Am I Infected?

Collapse
X
Collapse
 
  • Page of 3
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • jUstcAllmEdOc
    PCHF Member
    • Oct 2021
    • 44
    #1

    Am I Infected?

    Have I been hacked and am I infected?
    ty,
    dOc
    Tags: None
    • veeg
      PCHF Director
      • Jul 2016
      • 8982
      #2
      Hello

      I will tag our expert.

      @Malnutrition

        Comment

        • jUstcAllmEdOc
          PCHF Member
          • Oct 2021
          • 44
          #3
          ty

            Comment

            • Malnutrition
              PCHF Moderator
              • Jul 2016
              • 7045
              #4
              Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

              If you are unsure if your operating system is 32 or 64 Bit please go HERE.
              Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"
              [IMG alt=“icon2.jpg”]https://pchelpforum.net/attachments/icon2-jpg.794/
              If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
              FRST will open with two dialogue boxes, accept the disclaimer.
              Code:
                 [IMG alt="frst disclaimer.jpg"]https://pchelpforum.net/attachments/frst-disclaimer-jpg.795/
              [ol]
              [li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it.[/li][li]Then select Scan[/li][/ol]
              [IMG alt=“frst.jpg”]https://pchelpforum.net/attachments/frst-jpg.796/
              Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
              Code:
                 [IMG alt="2016-08-12_152002.jpg"]https://pchelpforum.net/attachments/2016-08-12_152002-jpg.797/
              Please Copy and Paste the contents of these logs in your next post for review by our Security Team[/IMG]

                Comment

                • jUstcAllmEdOc
                  PCHF Member
                  • Oct 2021
                  • 44
                  #5
                  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023

                  Code:
                  Ran by justc (administrator) on DESKTOP-OKFJGL4 (Dell Inc. Inspiron 24-3455) (25-09-2023 22:46:23)
Running from C:\Users\justc\Desktop\FRST64.exe
Loaded Profiles: justc
Platform: Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(C:\Program Files\Verizon Cloud\Verizon Cloud.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe <22>
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23072.153.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23072.153.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(Canon Inc. → CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(cmd.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <2>
(DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. → AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(explorer.exe ->) (Google LLC → Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <21>
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.920.900_x64__8wekyb3d8bbwe\olk.exe
(explorer.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Skype Software Sarl → Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.104.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(explorer.exe ->) (Verizon Data Services LLC → Verizon) C:\Program Files\Verizon Cloud\Verizon Cloud.exe
(explorer.exe ->) (Waves Inc → Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe <2>
(Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <18>
(services.exe ->) (Advanced Micro Devices, Inc. → AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(services.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Michael Maltsev → Ramen Software) C:\Program Files\Windhawk\windhawk.exe <2>
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Qualcomm Atheros → Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Verizon Data Services LLC → Verizon) C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe
(services.exe ->) (Waves Inc → Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Corporation → ) C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe\RdClient.Windows.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21580.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3385_none_7e1c800a7c81ffd9\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher → Logitech)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235440 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1494000 2017-06-19] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc → Waves Audio Ltd.)
HKLM-x32...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (Canon Inc. → CANON INC.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586016 2023-09-22] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [MicrosoftEdgeAutoLaunch_46C0173F98CBD0BEB36BBC1DDC54FE9A] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4210232 2023-09-23] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [com.messenger] => “C:\Users\justc\AppData\Local\Programs\Messenger\Messenger.exe” messenger://openAtLogin (No File)
HKU\S-1-5-21-2215749033-445842302-415398914-1001...\Run: [com.verizon.verizoncloud] => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8991568 2023-08-25] (Verizon Data Services LLC → Verizon)
HKU\S-1-5-21-2215749033-445842302-415398914-1001...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm --disable-nacl --origin-trial-disabled-features=WebGPU --profile-directory=Default --source-shortcut="C (the data entry has 65 more characters). [3239200 2023-09-15] (Google LLC → Google LLC)
HKLM...\Windows x64\Print Processors\Canon MX340 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA5.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher → CANON INC.)
HKLM...\Print\Monitors\Canon BJ Language Monitor MX340 series: C:\Windows\system32\CNMLMA5.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher → CANON INC.)
HKLM...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM...\Print\Monitors\Canon MP FAX Language Monitor MX340 series: C:\Windows\system32\CNCF2Lk.DLL [343552 2009-10-22] (Microsoft Windows Hardware Compatibility Publisher → Canon Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files\Google\Chrome\Application\117.0.5938.89\Installer\chrmstp.exe [2023-09-17] (Google LLC → Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6EA4340F-4DCB-4548-8010-72A3DDCAED67} - System32\Tasks\GoogleUpdateTaskMachineCore{6BCD498D-EAE8-4972-BEBF-73EDBE3A0D6F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-17] (Google LLC → Google LLC)
Task: {8A99C8CB-E11D-414D-AAE3-C816090ED3FF} - System32\Tasks\GoogleUpdateTaskMachineUA{DE2B8264-B4FC-4FEF-AF29-8679B6F43F3B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-17] (Google LLC → Google LLC)
Task: {3541479C-9E00-4C86-89B4-4733D146B046} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2215749033-445842302-415398914-1001 => C:\Users\justc\AppData\Local\Programs\Messenger\MessengerHelper.exe [2277624 2023-09-18] (Facebook, Inc. → Meta Platforms, Inc.)
Task: {968DA233-F9F1-4AA7-9E2E-526EEE54A5E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation → Microsoft Corporation)
Task: {C19D2BE0-D086-4C07-A6C5-2989B75298D3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation → Microsoft Corporation)
Task: {C59D72F3-F17B-4B6E-815A-D62ED90309AF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Task: {397A1367-8A4B-413F-98F9-A6409547A1B4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Task: {5BCAF57A-B715-4F20-9434-E9E142B2841D} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Task: {36542EAA-D807-4401-A1ED-CF6A56F0B085} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-09-22] (Microsoft Corporation → Microsoft Corporation)
Task: {BDA65BBA-3279-4AFD-A9DE-FB3351CA4145} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2215749033-445842302-415398914-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-09-22] (Microsoft Corporation → Microsoft Corporation)
Task: {16F7FE9F-3E7B-421D-8E20-2ED726C9B4E8} - System32\Tasks\VerizonCloud\APMPublisherTask => C:\Program Files\Verizon Cloud\Verizon Cloud.exe [8991568 2023-08-25] (Verizon Data Services LLC → Verizon)
Task: {9CD903BD-348C-435F-8348-55FFCFF84A75} - System32\Tasks\WindhawkRunUITask => C:\Program Files\Windhawk\windhawk.exe [762840 2023-09-17] (Michael Maltsev → Ramen Software)
Task: {FFB69C4A-AA21-4444-8562-4FBAA0388A3D} - System32\Tasks\WindhawkUpdateTask => C:\Program Files\Windhawk\windhawk.exe [762840 2023-09-17] (Michael Maltsev → Ramen Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 206.225.75.225 206.225.75.226
Tcpip..\Interfaces{732b5a0e-6a0a-43bc-9969-18d77e06b00a}: [DhcpNameServer] 206.225.75.225 206.225.75.226
HKLM\System...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.4.21,1]
[HEADING=1]Edge:[/HEADING]
Edge DefaultProfile: Default
Edge Profile: C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-25]
Edge HomePage: Default → hxxps://besthomepageever.com/
Edge StartupUrls: Default → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/”
Edge NewTab: Default → Not-active:“chrome-extension://pnjcioekgpbcdgcnklcnmihpgjjimgoc/newTab.html”
Edge DefaultSearchURL: Default → hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default → duckduckgo.com
Edge DefaultSuggestURL: Default → hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Avira Safe Shopping) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-09-20]
Edge Extension: (DuckDuckGo) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2023-09-20]
Edge Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2023-09-17]
Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-09-23]
Edge Extension: (Browsec VPN - Free VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fjnehcbecaggobjholekjijaaekbnlgj [2023-09-20]
Edge Extension: (NordVPN - VPN Proxy for Privacy and Security) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fphgeikpdcdcheaochkhldmnfblfogla [2023-09-20]
Edge Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-19]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-20]
Edge Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17]
Edge Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17]
Edge Extension: (Edge relevant text changes) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-19]
Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2023-09-20]
Edge Extension: (Microsoft Outlook) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kkpalkknhlklpbflpcpkepmmbnmfailf [2023-09-20]
Edge Extension: (Norton Password Manager) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2023-09-17]
Edge Extension: (Tubi Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\loiiabknhcakflegiolohkabmacjicbc [2023-09-21]
Edge Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17]
Edge Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-23]
Edge Extension: (UltraWide Streaming: custom fullscreen ratios) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofkcbakkpjefjndcmbkokadbmmaimnlp [2023-09-20]
Edge Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-09-20]
Edge Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-17]
Edge Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-17]
Edge Extension: (Best Homepage Ever UK - New Tab Quick Launch) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pnjcioekgpbcdgcnklcnmihpgjjimgoc [2023-09-17]
Edge Profile: C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-09-19]
Edge HomePage: Profile 1 → hxxps://besthomepageever.com/
Edge StartupUrls: Profile 1 → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/”
Edge NewTab: Profile 1 → Active:“chrome-extension://pnjcioekgpbcdgcnklcnmihpgjjimgoc/newTab.html”
Edge Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2023-09-17]
Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-09-17]
Edge Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2023-09-17]
Edge Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17]
Edge Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17]
Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2023-09-17]
Edge Extension: (Norton Password Manager) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2023-09-17]
Edge Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17]
Edge Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-17]
Edge Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-17]
Edge Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-17]
Edge Extension: (Best Homepage Ever UK - New Tab Quick Launch) - C:\Users\justc\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pnjcioekgpbcdgcnklcnmihpgjjimgoc [2023-09-17]
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Profile: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default [2023-09-25]
CHR HomePage: Default → hxxps://besthomepageever.com/
CHR StartupUrls: Default → “hxxps://www.foxnews.com/”,“hxxps://besthomepageever.com/”
CHR NewTab: Default → Active:“chrome-extension://omdkehkdnojcndhhilglklegbakenkgb/newTab.html”
CHR DefaultSearchURL: Default → hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default → bing.com
CHR DefaultNewTabURL: Default → hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default → hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Extension: (Norton Password Manager) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2023-09-17]
CHR Extension: (Best Free Maps) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlielhlgedcjnbkilihjhoheammcbgm [2023-09-17]
CHR Extension: (DuckDuckGo) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-09-17]
CHR Extension: (Hulu PIP) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnojbahbfmbhhpkcoihncbojdlhbnj [2023-09-17]
CHR Extension: (uBlock Origin) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-09-23]
CHR Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2023-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-17]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2023-09-17]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-09-19]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-09-17]
CHR Extension: (Netflix Picture in Picture now for Prime & D+) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmakgpojigahjdalffbkimpnpabelio [2023-09-17]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-09-21]
CHR Extension: (Sea Foam) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lahipjfggmgneaopcckkaipmoandaboo [2023-09-17]
CHR Extension: (Paramount Plus Picture In Picture) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfmgdailbkanbdajodjgmgncbeflcnci [2023-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-17]
CHR Extension: (Best Homepage Ever - New Tab Quick Launch) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdkehkdnojcndhhilglklegbakenkgb [2023-09-17]
CHR Extension: (iCloud Passwords) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2023-09-17]
CHR Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2023-09-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation → Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncHelper.exe [3511720 2023-09-22] (Microsoft Corporation → Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-09-17] (Malwarebytes Inc. → Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.184.0903.0002\OneDriveUpdaterService.exe [3848608 2023-09-22] (Microsoft Corporation → Microsoft Corporation)
R2 VCUpdateSvc; C:\Program Files\Verizon Cloud\VerizonCloudUpdater.exe [54608 2023-08-25] (Verizon Data Services LLC → Verizon)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-17] (Microsoft Windows Publisher → Microsoft Corporation)
R2 Windhawk; C:\Program Files\Windhawk\windhawk.exe [762840 2023-09-17] (Michael Maltsev → Ramen Software)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-09-17] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-09-17] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-09-17] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2023-09-24] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-09-24] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-09-17] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-09-24] (Malwarebytes Inc. → Malwarebytes)
S3 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-17] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
S3 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-17] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-17] (Microsoft Windows → Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-25 22:46 - 2023-09-25 22:48 - 000027866 _____ C:\Users\justc\Desktop\FRST.txt
2023-09-25 22:45 - 2023-09-25 22:47 - 000000000 ___D C:\FRST
2023-09-25 22:44 - 2023-09-25 22:45 - 002382848 _____ (Farbar) C:\Users\justc\Desktop\FRST64.exe
2023-09-25 17:49 - 2023-09-25 17:49 - 057494344 _____ C:\Users\justc\Downloads\TotalAV_Setup (1).exe
2023-09-25 17:05 - 2023-09-25 17:05 - 005252911 _____ C:\Users\justc\Downloads\Fw more piks, couldn’t find none of rusty and bian younger.. tryin to make sure all the kids and g kids and g g kids are in.eml
2023-09-25 14:05 - 2023-09-25 19:53 - 000000000 ____D C:\Program Files (x86)\TotalAV
2023-09-25 14:05 - 2023-09-25 17:50 - 000001060 _____ C:\Users\Public\Desktop\TotalAV.lnk
2023-09-25 14:05 - 2023-09-25 14:05 - 000000000 ____D C:\ProgramData\TotalAV
2023-09-25 14:04 - 2023-09-25 14:05 - 057494344 _____ C:\Users\justc\Downloads\TotalAV_Setup.exe
2023-09-25 10:54 - 2023-09-25 10:54 - 000000000 ____D C:\Users\justc\Verizon Cloud
2023-09-24 18:48 - 2023-09-24 18:48 - 000000000 ____D C:\Users\justc\Desktop\2023_09_24
2023-09-24 16:35 - 2023-09-24 16:35 - 000175687 _____ C:\Users\justc\Downloads\HarrellRaeleigh.pdf
2023-09-24 16:32 - 2023-09-24 16:32 - 022152410 _____ C:\Users\justc\Downloads\champion power washer manual.pdf
2023-09-24 16:30 - 2023-09-24 16:30 - 000000000 ____D C:\Users\justc\AppData\LocalLow\webviewdata
2023-09-24 16:13 - 2023-09-24 16:13 - 000000000 ____D C:\ProgramData\VerizonCloud
2023-09-24 16:12 - 2023-09-24 16:34 - 000000000 ____D C:\Users\justc\AppData\Local\VerizonCloud-Data
2023-09-24 16:12 - 2023-09-24 16:13 - 000000000 ____D C:\Windows\system32\Tasks\VerizonCloud
2023-09-24 16:12 - 2023-09-24 16:12 - 000000000 ____D C:\Users\justc\AppData\Local\IsolatedStorage
2023-09-24 16:09 - 2023-09-24 16:09 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-09-24 15:49 - 2023-09-24 15:49 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Cloud.lnk
2023-09-24 15:49 - 2023-09-24 15:49 - 000002521 _____ C:\Users\Public\Desktop\Verizon Cloud.lnk
2023-09-24 15:49 - 2023-09-24 15:49 - 000000000 ____D C:\Program Files\Verizon Cloud
2023-09-24 15:37 - 2023-09-24 15:48 - 028643328 _____ C:\Users\justc\Downloads\pc-vzcloud-install.msi
2023-09-24 14:16 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Desktop\Pool.Snooker (2).zip
2023-09-21 21:48 - 2023-09-21 21:48 - 000000721 _____ C:\Users\justc\Downloads\ATT00001
2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\Users\justc\AppData\Roaming\CDTPL
2023-09-21 20:34 - 2023-09-21 20:34 - 000000000 ____D C:\ProgramData\CDTPL
2023-09-21 20:32 - 2023-09-21 20:33 - 087778968 _____ (SysTools Software Pvt Ltd ) C:\Users\justc\Downloads\pst-converter.exe
2023-09-21 07:33 - 2023-09-21 07:33 - 000002967 _____ C:\Users\justc\Downloads\ATT00001.htm
2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\system32\RTCOM
2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files\Waves
2023-09-20 09:44 - 2023-09-20 09:44 - 000000000 ____D C:\Program Files (x86)\Realtek
2023-09-20 09:42 - 2023-09-20 09:44 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Windows\system32\SRSLabs
2023-09-20 09:42 - 2023-09-20 09:42 - 000000000 ____D C:\Program Files\Realtek
2023-09-20 09:42 - 2017-06-19 04:19 - 005762544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2023-09-20 09:42 - 2017-06-19 04:19 - 003685872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2023-09-20 09:42 - 2017-06-19 04:19 - 003545984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 003541896 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 003213808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 001373792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000706472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000692504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000545808 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000460424 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000399448 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000355480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000333272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000232696 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000225480 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000220120 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000176456 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000174608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000161928 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000144168 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000120696 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000097952 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000094152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2023-09-20 09:42 - 2017-06-19 04:19 - 000032384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 013245712 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 013110360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 012129784 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 007181592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 007104872 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 003795400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2023-09-20 09:42 - 2017-06-19 04:18 - 002320104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 002218480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 002058864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 001991768 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 001804920 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 001613696 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 001530848 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 001444232 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 001233064 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 001185168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 001017424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000759192 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000742512 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000723208 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000693008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000517448 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000457992 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000453824 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000342264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000339112 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000283904 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000264952 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000264880 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000263928 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000212240 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll
2023-09-20 09:42 - 2017-06-19 04:18 - 000131008 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2023-09-20 09:39 - 2017-10-01 20:13 - 000984032 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker.zip
2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (2).zip
2023-09-20 00:15 - 2023-09-20 00:16 - 012339253 _____ C:\Users\justc\Downloads\Pool.Snooker (1).zip
2023-09-19 14:50 - 2023-09-19 14:50 - 000000000 ____D C:\Windows\system32\Tasks\Meta
2023-09-19 14:49 - 2023-09-21 15:51 - 000000000 ____D C:\Users\justc\AppData\Roaming\Messenger
2023-09-19 14:49 - 2023-09-21 15:51 - 000000000 ____D C:\Users\justc\AppData\Local\Messenger
2023-09-19 14:49 - 2023-09-19 14:49 - 000002333 _____ C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Messenger
2023-09-19 14:49 - 2023-09-19 14:49 - 000000000 ____D C:\Users\justc\AppData\Local\messenger-updater
2023-09-19 14:48 - 2023-09-19 14:49 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225 (1).exe
2023-09-19 14:48 - 2023-09-19 14:48 - 076276840 _____ (Facebook, Inc.) C:\Users\justc\Downloads\Messenger.195.0.0.4.225.exe
2023-09-19 14:35 - 2023-09-19 14:35 - 000000089 _____ C:\Users\justc\Desktop\recovery_codes.txt
2023-09-19 14:34 - 2023-09-19 14:34 - 000000089 _____ C:\Users\justc\Downloads\recovery_codes.txt
2023-09-19 12:51 - 2023-09-19 12:51 - 000136344 _____ C:\Users\justc\Downloads\163217533609.JPEG
2023-09-19 10:16 - 2023-09-19 10:16 - 000006876 _____ C:\Users\justc\Downloads\start2.bin
2023-09-19 09:27 - 2023-09-23 09:02 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-18 17:13 - 2023-09-18 17:13 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\InputMethod
2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\UProof
2023-09-18 13:14 - 2023-09-18 13:14 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Proof
2023-09-17 23:01 - 2023-09-17 23:01 - 000000000 ___HD C:\ProgramData\CanonIJScan
2023-09-17 23:00 - 2023-09-17 23:01 - 000000000 ____D C:\Users\justc\AppData\Roaming\Canon
2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series
2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
2023-09-17 22:57 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Canon IJ Network Tool
2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ___HD C:\ProgramData\CanonBJ
2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ___HD C:\Program Files\CanonBJ
2023-09-17 22:56 - 2023-09-17 22:56 - 000000000 ____D C:\Windows\system32\STRING
2023-09-17 22:56 - 2012-06-14 17:18 - 000366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2023-09-17 22:56 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2023-09-17 22:56 - 2012-06-14 17:18 - 000039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2023-09-17 22:55 - 2023-09-17 22:55 - 032939648 _____ C:\Users\justc\Downloads\mp68-win-mx340-1_06-ea24.exe
2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2023-09-17 22:49 - 2023-09-17 22:57 - 000000000 ____D C:\Program Files (x86)\Canon
2023-09-17 22:48 - 2023-09-17 22:49 - 047823992 _____ C:\Users\justc\Downloads\mpnx_3_1-win-3_14-ej.exe
2023-09-17 21:37 - 2023-09-25 16:48 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Word
2023-09-17 21:37 - 2023-09-22 18:41 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-17 21:37 - 2023-09-22 18:41 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-17 21:37 - 2023-09-17 21:48 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Office
2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ___RD C:\Users\Default\OneDrive
2023-09-17 21:37 - 2023-09-17 21:37 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\AddIns
2023-09-17 21:35 - 2023-09-17 21:35 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-09-17 21:34 - 2023-09-17 21:34 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-09-17 21:34 - 2023-09-17 21:34 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-09-17 21:34 - 2023-09-17 21:34 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-09-17 21:34 - 2023-09-17 21:34 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-09-17 21:34 - 2023-09-17 21:34 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-09-17 21:34 - 2023-09-17 21:34 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-09-17 21:34 - 2023-09-17 21:34 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-09-17 21:34 - 2023-09-17 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-09-17 21:27 - 2023-09-17 21:35 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-17 21:27 - 2023-09-17 21:27 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-09-17 21:11 - 2023-09-25 19:53 - 000000000 ____D C:\Users\justc\AppData\Local\CrashDumps
2023-09-17 21:11 - 2023-09-17 21:14 - 000000000 ____D C:\ProgramData\Windhawk
2023-09-17 21:11 - 2023-09-17 21:11 - 000003562 _____ C:\Windows\system32\Tasks\WindhawkUpdateTask
2023-09-17 21:11 - 2023-09-17 21:11 - 000003000 _____ C:\Windows\system32\Tasks\WindhawkRunUITask
2023-09-17 21:11 - 2023-09-17 21:11 - 000001824 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windhawk.lnk
2023-09-17 21:10 - 2023-09-17 21:10 - 000000000 ____D C:\Users\justc\AppData\LocalLow\Temp
2023-09-17 21:09 - 2023-09-17 21:11 - 000000000 ____D C:\Program Files\Windhawk
2023-09-17 21:08 - 2023-09-17 21:09 - 129469224 _____ (Ramen Software) C:\Users\justc\Downloads\windhawk_setup.exe
2023-09-17 20:55 - 2023-09-17 21:34 - 000000000 ___HD C:$WINDOWS.~BT
2023-09-17 20:54 - 2023-09-17 20:54 - 000000000 ___HD C:$GetCurrent
2023-09-17 20:54 - 2023-09-17 20:54 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-09-17 19:45 - 2023-09-17 19:45 - 000000000 ____D C:\Users\justc\AppData\Local\ElevatedDiagnostics
2023-09-17 19:17 - 2023-09-17 19:22 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\MMC
2023-09-17 17:45 - 2023-09-19 23:29 - 000000000 ____D C:\Windows\Panther
2023-09-17 17:33 - 2023-09-17 17:38 - 000000000 ____D C:\Users\justc\Documents\malwarebytes license key
2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagwrn.xml
2023-09-17 17:27 - 2023-09-17 21:34 - 000001908 _____ C:\Windows\diagerr.xml
2023-09-17 17:27 - 2023-09-17 19:53 - 000000001 _____ C:\Users\justc\AppData\Roaming\c
2023-09-17 17:27 - 2023-09-17 19:53 - 000000000 ____D C:\Scripts
2023-09-17 17:09 - 2023-09-25 16:14 - 000000000 ____D C:\Users\justc\AppData\Local\Malwarebytes
2023-09-17 17:09 - 2023-09-17 17:09 - 000000000 ____D C:\Users\justc\AppData\Local\mbam
2023-09-17 17:08 - 2023-09-17 17:08 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-09-17 17:08 - 2023-09-17 17:08 - 000000000 ____D C:\Users\justc\Tracing
2023-09-17 17:07 - 2023-09-17 17:07 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5 (1).exe
2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-09-17 17:07 - 2023-09-17 17:07 - 000000000 ____D C:\Program Files\Malwarebytes
2023-09-17 17:06 - 2023-09-17 17:06 - 002606880 _____ (Malwarebytes) C:\Users\justc\Downloads\MBSetup-5.5.exe
2023-09-17 16:54 - 2023-09-17 16:54 - 000000000 ___HD C:$Windows.~WS
2023-09-17 16:49 - 2023-09-17 16:49 - 000000000 _SHDL C:\Documents and Settings
2023-09-17 16:46 - 2023-09-25 22:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-17 16:46 - 2023-09-24 18:10 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-17 16:46 - 2023-09-24 16:09 - 000008192 ___SH C:\DumpStack.log.tmp
2023-09-17 16:46 - 2023-09-24 16:09 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-17 16:46 - 2023-09-19 23:18 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-17 16:46 - 2023-09-18 08:05 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-17 16:46 - 2023-09-18 08:05 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-09-17 16:46 - 2023-09-17 16:46 - 000000000 ____D C:\Windows\ServiceProfiles
2023-09-17 16:46 - 2023-09-17 16:08 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-09-17 16:43 - 2023-09-17 17:08 - 000000000 ____D C:\ESD
2023-09-17 16:23 - 2023-09-17 16:23 - 000000000 ___HD C:$WinREAgent
2023-09-17 16:21 - 2023-09-17 20:06 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2023-09-17 16:12 - 2023-09-17 16:12 - 000000000 ____H C:\Users\justc\Documents\Default.rdp
2023-09-17 16:09 - 2023-09-17 16:09 - 000000000 ____D C:\Users\justc\AppData\Local\OneDrive
2023-09-17 15:58 - 2023-09-17 15:58 - 000002888 _____ C:\Users\justc\Desktop\Child support portal pin.odt
2023-09-17 15:50 - 2023-09-17 15:58 - 000000000 ____D C:\Windows\system32\MRT
2023-09-17 15:46 - 2023-09-17 15:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-17 15:44 - 2023-09-17 15:44 - 000001345 _____ C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2023-09-17 15:44 - 2023-09-17 15:44 - 000000000 ____D C:\Users\justc\AppData\Local\PCHealthCheck
2023-09-17 14:55 - 2023-09-17 14:55 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPool.lnk
2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Users\Public\Documents\Memir Games
2023-09-17 14:55 - 2023-09-17 14:55 - 000000000 ____D C:\Program Files (x86)\ipool
2023-09-17 14:54 - 2023-09-17 14:54 - 007933240 _____ (Stratician ) C:\Users\justc\Downloads\setup2302.exe
2023-09-17 14:53 - 2023-09-17 14:53 - 000000000 ____D C:\Users\Public\Documents\Stratician Online
2023-09-17 14:52 - 2023-09-17 14:52 - 000001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSnooker.lnk
2023-09-17 14:52 - 2023-09-17 14:52 - 000000000 ____D C:\Program Files (x86)\iSnooker
2023-09-17 14:51 - 2023-09-17 14:51 - 032390920 _____ (Stratician ) C:\Users\justc\Downloads\setup2528.exe
2023-09-17 14:36 - 2023-09-17 14:36 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Users\justc\AppData\Local\Google
2023-09-17 14:36 - 2023-09-17 14:36 - 000000000 ____D C:\Program Files\Google
2023-09-17 14:35 - 2023-09-25 22:46 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-17 14:35 - 2023-09-18 18:41 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{DE2B8264-B4FC-4FEF-AF29-8679B6F43F3B}
2023-09-17 14:35 - 2023-09-18 18:41 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6BCD498D-EAE8-4972-BEBF-73EDBE3A0D6F}
2023-09-17 14:35 - 2023-09-17 14:35 - 001372712 _____ (Google LLC) C:\Users\justc\Downloads\ChromeSetup.exe
2023-09-17 14:22 - 2023-09-17 15:08 - 000000000 ____D C:\Users\justc\AppData\Local\Comms
2023-09-17 14:10 - 2023-09-17 20:06 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Spelling
2023-09-17 14:08 - 2023-09-22 18:41 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2215749033-445842302-415398914-1001
2023-09-17 14:08 - 2023-09-20 12:48 - 000000000 ____D C:\Users\justc\AppData\Local\PlaceholderTileLogoFolder
2023-09-17 14:08 - 2023-09-17 14:08 - 000000000 ___HD C:\OneDriveTemp
2023-09-17 14:07 - 2023-09-24 16:13 - 000000000 ___RD C:\Users\justc\OneDrive
2023-09-17 14:07 - 2023-09-17 14:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-09-17 14:05 - 2023-09-25 11:42 - 000000000 ____D C:\Users\justc\AppData\Local\Packages
2023-09-17 14:05 - 2023-09-25 11:42 - 000000000 ____D C:\ProgramData\Packages
2023-09-17 14:05 - 2023-09-24 16:50 - 000000000 ____D C:\Users\justc\AppData\Local\D3DSCache
2023-09-17 14:05 - 2023-09-23 09:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-17 14:05 - 2023-09-21 22:28 - 000000000 ____D C:\Users\justc\AppData\Local\ConnectedDevicesPlatform
2023-09-17 14:05 - 2023-09-17 20:06 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Crypto
2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ___RD C:\Users\justc\3D Objects
2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Vault
2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Network
2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Adobe
2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\LocalLow\AMD
2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\VirtualStore
2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\Publishers
2023-09-17 14:05 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Local\AMD
2023-09-17 14:00 - 2023-09-24 16:08 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\SystemCertificates
2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Windows\system32\AMD
2023-09-17 14:00 - 2023-09-17 14:00 - 000000000 ____D C:\Program Files\AMD
2023-09-17 14:00 - 2020-10-29 16:31 - 000107560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2023-09-17 13:59 - 2023-09-25 10:54 - 000000000 ____D C:\Users\justc
2023-09-17 13:59 - 2023-09-19 14:51 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Credentials
2023-09-17 13:59 - 2023-09-17 14:05 - 000000000 ____D C:\Users\justc\AppData\Roaming\Microsoft\Windows
2023-09-17 13:59 - 2023-09-17 13:59 - 000000020 ___SH C:\Users\justc\ntuser.ini
2023-09-17 13:59 - 2023-09-17 13:59 - 000000000 ___SD C:\Users\justc\AppData\Roaming\Microsoft\Protect
2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-09-17 13:59 - 2020-10-29 16:33 - 001783920 _____ C:\Windows\system32\vulkaninfo.exe
2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-09-17 13:59 - 2020-10-29 16:33 - 001374320 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-09-17 13:59 - 2020-10-29 16:33 - 001085360 _____ C:\Windows\system32\vulkan-1.dll
2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-09-17 13:59 - 2020-10-29 16:33 - 000944208 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-09-17 13:59 - 2020-10-29 16:33 - 000736880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2023-09-17 13:59 - 2020-10-29 16:33 - 000046704 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2023-09-17 13:59 - 2020-10-29 16:33 - 000043632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 064809072 _____ C:\Windows\system32\amd_comgr.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 053684848 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 004630640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 004141168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 001774192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 001341552 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000760432 _____ (AMD) C:\Windows\system32\atieclxx.exe
2023-09-17 13:59 - 2020-10-29 16:32 - 000621168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000496752 _____ C:\Windows\system32\GameManager64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000493168 _____ C:\Windows\system32\dgtrayicon.exe
2023-09-17 13:59 - 2020-10-29 16:32 - 000468592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000456304 _____ C:\Windows\system32\atieah64.exe
2023-09-17 13:59 - 2020-10-29 16:32 - 000432752 _____ C:\Windows\system32\EEURestart.exe
2023-09-17 13:59 - 2020-10-29 16:32 - 000380016 _____ C:\Windows\SysWOW64\GameManager32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000351856 _____ C:\Windows\SysWOW64\atieah32.exe
2023-09-17 13:59 - 2020-10-29 16:32 - 000339568 _____ C:\Windows\system32\clinfo.exe
2023-09-17 13:59 - 2020-10-29 16:32 - 000245360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000213104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000186992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000182392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000167024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000166512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000158656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000156784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000142448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000140912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000135792 _____ (AMD) C:\Windows\system32\atimuixx.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000134768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000125552 _____ C:\Windows\system32\atidxx64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000122480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000120432 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000107632 _____ C:\Windows\SysWOW64\atidxx32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000107120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000090736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000075376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2023-09-17 13:59 - 2020-10-29 16:32 - 000070256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 071030384 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 001686016 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 001365368 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000941168 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000768624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000553584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000546800 _____ C:\Windows\system32\amdmiracast.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000489584 _____ C:\Windows\system32\amdgfxinfo64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000466544 _____ C:\Windows\system32\amdlogum.exe
2023-09-17 13:59 - 2020-10-29 16:31 - 000383600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000380016 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000198312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000167400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000135928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000130232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000120264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2023-09-17 13:59 - 2020-10-29 16:31 - 000108248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2023-09-17 13:59 - 2020-10-29 15:29 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin
2023-09-17 13:59 - 2020-10-29 15:29 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2023-09-17 13:59 - 2020-10-29 15:29 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin
2023-09-17 13:59 - 2020-10-29 15:29 - 000121168 _____ C:\Windows\system32\kapp_si.sbin
2023-09-17 13:54 - 2023-09-24 16:16 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-25 22:46 - 2023-05-05 08:27 - 000000000 ____D C:\Windows\SystemTemp
2023-09-25 18:01 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-25 11:47 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness
2023-09-25 11:42 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-24 23:05 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF
2023-09-24 16:08 - 2019-12-07 05:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-09-24 15:49 - 2023-05-05 08:22 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\ProjectedFSLib.dll
2023-09-24 15:49 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp
2023-09-17 22:57 - 2019-12-07 05:14 - 000000000 __RSD C:\Windows\Media
2023-09-17 21:35 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\spool
2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\MsDtc
2023-09-17 20:06 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-09-17 19:01 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr
2023-09-17 19:00 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat
2023-09-17 17:45 - 2019-12-07 05:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2023-09-17 17:21 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\servicing
2023-09-17 17:08 - 2019-12-07 05:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-09-17 16:51 - 2019-12-07 05:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-09-17 16:46 - 2019-12-07 05:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-09-17 16:08 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-09-17 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate

==================== Files in the root of some directories ========

2023-09-17 17:27 - 2023-09-17 19:53 - 000000001 _____ () C:\Users\justc\AppData\Roaming\c

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by justc (25-09-2023 22:51:03)
Running from C:\Users\justc\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3448 (X64) (2023-09-17 20:49:53)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2215749033-445842302-415398914-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2215749033-445842302-415398914-503 - Limited - Disabled)
Guest (S-1-5-21-2215749033-445842302-415398914-501 - Limited - Disabled)
justc (S-1-5-21-2215749033-445842302-415398914-1001 - Administrator - Enabled) => C:\Users\justc
WDAGUtilityAccount (S-1-5-21-2215749033-445842302-415398914-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Canon IJ Network Scan Utility (HKLM-x32...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.1 (HKLM-x32...\MP Navigator EX 3.1) (Version: - )
Canon MX340 series MP Drivers (HKLM...{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - Canon Inc.)
Docs (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\6e393e3162957ef4c1993c5ce370b535) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\ec710934cdfffbee268692b010a82ad8) (Version: 1.0 - Google\Chrome)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 117.0.5938.89 - Google LLC)
Google Drive (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\b4857df16d6bf9d14b9f21735bbf7cef) (Version: 1.0 - Google\Chrome)
iPool version 2.3.02 (01) (HKLM-x32...{BE5FCCBF-5CBB-487E-AC94-882028E1448C}_is1) (Version: 2.3.02 (01) - Stratician)
Malwarebytes version 4.6.2.281 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.2.281 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM...{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
Messenger (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 196.0.517900122 - Facebook, Inc.)
Microsoft 365 - en-us (HKLM...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 117.0.2045.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 23.184.0903.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Sheets (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\fcad59d48b6d7f9ac4f8bbdef83897fc) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\8b71f6b19323d84d678abe6631527c30) (Version: 1.0 - Google\Chrome)
TotalAV (HKLM-x32...\TotalAV) (Version: 5.23.174 - TotalAV) <==== ATTENTION
Verizon Cloud (HKLM...{048202BC-F4E7-4AB2-A130-EC887A3C9675}) (Version: 23.9.0.17 - Verizon Wireless)
Windhawk v1.3.1 (HKLM-x32...\Windhawk) (Version: 1.3.1 - Ramen Software)
Windows 11 Installation Assistant (HKLM-x32...{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.2063 - Microsoft Corporation)
Windows PC Health Check (HKLM...{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
YouTube (HKU\S-1-5-21-2215749033-445842302-415398914-1001...\254b4d2813518435f94a19dffc5552cc) (Version: 1.0 - Google\Chrome)
[HEADING=1]Packages:[/HEADING]
Cortana → C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-20] (Microsoft Corporation)
Microsoft Defender → C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2309.1001.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corporation) [Startup Task]
Microsoft Remote Desktop → C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe [2023-09-18] (Microsoft Corporation)
Outlook for Windows → C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.920.900_x64__8wekyb3d8bbwe [2023-09-24] (Microsoft Corporation)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-09-19] (Microsoft Corporation)
Solitaire & Casual Games → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-18] (Microsoft Studios) [MS Ad]
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0 [2023-09-22] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2215749033-445842302-415398914-1001_Classes\CLSID{00654f73-86a8-425c-b3a0-038200133493} → [Verizon Cloud] => C:\Users\justc\Verizon Cloud [2023-09-25 10:54]
ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SncrOverlays (Cloud)] → {DC39D95E-101B-4B3B-BF18-D1B4D6584A79} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] → {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Paused)] → {DC20B35F-DF4A-4783-B48E-7EB2496E5858} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] → {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon Cloud\Sncr.Cloud.Windows.Extensions.dll [2023-08-25] (Verizon Data Services LLC → Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-09-17] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.184.0903.0002\FileSyncShell64.dll [2023-09-22] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-09-17] (Malwarebytes Inc. → Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\justc\AppData\Local\Google\Chrome\User Data\Default\Web Applications_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gmail.lnk → C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) → --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\justc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profile 2 - Edge.lnk → C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) → --profile-directory=“Profile 1”

==================== Loaded Modules (Whitelisted) =============

2023-09-17 21:14 - 2023-09-17 21:10 - 001989632 _____ () [File not signed] C:\ProgramData\Windhawk\Engine\Mods\64\libc++.dll
2023-09-17 21:14 - 2023-09-17 21:10 - 000207872 _____ () [File not signed] C:\ProgramData\Windhawk\Engine\Mods\64\libunwind.dll
2023-09-17 21:14 - 2023-09-17 21:14 - 000107008 _____ () [File not signed] C:\ProgramData\Windhawk\Engine\Mods\64\taskbar-volume-control_906859.dll
2023-09-17 22:57 - 2010-08-23 09:09 - 000019456 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNSU_ENU.DLL
2023-09-17 22:56 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2023-09-17 21:33 - 2023-09-17 21:33 - 000000000 ____L (Microsoft Corporation) [symlink → C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2023-09-17 21:33 - 2023-09-17 21:33 - 000000000 ____L (Microsoft Corporation) [symlink → C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-09-17 21:33 - 2023-09-17 21:33 - 000000000 ____L (Microsoft Corporation) [symlink → C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2023-09-17 21:33 - 2023-09-17 21:33 - 000000000 ____L (Microsoft Corporation) [symlink → C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\justc\Desktop\FRST64.exe:MBAM.Zone.Identifier [135]
AlternateDataStreams: C:\Users\justc\Downloads\Messenger.195.0.0.4.225 (1).exe:MBAM.Zone.Identifier [368]
AlternateDataStreams: C:\Users\justc\Downloads\mp68-win-mx340-1_06-ea24.exe:MBAM.Zone.Identifier [149]
AlternateDataStreams: C:\Users\justc\Downloads\mpnx_3_1-win-3_14-ej.exe:MBAM.Zone.Identifier [104]
AlternateDataStreams: C:\Users\justc\Downloads\OfficeSetup (1).exe:MBAM.Zone.Identifier [351]
AlternateDataStreams: C:\Users\justc\Downloads\OfficeSetup.exe:MBAM.Zone.Identifier [351]
AlternateDataStreams: C:\Users\justc\Downloads\pc-vzcloud-install.msi:MBAM.Zone.Identifier [156]
AlternateDataStreams: C:\Users\justc\Downloads\pst-converter.exe:MBAM.Zone.Identifier [79]
AlternateDataStreams: C:\Users\justc\Downloads\TotalAV_Setup (1).exe:MBAM.Zone.Identifier [143]
AlternateDataStreams: C:\Users\justc\Downloads\TotalAV_Setup.exe:MBAM.Zone.Identifier [143]
AlternateDataStreams: C:\Users\justc\Downloads\windhawk_setup.exe:MBAM.Zone.Identifier [622]
AlternateDataStreams: C:\Users\justc\Downloads\Windows11InstallationAssistant (3).exe:MBAM.Zone.Identifier [193]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation → Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2215749033-445842302-415398914-1001\Control Panel\Desktop\Wallpaper → C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 206.225.75.225 - 206.225.75.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2215749033-445842302-415398914-1001...\StartupApproved\Run: => “com.messenger”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8424BA3B-6DB0-41C8-918F-23231C6EA3BB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{C4710974-CC66-4DAC-97DC-46ECFBC87C84}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{197BB400-9C8F-4109-B7FC-EC5536EE38C9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{FEE0CD68-727D-4873-BB24-7126DC224B26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{2B650245-5142-48A3-87FF-67680FE0A0B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{035AA8A2-B856-4973-B076-4555F9FAA327}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{2A7B96DC-F2D6-47B4-9B6C-CEDA1ABFC0EF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{5875C84D-D46F-4897-BA54-A4F1A51507F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{E2443E84-E84D-4545-BDCB-6D4B8197CE91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{C9DD2326-FC18-4FEF-8FDA-8CD5083B6C80}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{382CA1F9-1B14-4CD8-B13E-8690CCE9A6EA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{6417076B-2997-41B0-BCB9-93767E644355}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{156E7465-9A69-4047-B808-7C89149C6B96}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{6FCB8CC3-BF76-4F24-8A73-8B63FD0C7A98}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.104.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{74A585DE-1A15-4ED6-A332-8E8247F186F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.104.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{8EFAAD8F-93F0-4DAE-9C0B-F9AE32A17494}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.104.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{4D79346F-9BD8-4548-A8E1-4DF6A4ED9B94}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.104.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)

==================== Restore Points =========================

20-09-2023 17:11:39 Scheduled Checkpoint
24-09-2023 15:48:14 Installed Verizon Cloud
25-09-2023 17:49:59 TotalAV Install

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (09/25/2023 07:53:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TotalAV_Setup (1).exe, version: 5.23.174.0, time stamp: 0x5f24d6e4
Faulting module name: srclient.dll_unloaded, version: 10.0.19041.2673, time stamp: 0xfab9899b
Exception code: 0xc0000005
Fault offset: 0x00001767
Faulting process id: 0x3ca4
Faulting application start time: 0x01d9effa2dca9219
Faulting application path: C:\Users\justc\Downloads\TotalAV_Setup (1).exe
Faulting module path: srclient.dll
Report Id: 93c8a8ea-d940-4bad-ba44-86ef53345aae
Faulting package full name:
Faulting package-relative application ID:

Error: (09/25/2023 07:09:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 117.0.5938.89 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3fa0

Start Time: 01d9efdefcb4573a

Termination Time: 4294967295

Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Report Id: 512d8c0d-ff8f-4314-905d-dd3c00d409ce

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (09/25/2023 04:41:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TotalAV_Setup.exe, version: 5.23.174.0, time stamp: 0x5f24d6e4
Faulting module name: srclient.dll_unloaded, version: 10.0.19041.2673, time stamp: 0xfab9899b
Exception code: 0xc0000005
Fault offset: 0x00001767
Faulting process id: 0x2728
Faulting application start time: 0x01d9efdad241f0fe
Faulting application path: C:\Users\justc\Downloads\TotalAV_Setup.exe
Faulting module path: srclient.dll
Report Id: 587f5b4e-ae3d-489b-9fc2-cd9c2e57f8bf
Faulting package full name:
Faulting package-relative application ID:

Error: (09/24/2023 02:34:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.4.8, time stamp: 0x6398cb34
Faulting module name: windhawk.dll, version: 1.3.1.0, time stamp: 0x643af867
Exception code: 0xc0000409
Fault offset: 0x000343e6
Faulting process id: 0x1e70
Faulting application start time: 0x01d9eeb11d0504f6
Faulting application path: C:\Users\justc\AppData\LocalLow\IGDump\sigwdgzpgyfbcvyruuxvruxezrrrvqyo\ig.exe
Faulting module path: C:\Program Files\Windhawk\Engine\1.3.1\32\windhawk.dll
Report Id: 3f981d6f-376f-4848-a15b-a1980c92316c
Faulting package full name:
Faulting package-relative application ID:

Error: (09/22/2023 03:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.4.8, time stamp: 0x6398cb34
Faulting module name: windhawk.dll, version: 1.3.1.0, time stamp: 0x643af867
Exception code: 0xc0000409
Fault offset: 0x000343e6
Faulting process id: 0xd14
Faulting application start time: 0x01d9ed8c1edd2d97
Faulting application path: C:\Users\justc\AppData\LocalLow\IGDump\bnwndbokcogizrdmofdafbsvprbzoqhw\ig.exe
Faulting module path: C:\Program Files\Windhawk\Engine\1.3.1\32\windhawk.dll
Report Id: 07dbebeb-90d6-4430-a000-b61f3f35ac4b
Faulting package full name:
Faulting package-relative application ID:

Error: (09/21/2023 04:21:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.4.8, time stamp: 0x6398cb34
Faulting module name: windhawk.dll, version: 1.3.1.0, time stamp: 0x643af867
Exception code: 0xc0000409
Fault offset: 0x000343e6
Faulting process id: 0x17b0
Faulting application start time: 0x01d9ecc93bd43453
Faulting application path: C:\Users\justc\AppData\LocalLow\IGDump\mxlyffgkcyscarjvdkmfqigglhoqfgzv\ig.exe
Faulting module path: C:\Program Files\Windhawk\Engine\1.3.1\32\windhawk.dll
Report Id: 820a9daa-c288-4bdd-beee-23ead77ae9f8
Faulting package full name:
Faulting package-relative application ID:

Error: (09/21/2023 03:52:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (09/21/2023 03:52:24 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
[HEADING=1]System errors:[/HEADING]
Error: (09/25/2023 10:51:42 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\00000098) failed due to a hardware error.

Error: (09/25/2023 10:51:42 AM) (Source: Virtual Disk Service) (EventID: 10) (User: )
Description: VDS fails to write boot code on a disk during clean operation. Error code: 800701E3@02070008

Error: (09/25/2023 10:51:08 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x3f00c000 for Disk 1 (PDO name: \Device\00000098) failed due to a hardware error.

Error: (09/25/2023 10:51:07 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x3f00c000 for Disk 1 (PDO name: \Device\00000098) failed due to a hardware error.

Error: (09/25/2023 10:51:07 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x3f00c000 for Disk 1 (PDO name: \Device\00000098) failed due to a hardware error.

Error: (09/25/2023 10:51:07 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x3f00c000 for Disk 1 (PDO name: \Device\00000098) failed due to a hardware error.

Error: (09/25/2023 10:51:07 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\00000098) failed due to a hardware error.

Error: (09/25/2023 10:51:07 AM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x3f00c000 for Disk 1 (PDO name: \Device\00000098) failed due to a hardware error.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2023-09-25 22:52:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Windhawk\Engine\1.3.1\64\windhawk.dll that did not meet the Microsoft signing level requirements.

Date: 2023-09-25 22:52:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 4.3.0 08/10/2016
Motherboard: Dell Inc. 03PYWR
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 49%
Total physical RAM: 15297.18 MB
Available physical RAM: 7658.67 MB
Total Virtual: 17601.18 MB
Available Virtual: 4760.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.65 GB) (Free:871.21 GB) (Model: WD Blue SA510 2.5 1000GB) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS

\?\Volume{856a1e7d-aa4b-48b9-9ea4-b0bba75d5bc8}\ () (Fixed) (Total:0.75 GB) (Free:0.32 GB) NTFS
\?\Volume{29ef0c2e-dd39-4f66-9048-d5dd6009a5c3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7045
                      #6
                      Uninstall with GeekUninstaller.

                      TotalAV





                      Copy the content of the code box below.
                      [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
                      Right Click FRST and run as Administrator.
                      Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                      Attach it to your next message.
                      Code:
                      start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION\
HKU\S-1-5-21-2215749033-445842302-415398914-1001\...\Run: [com.messenger] => "C:\Users\justc\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-2215749033-445842302-415398914-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Google\Chrome\Application\chrome.exe --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm --disable-nacl --origin-trial-disabled-features=WebGPU --profile-directory=Default --source-shortcut="C (the data entry has 65 more characters). [3239200 2023-09-15] (Google LLC -> Google LLC)
Task: {3541479C-9E00-4C86-89B4-4733D146B046} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2215749033-445842302-415398914-1001 => C:\Users\justc\AppData\Local\Programs\Messenger\MessengerHelper.exe [2277624 2023-09-18] (Facebook, Inc. -> Meta Platforms, Inc.)
Tcpip\Parameters: [DhcpNameServer] 206.225.75.225 206.225.75.226
Tcpip\..\Interfaces\{732b5a0e-6a0a-43bc-9969-18d77e06b00a}: [DhcpNameServer] 206.225.75.225 206.225.75.226
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.4.21,1]
2023-09-25 17:49 - 2023-09-25 17:49 - 057494344 _____ C:\Users\justc\Downloads\TotalAV_Setup (1).exe
2023-09-25 14:05 - 2023-09-25 19:53 - 000000000 ____D C:\Program Files (x86)\TotalAV
2023-09-25 14:05 - 2023-09-25 17:50 - 000001060 _____ C:\Users\Public\Desktop\TotalAV.lnk
2023-09-25 14:05 - 2023-09-25 14:05 - 000000000 ____D C:\ProgramData\TotalAV
2023-09-25 14:04 - 2023-09-25 14:05 - 057494344 _____ C:\Users\justc\Downloads\TotalAV_Setup.exe
C:\ProgramData\DP45977C.lfl
AlternateDataStreams: C:\Users\justc\Desktop\FRST64.exe:MBAM.Zone.Identifier [135]
AlternateDataStreams: C:\Users\justc\Downloads\Messenger.195.0.0.4.225 (1).exe:MBAM.Zone.Identifier [368]
AlternateDataStreams: C:\Users\justc\Downloads\mp68-win-mx340-1_06-ea24.exe:MBAM.Zone.Identifier [149]
AlternateDataStreams: C:\Users\justc\Downloads\mpnx_3_1-win-3_14-ej.exe:MBAM.Zone.Identifier [104]
AlternateDataStreams: C:\Users\justc\Downloads\OfficeSetup (1).exe:MBAM.Zone.Identifier [351]
AlternateDataStreams: C:\Users\justc\Downloads\OfficeSetup.exe:MBAM.Zone.Identifier [351]
AlternateDataStreams: C:\Users\justc\Downloads\pc-vzcloud-install.msi:MBAM.Zone.Identifier [156]
AlternateDataStreams: C:\Users\justc\Downloads\pst-converter.exe:MBAM.Zone.Identifier [79]
AlternateDataStreams: C:\Users\justc\Downloads\TotalAV_Setup (1).exe:MBAM.Zone.Identifier [143]
AlternateDataStreams: C:\Users\justc\Downloads\TotalAV_Setup.exe:MBAM.Zone.Identifier [143]
AlternateDataStreams: C:\Users\justc\Downloads\windhawk_setup.exe:MBAM.Zone.Identifier [622]
AlternateDataStreams: C:\Users\justc\Downloads\Windows11InstallationAssistant (3).exe:MBAM.Zone.Identifier [193]
C:\Windows\system32\drivers\etc\hosts
Hosts:
Folder: C:\Users\justc\AppData\Roaming\c
Folder: C:\Scripts
CMD: del /s /q c:\windows\System32\Tasks\chrome*.*
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /list /allusers
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::


                      Adware Removal Tool Scan.

                      Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
                      Click Scan
                      Hit Ok.
                      Hit next make sure to leave all items checked, for removal.
                      Click Next
                      The Program will close all open programs to complete the removal, so save any work and hit OK.
                      Then hit OK after the removal process is complete, thenOK again to finish up.
                      Post log generated by tool.[/COLOR]

                        Comment

                        • jUstcAllmEdOc
                          PCHF Member
                          • Oct 2021
                          • 44
                          #7
                          I am not sure what happened, but Adware finished and said nothing wrong and did not leave me a log. What should I do? In the meantime, the fixlog.txt is attached.
                          ty,
                          dOc

                            Comment

                            • Malnutrition
                              PCHF Moderator
                              • Jul 2016
                              • 7045
                              #8
                              No worries on the adware removal tool, there was nothing found so no need for log.



                              What is it that brought you here? What makes you think you have a virus/malware??



                              What are these?

                              C:\Scripts\get11.cmd
                              C:\Users\justc\AppData\Roaming\c

                              Any idea? You can use Everything Search Engine to easily navigate to these locations.



                              Download RogueKiller and install the program.
                              Once downloaded and installed, right click and run as admin.
                              Click the check for updates button.
                              Go to scan setting then slide the MalPE option right to activate.
                              Then go to scan, then start a full scan on your machine.
                              Then click report when the scan completes.
                              Under Share my report click on open then select text file.
                              Copy it and paste the results here.
                              Make sure you do not remove anything detected until I see the log please.




                              Download Autologger to your desktop.
                              Disable your Anitivirus/Defender prior to running.

                              [ul]
                              [li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as admin. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul]

                                Comment

                                • jUstcAllmEdOc
                                  PCHF Member
                                  • Oct 2021
                                  • 44
                                  #9
                                  I got an alert that some of my info had hit the dark web. and this week one of our debit cards was being used in New York, $25, and Ireland, $199.99, Both were stopped by the fraud division of my bank. And, sometimes it just feels like sometimes I’m not in control of my cursor, just for a few seconds, it starts moving around like I don’t have control, as if my PC was on remote from somewhere else. Maybe just me and a glitch. Scarey poop.
                                  I have no idea what these are: C:\Scripts\get11.cmd C:\Users\justc\AppData\Roaming\c
                                  Didn’t see these options to do. I looked several times, Click the check for updates button, Go to scan setting then slide the MalPE option right to activate.

                                  I’m having some trouble running AutoLogger. Keeps telling me viruses even though my Malwarebytes and Defender are shut off. I’ll double-check. Got it to work, zip attached.
                                  Program : RogueKiller Anti-Malware
                                  Version : 15.12.1.0
                                  x64 : Yes
                                  Program Date : Sep 18 2023
                                  Location : C:\Program Files\RogueKiller\RogueKiller64.exe
                                  Premium : No
                                  Company : Adlice Software
                                  Website : https://www.adlice.com/
                                  Contact : Support Form | Contact • Adlice Software
                                  Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
                                  Operating System : Windows 10 (10.0.19045) 64-bit
                                  64-bit OS : Yes
                                  Startup : 0
                                  WindowsPE : No
                                  User : justc
                                  User is Admin : Yes
                                  Date : 2023/09/27 03:03:28
                                  Type : Scan
                                  Aborted : No
                                  Scan Mode : Standard
                                  Duration : 2686
                                  Found items : 0
                                  Total scanned : 56307
                                  Signatures Version : 20230926_071034
                                  Truesight Driver : Yes
                                  Updates Count : 2
                                  Arguments : -minimize
                                  ************************* Warnings *************************

                                  ************************* Updates *************************
                                  Malwarebytes version 4.6.2.281 (64-bit), version 4.6.2.281
                                  [+] Available Version : 4.6.3
                                  [+] Wow6432 : No
                                  [+] Portable : No
                                  [+] update_location : C:\Program Files\Malwarebytes\Anti-Malware

                                  Google Chrome (32-bit), version 117.0.5938.89
                                  [+] Available Version : 117.0.5938.92
                                  [+] Wow6432 : Yes
                                  [+] Portable : No
                                  [+] update_location : C:\Program Files\Google\Chrome\Application

                                  ************************* Processes *************************

                                  ************************* Modules *************************

                                  ************************* Services *************************

                                  ************************* Scheduled Tasks *************************

                                  ************************* Registry *************************

                                  ************************* WMI *************************

                                  ************************* Hosts File *************************
                                  is_too_big : No
                                  hosts_file_path : C:\Windows\System32\drivers\etc\hosts

                                  ************************* Filesystem *************************

                                  ************************* Web Browsers *************************

                                  ************************* Antirootkit *************************

                                    Comment

                                    • Malnutrition
                                      PCHF Moderator
                                      • Jul 2016
                                      • 7045
                                      #10
                                      Download Kaspersky Virus Removal Tool B[/B] and save it to your Desktop.
                                      Very important to save this to your desktop!!

                                      Select the Windows Key and R Key together, the Run box should open.
                                      Copy and paste the following into the run box.
                                      [COLOR=rgb(184, 49, 47)]C:\Users\justc\Desktop\KVRT.exe -dontencrypt [/COLOR][COLOR=rgb(184, 49, 47)]

                                      Select „Ok“ in the Run box.
                                      If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
                                      An EULA window from KVRT will open, tick all confirmation boxes then select “Accept”.
                                      A window from KVRT will open, select “Change Parameters”.
                                      In the new window ensure the following boxes are ticked:

                                      [ul]
                                      [li]System memory[/li][li]Startup objects[/li][li]Boot sectors[/li][li]System drive[/li][/ul]
                                      Then select “OK” and „Start scan“.
                                      When completed: If entries are found, there will be options to choose. If “Cure” is offered, leave as it is. For any other options change to “Delete”, then select “Continue”.
                                      Usually, your system needs a reboot to finish the removal process.
                                      Logfiles can be found on your systemdrive (usually C: ), similar like this:

                                      C:\KVRT2020_Data\Reports\report__.klr

                                      Right click direct onto those reports, select > open with > Notepad.
                                      Save the files and attach them with your next reply.[/color]

                                        Comment

                                        • jUstcAllmEdOc
                                          PCHF Member
                                          • Oct 2021
                                          • 44
                                          #11
                                          I hope I did this right. And I think that was the longest scan I’ve ever run.

                                            Comment

                                            • Malnutrition
                                              PCHF Moderator
                                              • Jul 2016
                                              • 7045
                                              #12
                                              Ok. I’ll take a look when I get home at the logs already requested, was just waiting for This report.

                                                Comment

                                                • Malnutrition
                                                  PCHF Moderator
                                                  • Jul 2016
                                                  • 7045
                                                  #13
                                                  Run HijackThis! as admin! (located in the folder …Autologger\HijackThis)
                                                  Do a system scan, then check each item below, make sure and only check the items listed.
                                                  Then click Fix checked.
                                                  The computer will need to reboot, allow it to do so.

                                                  [ICODE] O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Meta (empty) O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft') O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (user missing) (sign: 'Microsoft')[/ICODE]





                                                  Look in the Autologger folder and drag out the CheckBrowsersLNK file.
                                                  To your desktop.
                                                  AutoLogger\CheckBrowserLnk

                                                  Drag and drop onto the ClearLNK utility .
                                                  After saving ClearLNK to desktop.
                                                  [IMG alt=“move.gif”]https://dragokas.com/tools/move.gif


                                                  Disable your antivirus prior to running AVZ!
                                                  Run AVZ as admin! (located in the folder …Autologger\AVZ) click File => Customs Scripts.
                                                  Copy the content of the text file I uploaded. (AVZFix.txt)
                                                  Click edit select all copy.
                                                  Paste into AVZ window.
                                                  Make sure the word begin is in the absolute top left of the window as per picture below.
                                                  Code:
                                                     [IMG alt="1671241631764.png"]https://pchelpforum.net/attachments/1671241631764-png.11029/
                                                  Hit Run Fix.

                                                  The computer will reboot.


                                                  [/IMG]

                                                    Comment

                                                    • jUstcAllmEdOc
                                                      PCHF Member
                                                      • Oct 2021
                                                      • 44
                                                      #14
                                                      I’m up to here,
                                                      Disable your antivirus prior to running AVZ!
                                                      Run AVZ as admin! (located in the folder …Autologger\AVZ) click File => Customs Scripts.
                                                      The is no AVZ in the Autologger folder. There is an AV as seen in 1st screen shot. When I open AV, I have the choices as seen in 2nd screenshot.
                                                      If I run 7za, I get a black screen flash on and then off.
                                                      What now?

                                                        Comment

                                                        • Malnutrition
                                                          PCHF Moderator
                                                          • Jul 2016
                                                          • 7045
                                                          #15
                                                          Download from here and unzip to your desktop.





                                                          Download Escan MWAV and save to your desktop.
                                                          Right click run as admin.
                                                          Accept agreement,.
                                                          Click on the update button.
                                                          This may take a while to update!
                                                          Under select scan objects click on Drive. Select All local drives.
                                                          Under action click scan and clean.
                                                          Once complete click on view logs and grab and attach here.

                                                            Comment

                                                            Previous 1 2 3 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree