024-03-15 12:28 - 2024-03-15 12:28 - 000014305 _____ C:\Users\User\Downloads\HbNotif01-04-2024.pdf
2024-03-15 12:28 - 2024-03-15 12:28 - 000014305 _____ C:\Users\User\Downloads\HbNotif01-04-2024 (1).pdf
2024-03-15 12:27 - 2024-03-15 12:27 - 000061496 _____ C:\Users\User\Downloads\20293709 (1).pdf
2024-03-14 12:14 - 2024-03-14 12:15 - 000061496 _____ C:\Users\User\Downloads\20293709.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-12 10:53 - 2020-07-02 12:42 - 000000000 ____D C:\FRST
2024-04-12 10:45 - 2021-11-04 14:05 - 000001377 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-04-12 10:44 - 2021-12-15 15:32 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-12 10:44 - 2020-02-13 12:39 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-12 10:43 - 2022-06-29 14:37 - 000000048 _____ C:\WINDOWS\SysWOW64\EUTB.TODK
2024-04-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-12 10:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2024-04-12 10:25 - 2020-08-16 09:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-12 09:46 - 2020-08-16 09:12 - 000871814 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-12 09:46 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-12 09:45 - 2020-08-16 09:07 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{EB2A0781-5E70-467F-8513-9C163EFCE247}
2024-04-12 09:45 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-12 09:44 - 2022-04-23 12:26 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-12 09:44 - 2020-02-17 11:53 - 000000621 _____ C:\Users\Public\Documents\supernova_dol_hook_log.txt
2024-04-12 09:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Cursors
2024-04-12 09:43 - 2023-05-12 18:30 - 000000000 ____D C:\Users\User\AppData\Local\Malwarebytes
2024-04-12 09:42 - 2024-02-29 13:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2024-04-12 09:42 - 2021-01-17 12:26 - 000000000 ____D C:\ProgramData\Avast Software
2024-04-12 09:42 - 2020-03-20 17:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-04-12 09:42 - 2020-02-17 12:06 - 000000000 ____D C:\ProgramData\AVG
2024-04-12 09:41 - 2020-08-16 09:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-12 09:41 - 2020-08-16 09:02 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-11 20:34 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-11 16:08 - 2020-02-17 13:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Excel
2024-04-11 15:02 - 2022-01-01 11:10 - 000000000 ____D C:\Users\User\Documents\Influent
2024-04-11 14:59 - 2019-11-18 12:06 - 000000000 ____D C:\Users\User\Documents\Tax
2024-04-11 12:45 - 2023-05-12 15:03 - 000013510 _____ C:\Users\User\Documents\Holdings 2023.xlsx
2024-04-11 12:06 - 2020-02-17 11:51 - 000000000 ____D C:\ProgramData\dolphin
2024-04-11 11:05 - 2021-03-19 13:51 - 000004096 ___SH C:\{028A973C-C201-4D9F-BB2B-EE5D413E22A0}.CBM
2024-04-11 11:00 - 2021-03-19 13:13 - 000477184 ___SH C:\EUMONBMP.SYS
2024-04-11 11:00 - 2020-08-16 17:00 - 000000000 ____D C:\WINDOWS\system32\config\regsave
2024-04-11 10:08 - 2024-01-01 09:40 - 000000000 ____D C:\Users\User\Documents\Influent 2024
2024-04-11 10:07 - 2020-02-17 14:20 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Word
2024-04-11 09:26 - 2023-11-02 18:06 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-11 09:26 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-10 15:51 - 2020-02-17 12:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-04-10 12:05 - 2019-11-18 12:07 - 000000000 ____D C:\Users\User\Documents\Teaching
2024-04-10 12:00 - 2019-11-18 12:34 - 000000000 ____D C:\Users\User\Documents\My Documents 2010-23
2024-04-10 11:50 - 2021-03-19 16:07 - 000000000 ____D C:\Users\User\Documents\LLN
2024-04-10 11:46 - 2020-02-21 14:17 - 000000000 ____D C:\Users\User\Documents\Letters
2024-04-10 11:45 - 2021-05-17 09:48 - 000000000 ____D C:\Users\User\Documents\Legal Aid
2024-04-10 11:42 - 2024-01-01 09:41 - 000000000 ____D C:\Users\User\Documents\Journalism 2024
2024-04-10 11:31 - 2019-11-18 12:02 - 000000000 ____D C:\Users\User\Documents\Data
2024-04-10 11:30 - 2019-11-18 12:02 - 000000000 ____D C:\Users\User\Documents\Creative writing
2024-04-10 11:29 - 2024-01-01 09:41 - 000000000 ____D C:\Users\User\Documents\Applied 2024
2024-04-10 11:24 - 2019-11-18 12:01 - 000000000 ____D C:\Users\User\Documents\Andrew
2024-04-10 09:04 - 2021-02-28 21:16 - 000718368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-10 09:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-10 09:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-10 09:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-10 09:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-10 08:48 - 2020-02-13 11:47 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2024-04-10 08:46 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-10 08:37 - 2020-08-16 09:04 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-10 08:08 - 2020-02-13 14:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-10 08:03 - 2020-02-13 14:29 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-09 19:36 - 2020-03-20 11:27 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Skype for Desktop
2024-04-09 11:06 - 2020-02-17 12:09 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2024-04-09 10:31 - 2021-09-03 14:00 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-04-09 10:30 - 2021-09-03 13:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-09 10:30 - 2020-10-21 08:54 - 000000000 ____D C:\Program Files\Malwarebytes
2024-04-09 10:29 - 2020-02-13 13:15 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-09 10:27 - 2020-08-21 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2024-04-09 10:16 - 2023-10-12 09:01 - 000003834 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2024-04-09 10:00 - 2024-01-24 11:10 - 000935992 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000695864 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000548912 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000379960 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000306232 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000292920 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000268856 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000230448 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000093752 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000084536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000069176 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-04-09 10:00 - 2024-01-24 11:10 - 000028728 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-04-09 10:00 - 2024-01-08 16:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2024-04-09 10:00 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-04-08 15:45 - 2023-10-11 18:18 - 000003762 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-04-08 15:45 - 2023-10-11 18:18 - 000003528 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-04-06 12:45 - 2021-02-02 15:50 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-05 16:54 - 2022-10-13 14:08 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-04-05 16:54 - 2022-10-13 14:08 - 000002021 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-04-05 16:54 - 2020-08-16 09:07 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-05 09:43 - 2023-11-19 14:31 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-05 09:43 - 2023-11-15 10:52 - 000000951 _____ C:\WINDOWS\Tasks\EPSON WF-3820 Series Update {B201DF76-3DD5-4A5B-85C9-2EE85EA5916F}.job
2024-04-05 09:43 - 2023-02-21 12:13 - 000000416 _____ C:\WINDOWS\Tasks\update-sys.job
2024-04-05 09:43 - 2023-02-21 12:13 - 000000416 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1612592072-1675306049-690807718-1001.job
2024-04-05 09:43 - 2023-02-16 19:46 - 000000951 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB}.job
2024-04-05 09:43 - 2023-02-16 19:46 - 000000765 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB}.job
2024-04-04 17:34 - 2023-11-19 14:31 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-04-04 17:34 - 2023-11-19 14:31 - 000002952 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-04-04 17:34 - 2023-11-19 14:31 - 000002248 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - APS
2024-04-04 17:34 - 2023-11-15 10:52 - 000003504 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3820 Series Update {B201DF76-3DD5-4A5B-85C9-2EE85EA5916F}
2024-04-04 17:34 - 2023-11-02 18:05 - 000003432 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{36DE27B0-37EA-4D3A-A6C3-4C4BBEC8B973}
2024-04-04 17:34 - 2023-11-02 18:05 - 000003208 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{DF12B07F-A97A-4ACB-93C2-37BB8E66D4BF}
2024-04-04 17:34 - 2023-02-21 12:13 - 000003048 _____ C:\WINDOWS\system32\Tasks\update-S-1-5-21-1612592072-1675306049-690807718-1001
2024-04-04 17:34 - 2023-02-21 12:13 - 000002796 _____ C:\WINDOWS\system32\Tasks\update-sys
2024-04-04 17:34 - 2023-02-16 19:46 - 000003504 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3620 Series Update {53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB}
2024-04-04 17:34 - 2023-02-16 19:46 - 000003326 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3620 Series Invitation {53DAC8C9-51E5-4AB8-8CE2-A64C1526D3BB}
2024-04-04 17:34 - 2021-02-02 15:49 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 17:34 - 2021-02-02 15:49 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-04 17:34 - 2020-08-16 09:07 - 000002964 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2024-04-04 17:34 - 2020-08-16 09:07 - 000002584 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2024-04-04 09:00 - 2023-05-10 14:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-04 09:00 - 2021-02-19 14:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-03 17:05 - 2020-03-17 15:24 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-03 15:26 - 2020-02-13 15:23 - 000000000 ____D C:\Program Files (x86)\EaseUS
2024-04-02 14:39 - 2024-02-05 14:24 - 000000000 ____D C:\Program Files\LibreOffice
2024-04-02 14:34 - 2021-10-26 09:29 - 000000000 ____D C:\Users\User\AppData\Local\Spotify
2024-04-02 14:33 - 2021-10-26 09:29 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify
2024-04-02 14:21 - 2021-09-05 14:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-04-02 14:20 - 2021-10-22 08:47 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2024-04-02 14:20 - 2021-10-22 08:46 - 000000000 ____D C:\Users\User\AppData\Roaming\AnyDesk
2024-03-29 12:05 - 2023-10-11 18:17 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-03-28 09:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-03-27 13:36 - 2019-11-18 12:33 - 000000000 ____D C:\Users\User\Documents\HLI
2024-03-27 12:24 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-27 12:13 - 2023-12-12 16:40 - 000000000 ___SD C:\WINDOWS\system32\lxss
2024-03-27 12:13 - 2023-12-11 17:51 - 000000000 ____D C:\WINDOWS\InboxApps
2024-03-27 12:13 - 2019-12-07 15:44 - 000000000 ____D C:\WINDOWS\en-GB
2024-03-27 12:13 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-03-27 12:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-03-27 12:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-03-27 12:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-03-25 15:15 - 2023-11-19 14:31 - 000000000 ____D C:\Program Files\CCleaner
2024-03-22 09:14 - 2021-03-03 16:35 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-03-21 16:22 - 2020-09-13 11:04 - 000000000 ____D C:\Users\User\Documents\Applied
2024-03-21 15:35 - 2022-10-18 15:07 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-03-18 11:42 - 2023-02-01 18:10 - 000001928 _____ C:\Users\User\Desktop\Zoom.lnk
2024-03-18 11:42 - 2023-02-01 18:06 - 000000000 ____D C:\Users\User\AppData\Roaming\Zoom
2024-03-18 11:40 - 2023-08-14 16:42 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Teams
2024-03-16 13:44 - 2020-08-23 08:59 - 000000000 ____D C:\WINDOWS\Minidump
2024-03-16 13:43 - 2024-02-22 15:42 - 1233664752 _____ C:\WINDOWS\MEMORY.DMP
2024-03-15 11:44 - 2022-09-13 09:04 - 000000000 ____D C:\Users\User\AppData\Roaming\com.adobe.dunamis
2024-03-13 16:59 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-13 16:59 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-13 16:59 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
==================== Files in the root of some directories ========
2020-02-17 11:52 - 2020-02-17 11:52 - 000000035 _____ () C:\ProgramData\SjoZbIYV.dat
2020-02-18 16:10 - 2023-02-13 15:57 - 000001235 _____ () C:\Users\User\AppData\Roaming\SAS7_000.DAT
2020-03-13 12:15 - 2023-04-14 15:05 - 000000828 _____ () C:\Users\User\AppData\Roaming\wklnhst.dat
2023-03-10 14:40 - 2023-03-10 14:43 - 000000128 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2024-02-01 11:07 - 2024-02-01 11:07 - 000002164 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2020-02-18 17:07 - 2024-04-11 09:48 - 000000034 _____ () C:\Users\User\AppData\Local\SuperNova_exit_error.log
2023-11-24 15:56 - 2023-11-24 15:59 - 000000142 _____ () C:\Users\User\AppData\Local\Support.ini
2023-02-21 12:13 - 2023-02-21 12:13 - 000000003 _____ () C:\Users\User\AppData\Local\updater.log
2023-02-21 12:13 - 2024-01-24 17:07 - 000000059 _____ () C:\Users\User\AppData\Local\UserProducts.xml
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by APS (12-04-2024 10:38:20)
Running from C:\Users\User\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) (2020-08-16 08:07:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1612592072-1675306049-690807718-500 - Administrator - Disabled)
APS (S-1-5-21-1612592072-1675306049-690807718-1001 - Administrator - Enabled) => C:\Users\User
DefaultAccount (S-1-5-21-1612592072-1675306049-690807718-503 - Limited - Disabled)
Guest (S-1-5-21-1612592072-1675306049-690807718-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1612592072-1675306049-690807718-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: ESET Firewall (Disabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}
FW: Avast Antivirus (Disabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader (HKLM\...\{492E083C-91B8-4B34-BF34-5F1FBE2E4ABB}) (Version: 4.29.0.5640 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{1a9e60b1-94e7-4aac-9607-8f8b3967f23f}) (Version: 4.29.0.5640 - Open Media LLC)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.001.20643 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 2.0.1.70350 - Amazon)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 8.0.9 - AnyDesk Software GmbH)
AstroGrep (HKLM-x32\...\AstroGrep) (Version: 4.4.9 - AstroComma, Inc.)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 24.3.6108 - Avast Software)
AVG Secure VPN (HKLM\...\AVG Secure VPN) (Version: 24.3.9757.10918 - AVG)
CCleaner (HKLM\...\CCleaner) (Version: 6.22 - Piriform)
Core Temp 1.18.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU)
CPUID HWMonitor 1.52 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.52 - CPUID, Inc.)
Dashlane (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Dashlane) (Version: 6.2148.0.52031 - Dashlane, Inc.)
Dolphin Orpheus (HKLM-x32\...\DolphinOrpheus210) (Version: - )
Dolphin Remote Support (HKLM-x32\...\DolphinRemoteSupport) (Version: - )
Dolphin SuperNova Magnifier & Speech 19.05 (HKLM-x32\...\DolphinLunarPlus1905) (Version: - )
Dolphin Synthesiser Access Manager (HKLM-x32\...\DolphinSAM) (Version: - )
Dragon (HKLM-x32\...\{287B4A8E-7DD7-4AEE-8CEA-800960859AEC}) (Version: 15.61.200 - Nuance Communications Inc.)
EaseUS Todo Backup Home 2024 Trial (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 2024.3 - EaseUS)
e-Dictionaries (HKLM-x32\...\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}) (Version: - )
EncoreBasic (HKLM-x32\...\{4C0C787B-EF87-4A5F-B4CC-A022BC97A2FC}) (Version: 2.4 - Respironics, INC.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.7 - Seiko Epson Corporation)
Epson Data Collection Agent (HKLM\...\{A144D202-5F5C-4AE0-8BFE-F374C31BA279}) (Version: 7.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{067039C9-A41C-42F5-9571-B06E0700AAA4}) (Version: 3.11.77 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 4.02.01.01 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\{951BB68A-520D-44B7-B5FF-01140AECF27C}) (Version: 3.8.1.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{DE32F90E-1A29-4D74-BCF1-E7DDB25D713A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{3615C893-F844-4A5B-B949-8409EAB62271}) (Version: 3.00.05 - Seiko Epson Corporation)
EPSON Scan PDF Extensions (HKLM-x32\...\{E4C6B326-8218-4FC2-8B48-85A19DAB3AE4}) (Version: 1.03.02.01 - Seiko Epson Corporation)
Epson ScanSmart (HKLM-x32\...\{1A1B60BB-F156-4F6D-AD79-8A096B67E9AB}) (Version: 3.7.10 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
EPSON WF-3820 Series Printer Uninstall (HKLM\...\EPSON WF-3820 Series) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Ernst Deutsch-Englisch (HKLM-x32\...\{A3811461-CB5F-45b6-960C-A566CE42F811}) (Version: 2.11.4.14 - Oscar Brandstetter Verlag / Acolada GmbH) Hidden
Ernst Deutsch-Englisch (HKLM-x32\...\Ernst Deutsch-Englisch) (Version: - Oscar Brandstetter Verlag)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - )
GIMP 2.10.36 (HKLM\...\GIMP-2_is1) (Version: 2.10.36 - The GIMP Team)
GlassWire 3.3 (remove only) (HKLM-x32\...\GlassWire 3.3) (Version: 3.3.630 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.107 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{CCDC49A6-B288-4623-AA1D-332D328A8FA8}) (Version: 24.1.13.10 - Intel) Hidden
Intel Processor Diagnostic Tool 64bit (HKLM\...\{CCB78529-CC80-456F-BBFE-4F12A50D6F8B}) (Version: 4.1.8 - Intel Corporation)
Intel® Computing Improvement Program (HKLM\...\{76751700-CC7A-4C8E-A7EE-D66651594A6A}) (Version: 2.4.10802 - Intel Corporation)
Intel® Graphics Driver Software (HKLM-x32\...\{1c5c7b65-90a8-44b8-b1f6-0f6bae9f3eb5}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5161 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{64f50684-bac6-488b-9bab-93616f34d6ec}) (Version: 24.1.13.10 - Intel)
Java 8 Update 401 (HKLM-x32\...\{71024AE4-039E-4CA4-87B4-2F32180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Java™ SE Development Kit 21.0.2 (64-bit) (HKLM\...\{4279F87C-3082-5077-A915-E01597628FDF}) (Version: 21.0.2.0 - Oracle Corporation)
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 5.17.10.542 - KC Softwares)
K-Lite Codec Pack 15.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.3.5 - KLCP)
LibreOffice 24.2.2.2 (HKLM\...\{6A2ACEC0-5875-4F4E-A2C8-F4479E3A7229}) (Version: 24.2.2.2 - The Document Foundation)
LibreOffice 7.4.3.2 SDK (HKLM\...\{45E89E12-1253-4C3B-BEDD-C7F0EACA297B}) (Version: 7.4.3.2 - The Document Foundation)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.12.20.0 - Logitech Europe S.A.)
Malwarebytes version 4.6.13.324 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.13.324 - Malwarebytes)
Messenger (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 200.0.540197646 - Facebook, Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Teams) (Version: 1.7.00.3653 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33617 (HKLM-x32\...\{551c9ee3-34e4-4f63-891b-7616e726a705}) (Version: 14.40.33617.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33617 (HKLM-x32\...\{8839417a-067e-4554-880f-99e10f96231a}) (Version: 14.40.33617.1 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33617 (HKLM\...\{27AA6CA4-F431-460B-9983-85416BB7780B}) (Version: 14.40.33617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33617 (HKLM\...\{25EBDAB2-283A-4715-ACF2-79B76F4B8CCD}) (Version: 14.40.33617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33617 (HKLM-x32\...\{248D64ED-E15B-4625-965E-8642FA0FFBD7}) (Version: 14.40.33617 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33617 (HKLM-x32\...\{01815E8A-8E70-43EF-B1EA-19DD6D0ABBF2}) (Version: 14.40.33617 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{12167277-4066-37DA-B8FC-4A623FD237E1}) (Version: 10.0.60917 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60912 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 124.0.2 (x64 en-GB)) (Version: 124.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 124.0.1 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.9.0 (x64 en-US)) (Version: 115.9.0 - Mozilla)
Mozilla Thunderbird Beta (x64 en-GB) (HKLM\...\Mozilla Thunderbird Beta 120.0 (x64 en-GB)) (Version: 120.0 - Mozilla)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.3.6 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - Seiko Epson Corporation)
NAPS2 6.1.2 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office-Bibliothek 4.0 (HKLM-x32\...\{54971F17-9D16-4D43-95D6-3A86E3D20EDB}) (Version: - )
Olympus Sonority (HKLM-x32\...\{40CAF5AE-4E70-46C8-8AD8-4A036D32525C}) (Version: 1.4.1 - OLYMPUS IMAGING CORP.)
OmegaT version 4.3.2 (HKLM-x32\...\org.omegat_is1) (Version: 4.3.2 - OmegaT)
OmegaT version 6.0.0 (64-bit) (HKLM\...\org.omegat_is1) (Version: 6.0.0 - OmegaT)
OSCAR (HKLM\...\{FC6F08E6-69BF-4469-ADE3-78199288D305}_is1) (Version: 1.4.0-Win64-e35d47b3 - The OSCAR Team)
pCloud Drive (HKLM\...\{75C17379-0CDB-4381-9DF9-A8C261D9AF39}) (Version: 4.1.5.0 - pCloud AG) Hidden
pCloud Drive (HKLM-x32\...\{5017bd79-c594-48eb-8a14-e7796ac0d5b8}) (Version: 4.1.5.0 - pCloud International AG)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.2304.201 - Trusteer) Hidden
Readiris 17 (HKLM-x32\...\{14904D61-542F-4E6E-A2C2-B1C7580F8647}) (Version: 17.03.95 - I.R.I.S.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Skype version 8.116 (HKLM-x32\...\Skype_is1) (Version: 8.116 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23123.1 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23123.1 - Samsung Electronics Co., Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\Spotify) (Version: 1.2.33.1042.g26c92729 - Spotify AB)
System Ninja version 3.2.10 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.2.10 - SingularLabs)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.50.5 - TeamViewer)
Thunderbird to Outlook Transfer (HKLM-x32\...\Thunderbird to Outlook Transfer) (Version: 5.5.0.0 - GlexSoft LLC)
TP-Link TL-WN823N (HKLM-x32\...\{CE194A8D-C8DF-47EB-AB04-5A54CDC1C5BD}) (Version: 2.1.0 - TP-Link)
TP-Link Wireless Adapter WPS Tool (HKLM-x32\...\{685EFF87-B126-49E4-8213-70C56625C5B5}) (Version: 1.0.0.1 - TP-Link)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.2304.201 - Trusteer)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Windows Subsystem for Linux Update (HKLM\...\{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}) (Version: 5.10.102.1 - Microsoft Corporation)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 12.6.1.3) (HKLM\...\UniConverter_is1) (Version: 12.6.1.3 - Wondershare Software)
Zoom (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
Chrome apps:
============
Docs (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\9c6965a846b77c47a6adfc05e290c386) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\b6668797bb011c99edb063c0a970e43e) (Version: 1.0 - Google\Chrome)
Google Drive (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\f698a851494015cb846925a01dbacd87) (Version: 1.0 - Google\Chrome)
Sheets (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\7c1757e1a63c0e90ac17f5301764d2c3) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\e07aca86222583a971dbc5ae5e8ca2ec) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\f54c653b9b29ebed4517a99997a9b017) (Version: 1.0 - Google\Chrome)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
Dev Home (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1201.442.0_x64__8wekyb3d8bbwe [2024-03-22] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa [2023-12-15] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-08-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-08-14] (Microsoft Corporation) [MS Ad]
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21001.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-14] (Microsoft Corporation)
Sound Converter -> C:\Program Files\WindowsApps\32015mccalla.SoundConverter_4.1.5.0_x64__1yb35n8phzzdw [2021-07-13] (mccalla)
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu_2204.3.49.0_x64__79rhkp1fndgsc [2023-12-12] (Canonical Group Limited)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23355.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{39510CC2-49A0-3978-624B-B377EDD17A81}\InprocServer32 -> C:\Program Files (x86)\Common Files\System\ole32.dll => No File
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{406EFA8B-887B-4B20-9530-0A97AD6788A1}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird Beta\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{6b8c5e57-13a1-4e58-ab41-ca933f6c7611}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => No File
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX 2020 -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{AA6D374B-2B56-409f-8AC0-4D21B3346532}\InprocServer32 -> C:\Program Files (x86)\Dolphin\SnovaReadMag1905\amd64\dol_office_addin.dll (Dolphin Computer Access Ltd -> Dolphin Computer Access Ltd.)
CustomCLSID: HKU\S-1-5-21-1612592072-1675306049-690807718-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {05400BFE-8EEF-4C17-AE55-E02D6BD93B56} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {05400BFE-8EEF-4C17-AE55-E02D6BD93B56} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {05400BFE-8EEF-4C17-AE55-E02D6BD93B56} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {05400BFE-8EEF-4C17-AE55-E02D6BD93B56} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files\pCloud Drive\ContextMenuHandler64.dll [2023-02-20] (pCloud AG) [File not signed]
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2024-03-05] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2024-03-05] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files\pCloud Drive\ContextMenuHandler64.dll [2023-02-20] (pCloud AG) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2024-03-05] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-04-09] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-23] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-23] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [380416 2014-01-21] (Speech Processing Solutions GmbH) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\de0b1d243227e473\Andrew - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 18"
==================== Loaded Modules (Whitelisted) =============
2024-04-03 15:26 - 2023-01-05 00:00 - 000194048 _____ () [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssh2.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 000116736 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-c-common.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 000022016 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-c-event-stream.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 000043008 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-checksums.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 000974848 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-cpp-sdk-core.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 003429376 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-cpp-sdk-s3.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 000180224 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-cpp-sdk-transfer.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2018-07-18 15:27 - 2018-07-18 15:27 - 000747520 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2024-04-03 15:26 - 2023-01-05 00:00 - 000509064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrap.DLL
2024-04-03 15:26 - 2023-01-05 00:00 - 000141448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\EnsHelper.dll
2024-04-03 15:26 - 2023-01-05 00:00 - 000098440 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\register.dll
2024-04-03 15:26 - 2023-01-05 00:00 - 000461448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\wpnr.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 000509064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ens\AliyunWrap.DLL
2024-04-03 15:25 - 2023-01-05 00:00 - 000141448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ens\enshelper.dll
2020-10-20 16:30 - 2021-03-15 19:44 - 000206848 _____ (Dolphin Computer Access Ltd.) [File not signed] C:\Program Files (x86)\Dolphin\Sam\DOL_BB.dll
2011-02-09 13:44 - 2021-03-15 19:44 - 000028672 _____ (Dolphin Computer Access Ltd.) [File not signed] C:\Program Files (x86)\Dolphin\Sam\VocExpr\dolabf.dll
2020-10-20 16:30 - 2021-03-15 19:44 - 000206848 _____ (Dolphin Computer Access Ltd.) [File not signed] C:\Program Files (x86)\Dolphin\SnovaReadMag1905\DOL_BB.dll
2020-10-30 17:30 - 2021-03-15 19:44 - 000452096 _____ (Dolphin Computer Access Ltd.) [File not signed] C:\Program Files (x86)\Dolphin\SnovaReadMag1905\dol_iupd2.dll
2018-02-28 16:31 - 2021-03-15 19:44 - 000101888 _____ (Dolphin Computer Access Ltd.) [File not signed] C:\Program Files (x86)\Dolphin\SnovaReadMag1905\dol_notifications.dll
2019-11-27 17:36 - 2021-03-15 19:44 - 000089600 _____ (Dolphin Computer Access Ltd.) [File not signed] C:\Program Files (x86)\Dolphin\SnovaReadMag1905\dol_winrt.dll
2018-03-22 11:07 - 2021-03-15 19:44 - 000281088 _____ (Dolphin Computer Access Ltd.) [File not signed] C:\Program Files (x86)\Dolphin\SnovaReadMag1905\DolphinOSK.dll
2020-02-07 16:07 - 2021-03-15 19:44 - 000958976 _____ (Dolphin Computer Access Ltd.) [File not signed] C:\Program Files (x86)\Dolphin\SnovaReadMag1905\script_engine.dll
2024-04-03 15:25 - 2023-01-05 00:00 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2013-11-25 16:29 - 2021-03-15 19:44 - 002580480 _____ (Nuance Communications, Inc.) [File not signed] C:\Program Files (x86)\Dolphin\Sam\VocExpr\speech\common\speech\components\ve.dll
2023-08-08 19:59 - 2023-08-08 19:59 - 000242688 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2023-08-08 19:59 - 2023-08-08 19:59 - 000057856 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\EPNWPSHDevFinder.DLL
2023-08-08 19:59 - 2023-08-08 19:59 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2021-10-26 16:58 - 2021-10-26 16:58 - 000647168 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Condition Viewer_00000012\ConView.dll
2021-10-26 10:00 - 2021-10-26 10:00 - 000708608 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll
2020-04-17 10:15 - 2020-04-17 10:15 - 000577536 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\MepUploader_00000542\MepUploader.dll
2019-02-22 15:09 - 2019-02-22 15:09 - 000475136 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll
2020-01-20 14:45 - 2020-01-20 14:45 - 003338240 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\Epson Data Collection Agent\IZENSTRMAPIu.dll
2020-01-20 14:45 - 2020-01-20 14:45 - 003142144 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\Epson Data Collection Agent\NDENCMAPI.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2024-02-22 09:58 - 2024-02-22 09:58 - 003160576 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2024-04-03 15:26 - 2023-01-05 00:00 - 000428544 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcurl.dll
2024-04-03 15:25 - 2023-12-01 15:03 - 000436224 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libcurl.dll
2024-04-03 15:26 - 2023-01-05 00:00 - 002523136 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcrypto-1_1.dll
2024-04-03 15:26 - 2023-01-05 00:00 - 000531456 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssl-1_1.dll
2024-04-03 15:25 - 2023-12-01 15:03 - 003529728 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libcrypto-3.dll
2024-04-03 15:25 - 2023-12-01 15:03 - 000580096 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libssl-3.dll
2017-10-23 17:28 - 2017-10-23 17:28 - 000342016 _____ (TODO: <Company name>) [File not signed] C:\Program Files\pCloud Drive\OverlayIcon64.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\desktop.ini:WIN64 [37]
AlternateDataStreams: C:\WINDOWS\win.ini:WINDOWS [32]
AlternateDataStreams: C:\ProgramData\E26dLE.theme:NTOSCHK [29]
AlternateDataStreams: C:\Users\User\Downloads\AdwCleaner.exe:MBAM.Zone.Identifier [229]
AlternateDataStreams: C:\Users\User\Downloads\avast_driver_updater_online_setup.exe:MBAM.Zone.Identifier [285]
AlternateDataStreams: C:\Users\User\Downloads\avast_premium_security_setup_online.exe:MBAM.Zone.Identifier [227]
AlternateDataStreams: C:\Users\User\Downloads\avg_sysinfo.exe:MBAM.Zone.Identifier [96]
AlternateDataStreams: C:\Users\User\Downloads\avg_vpn_online_setup (1).exe:MBAM.Zone.Identifier [50]
AlternateDataStreams: C:\Users\User\Downloads\avg_vpn_online_setup (3).exe:MBAM.Zone.Identifier [204]
AlternateDataStreams: C:\Users\User\Downloads\avg_vpn_online_setup (5).exe:MBAM.Zone.Identifier [208]
AlternateDataStreams: C:\Users\User\Downloads\avg_vpn_online_setup (6).exe:MBAM.Zone.Identifier [263]
AlternateDataStreams: C:\Users\User\Downloads\avg_vpn_online_setup.exe:MBAM.Zone.Identifier [208]
AlternateDataStreams: C:\Users\User\Downloads\ccsetup618.exe:MBAM.Zone.Identifier [215]
AlternateDataStreams: C:\Users\User\Downloads\ChromeSetup(1).exe:MBAM.Zone.Identifier [394]
AlternateDataStreams: C:\Users\User\Downloads\Core-Temp-setup.exe:MBAM.Zone.Identifier [131]
AlternateDataStreams: C:\Users\User\Downloads\EpsonConnect147_e (1).exe:MBAM.Zone.Identifier [194]
AlternateDataStreams: C:\Users\User\Downloads\EpsonConnect147_e (2).exe:MBAM.Zone.Identifier [194]
AlternateDataStreams: C:\Users\User\Downloads\Epson_WF-3820_Series_EA_11_Web (1).exe:MBAM.Zone.Identifier [204]
AlternateDataStreams: C:\Users\User\Downloads\Epson_WF-3820_Series_EA_11_Web (2).exe:MBAM.Zone.Identifier [204]
AlternateDataStreams: C:\Users\User\Downloads\Epson_WF-3820_Series_EA_11_Web (3).exe:MBAM.Zone.Identifier [204]
AlternateDataStreams: C:\Users\User\Downloads\Epson_WF-3820_Series_EA_11_Web (4).exe:MBAM.Zone.Identifier [204]
AlternateDataStreams: C:\Users\User\Downloads\Epson_WF-3820_Series_EA_11_Web.exe:MBAM.Zone.Identifier [204]
AlternateDataStreams: C:\Users\User\Downloads\esetonlinescanner.exe:MBAM.Zone.Identifier [179]
AlternateDataStreams: C:\Users\User\Downloads\FileZilla_Server_1.7.3_win64-setup.exe:MBAM.Zone.Identifier [201]
AlternateDataStreams: C:\Users\User\Downloads\footer (1).php:shield [229]
AlternateDataStreams: C:\Users\User\Downloads\footer (2).php:shield [229]
AlternateDataStreams: C:\Users\User\Downloads\footer (3).php:shield [229]
AlternateDataStreams: C:\Users\User\Downloads\footer.php:shield [225]
AlternateDataStreams: C:\Users\User\Downloads\FRST.exe:MBAM.Zone.Identifier [238]
AlternateDataStreams: C:\Users\User\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\User\Downloads\gimp-2.10.34-setup (1).exe:MBAM.Zone.Identifier [142]
AlternateDataStreams: C:\Users\User\Downloads\gimp-2.10.34-setup.exe:MBAM.Zone.Identifier [142]
AlternateDataStreams: C:\Users\User\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe:MBAM.Zone.Identifier [107]
AlternateDataStreams: C:\Users\User\Downloads\IPDT_Installer_4.1.8.40_32bit.msi:MBAM.Zone.Identifier [144]
AlternateDataStreams: C:\Users\User\Downloads\IPDT_Installer_4.1.8.40_64bit (5).msi:MBAM.Zone.Identifier [144]
AlternateDataStreams: C:\Users\User\Downloads\JavaSetup8u401.exe:MBAM.Zone.Identifier [384]
AlternateDataStreams: C:\Users\User\Downloads\jdk-21_windows-x64_bin.exe:MBAM.Zone.Identifier [173]
AlternateDataStreams: C:\Users\User\Downloads\jre-8u391-windows-x64 (1).exe:MBAM.Zone.Identifier [405]
AlternateDataStreams: C:\Users\User\Downloads\nitro_pro14.exe:MBAM.Zone.Identifier [267]
AlternateDataStreams: C:\Users\User\Downloads\NordVPNSetup (1).exe:MBAM.Zone.Identifier [144]
AlternateDataStreams: C:\Users\User\Downloads\NordVPNSetup.exe:shield [149]
AlternateDataStreams: C:\Users\User\Downloads\pCloud_Windows_4.1.4_x64 (1).exe:MBAM.Zone.Identifier [251]
AlternateDataStreams: C:\Users\User\Downloads\pCloud_Windows_4.1.4_x64.exe:MBAM.Zone.Identifier [251]
AlternateDataStreams: C:\Users\User\Downloads\Support-LogMeInRescue (1).exe:MBAM.Zone.Identifier [125]
AlternateDataStreams: C:\Users\User\Downloads\Support-LogMeInRescue (2).exe:MBAM.Zone.Identifier [129]
AlternateDataStreams: C:\Users\User\Downloads\Support-LogMeInRescue (3).exe:MBAM.Zone.Identifier [129]
AlternateDataStreams: C:\Users\User\Downloads\Support-LogMeInRescue.exe:MBAM.Zone.Identifier [129]
AlternateDataStreams: C:\Users\User\Downloads\TB_Home_Trial_Installer_20230822.100000.exe:MBAM.Zone.Identifier [133]
AlternateDataStreams: C:\Users\User\Downloads\TeamsSetup_c_w_.exe:MBAM.Zone.Identifier [326]
AlternateDataStreams: C:\Users\User\Downloads\WF3620_x64_23202UsHomeExportAsiaML (1).exe:MBAM.Zone.Identifier [212]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uk.msn.com/?ocid=U220DHP&pc=U220
BHO: No Name -> {05400BFE-8EEF-4C17-AE55-E02D6BD93B56}' -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\x64\dgnriaie_x64.dll [2020-11-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\dgnriaie.dll [2020-11-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1612592072-1675306049-690807718-1001 -> No Name - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 202.170.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: ABBYY.Licensing.FineReader.15.0 => 2
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\StartupFolder: => "Office-Bibliothek-Direktsuche.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Device Detector 4.lnk"
HKLM\...\StartupApproved\StartupFolder: => "ScreenHunter7Pro-NonAdmin.exe.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "WSVCUUpdateHelper.exe"
HKLM\...\StartupApproved\Run: => "DataCollectionAgentController"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "DXM6Patch_981116"
HKLM\...\StartupApproved\Run32: => "uupdate"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "DolphinOceanicAccess"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "Dolphin Notifications"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "pCloud"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "Bonus.SSR.FR15"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E2A62F2EFCF52D2AD105647B23C0A2FD"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "GlassWire"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "WPSTool"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-1612592072-1675306049-690807718-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{47BFDD8B-D4C5-4C06-92CA-8B1C19CAC850}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6801DA6F-6D84-41FD-B1A9-5469700417C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2F357CED-B600-45C2-A3E4-F32B8CB0DF10}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{28CCBFEB-8A60-423B-8F72-CEA63D0E3F19}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{E089D2ED-704C-484B-9E7C-52497220B4B6}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{FF90948F-17DB-4B4F-8BB5-C3B3C898437B}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{4473FD5A-29F8-475B-AA9E-1F41827D0CCA}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{CC98BFCB-2676-4EAB-9673-17480EBDD7A0}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{6B424EBD-A84D-4518-94AD-7594865907DF}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{67FA476C-4B44-44A0-9735-5973096EA7AC}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{69A6DABE-14E8-45C1-921F-891986A9758C}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{AABE6B15-908F-4C60-A243-31B83069DA2B}] => (Allow) C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe (Realtek) [File not signed]
FirewallRules: [{699F0B4D-9E5A-4FA4-AA4A-CF8DC14F446F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CC3CE7F3-4FEF-4AD8-9067-0A4ED497C41D}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{EE7FC83B-D6F3-4FE8-8F1C-C675D43BA022}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{674044D9-6C0F-4919-8FED-19FA639E6A79}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F6E399B8-ED10-4F71-9E9B-C423E280D900}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{7001B655-898B-40FC-AC3D-31D290AE7193}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{7319286F-E1DA-4C9A-BF74-A20E469D8C46}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{A8C93658-ECCE-4A6C-8263-DC3A6109BCE8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{EFEA2D5B-D999-4192-A97B-39A11F0D610D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{66C8ADD0-531D-40A3-B7AE-C5EA0FEB39F8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{FF9A6790-48F3-416A-9F09-13B94CAF4760}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{6D90297A-4D97-48CC-89CB-56D384A009E1}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{2839773C-775B-49EE-ADA6-D8EDA51553EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FEC269D7-2ED8-4893-95B7-E089F6E8C7FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DDE1FB60-6F9E-4F5D-AA3F-7F0F6C8AB547}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{71D36C73-0503-447A-995B-4C17801529DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{90D0F965-1961-4093-93AC-8A1A053EE168}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{718A5D62-117F-4D57-B254-E21098CE30FF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{F8E3D871-DAFC-4401-B86E-C1BE5CA101C0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{9BEEEEF0-BE37-4D8D-A42D-783EB46177D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{BE198643-D06F-433C-B507-96B3321C64A2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{609D5165-C92E-4BDF-8171-9081F35B926B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C8D52A57-48A0-4D94-8668-22654D7A43CC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{580CE927-A756-4418-8550-123A051B9011}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{238DDFB2-D6C3-4866-B38F-B6C993B30907}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{81EBAADC-B80C-4DB2-90CE-90AF3F91D27B}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{687D5C65-E9C5-48B4-AC98-C3B6BCE5A0E3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{896ECD3D-FF37-4C39-93D6-B00D24951C38}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F171A644-7CC6-421F-B71F-5C3DE7EA6B0C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0563DB1C-EBD1-47F3-99ED-CCA174DADCA6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8C876634-03EF-4190-BFDE-FC39969B5958}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C5743A08-5B5C-4EA9-AF8F-6D9649AD8FA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C73C2613-A6CF-4D87-A693-029DFDA88AC7}] => (Allow) C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{3753F350-597F-495B-B9D4-EC7DC9AE4170}] => (Allow) C:\Program Files\AVG\Secure VPN\Vpn.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{B440BA1F-C979-412B-A4A8-92F7485A8226}] => (Allow) C:\Users\User\AppData\Local\Temp\WinGet\AnyDeskSoftwareGmbH.AnyDesk.8.0.9\AnyDesk.exe => No File
FirewallRules: [{80BFB230-A331-4963-9278-C4D4E909E875}] => (Allow) C:\Users\User\AppData\Local\Temp\WinGet\AnyDeskSoftwareGmbH.AnyDesk.8.0.9\AnyDesk.exe => No File
FirewallRules: [{42D26EF8-089A-405E-B764-B93385457A59}] => (Allow) C:\Users\User\AppData\Local\Temp\WinGet\AnyDeskSoftwareGmbH.AnyDesk.8.0.9\AnyDesk.exe => No File
FirewallRules: [{94297937-1DAD-48C1-8349-75E1985587E4}] => (Allow) C:\Users\User\AppData\Local\Temp\WinGet\AnyDeskSoftwareGmbH.AnyDesk.8.0.9\AnyDesk.exe => No File
FirewallRules: [{C331EF60-6A3F-4B46-9820-D0C9727011B6}] => (Allow) C:\Users\User\AppData\Local\Temp\WinGet\AnyDeskSoftwareGmbH.AnyDesk.8.0.9\AnyDesk.exe => No File
FirewallRules: [{6B6648D2-0EBD-4D3A-80C1-442A41D9E92A}] => (Allow) C:\Users\User\AppData\Local\Temp\WinGet\AnyDeskSoftwareGmbH.AnyDesk.8.0.9\AnyDesk.exe => No File
FirewallRules: [{1E30F203-3BFF-405E-A950-3B72A776D420}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{5CBABB67-25A8-4F29-83D1-987C7707054E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{4D28993A-692E-4781-A108-4E7B7D3581E9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{38C213B8-85F8-47A8-9EC8-B2F6738169E0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{D6050797-5D68-45FD-9546-DEB252B0F2B0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{4E1DDFE8-958C-431E-9AEC-F227260F04BB}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{A5AFFFBA-71C4-4D6E-A93C-DB210AC5CA6F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4563380-FF4F-49F5-BBED-2381111C0A05}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F6531E48-D92C-434F-A94B-5DCB4DCA4F94}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B375DF11-CF67-42A9-BAE4-F41E39C66D2D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{19547C6D-0364-46DA-90D0-94C7E3D84D41}] => (Allow) C:\Program Files\pCloud Drive\pCloud.exe (pCloud International AG -> )
FirewallRules: [{F4697B0D-5B32-4E7A-88BF-12428E8CADB3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F19E2644-65B0-45DA-BD5D-95F185E8E1DD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{DF1CD1B4-8AA4-457F-B18A-53A6163D28F8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{68D33979-C309-44B2-B44A-122C67D6AC69}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{0057B080-B070-404D-A53C-C3D775FD34DE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{D445C25B-69F0-4DDA-93AC-160724CA6D0B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{AF2FCA3E-972B-4FA6-8067-561D61B092AD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
==================== Restore Points =========================
27-03-2024 10:57:50 Windows Modules Installer
05-04-2024 10:43:34 Scheduled Checkpoint
08-04-2024 16:17:28 Windows Modules Installer
10-04-2024 08:09:36 Windows Modules Installer
10-04-2024 08:17:30 Windows Modules Installer
10-04-2024 08:20:09 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/12/2024 10:13:32 AM) (Source: DragonSvc) (EventID: 0) (User: )
Description: Error: Failed to get access to DgnEngineControl
Error: (04/12/2024 09:46:18 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-G3KB352)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (04/11/2024 08:34:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esrv_svc.exe, version: 2.4.0.10802, time stamp: 0x65d78103
Faulting module name: ntdll.dll, version: 10.0.19041.4239, time stamp: 0xad5435e9
Exception code: 0xc0000005
Fault offset: 0x0000000000063287
Faulting process ID: 0x27d0
Faulting application start time: 0x01da8c1fe7dcb815
Faulting application path: C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 6787e3c3-341b-414c-a279-51c9a8739742
Faulting package full name:
Faulting package-relative application ID:
Error: (04/11/2024 07:40:55 PM) (Source: DragonSvc) (EventID: 0) (User: )
Description: Error: Failed to get access to DgnEngineControl
Error: (04/11/2024 06:14:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ensserver.exe, version: 0.0.0.0, time stamp: 0x622838d2
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x6763d3a2
Exception code: 0xc0000409
Fault offset: 0x0009eddb
Faulting process ID: 0x1550
Faulting application start time: 0x01da8bffdfc7ed86
Faulting application path: C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report ID: 17c13907-2ee7-4a9c-aff3-ca9e15f6c27b
Faulting package full name:
Faulting package-relative application ID:
Error: (04/11/2024 02:43:04 PM) (Source: DragonSvc) (EventID: 0) (User: )
Description: Error: Failed to get access to DgnEngineControl
Error: (04/11/2024 12:08:09 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-G3KB352)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (04/11/2024 11:13:42 AM) (Source: DragonSvc) (EventID: 0) (User: )
Description: Error: Failed to get access to DgnEngineControl
System errors:
=============
Error: (04/12/2024 10:18:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/12/2024 10:18:55 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/12/2024 10:01:13 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/12/2024 10:01:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/12/2024 09:50:02 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/12/2024 09:43:25 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/12/2024 09:42:46 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (04/12/2024 09:42:45 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Windows Defender:
================
Date: 2023-11-07 13:11:43
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-11-07 11:22:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-11-06 16:27:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-08-05 09:48:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-08-02 10:48:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-01-23 19:33:05
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2230.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x8007045b
Error description: A system shutdown is in progress.
Date: 2024-01-23 13:19:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2230.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80070643
Error description: Fatal error during installation.
Date: 2024-01-23 13:19:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.403.2565.0
Previous security intelligence Version: 1.403.2230.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23110.2
Previous Engine Version: 1.1.23110.2
Error code: 0x80004004
Error description: Operation aborted
Date: 2024-01-23 13:19:31
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.403.2565.0
Previous security intelligence Version: 1.403.2230.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23110.2
Previous Engine Version: 1.1.23110.2
Error code: 0x80004004
Error description: Operation aborted
Date: 2024-01-20 15:29:37
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.403.2416.0
Previous security intelligence Version: 1.403.2230.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23110.2
Previous Engine Version: 1.1.23110.2
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===============
Date: 2024-04-12 10:40:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2024-04-12 10:39:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Dolphin\SnovaReadMag1905\amd64\dolwinhk.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1102 07/08/2014
Motherboard: ASUSTeK COMPUTER INC. P8H77-I
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 85%
Total physical RAM: 7875.16 MB
Available physical RAM: 1172.39 MB
Total Virtual: 11203.16 MB
Available Virtual: 2969.29 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.88 GB) (Free:309.72 GB) (Model: Samsung SSD 860 EVO 1TB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:391.08 GB) (Model: Seagate BUP Slim SCSI Disk Device) NTFS
Drive h: (ESD-USB) (Removable) (Total:28.62 GB) (Free:17.72 GB) FAT32
\\?\Volume{01246a91-4b12-48da-8067-bfac3dae4433}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{be2f246b-6bd2-4324-b916-2152eaf99794}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 2 (Protective MBR) (Size: 28.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Back to top
