Solved Couple of PC issues...PC running slow and PC will not restart

[Bruce]

It does indeed sound like a hardware issue.
Some simple things to try first - take out the memory sticks and graphics card.
Using a soft bristled brush, wipe their circuit boards, contact pins, and their motherboard slots they go into.
Re-seat them and see if that helps.
If not, just try one memory stick at a time in case a stick is faulty.
If still no luck, try one stick in the other slot in case a slot has gone bad.

While you have the case open, clean out any dust buildup.
And if still no luck, yes, try and get your hands on another PSU (friend, family, neighbour, work).

 

[Ginger-Overlord]

Hi, just tried booting again tonight. Got into Windows fine, after a short while it started run slow and tabs in Google started to open very slowly. A few seconds after this the PC shut down!
I'll take pc into the garden tomorrow and tinker around with its innards as you've advised.

I'll post back tomorrow

 

[Malnutrition]

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

 

[Ginger-Overlord]

Will try re-seating my hardware and report back later.
Just turned on the pc this morning. Everything was fine for the first couple of minutes, then the slowing down, the lag and eventually the shut down.
The psu is 650w although I have a spare 500w. Would trying the 500w psu damage my pc?

 

[Malnutrition]

Would trying the 500w psu damage my pc?

No

 

[Ginger-Overlord]

Hi,

OK, I think I have resolved my PC instability.

For some unknown reason the CPU fan had become loose with one of the securing 'buttons' popping out, this would answer why the PC would start fine but shut down after a few minutes (CPU becoming overheated as the fan would occasionally not work). I pressed this in again and the unit is steady on the motherboard again (I was wondering why the fan was loose while dusting the PC the other day).
Anyway, since securing the fan the PC boots and runs fine.

Regarding Adware. Apologies, I completely missed the information in post 12 advising me how to run, install, and process a log file. Sorry.

On Adware, I get the screen below then click next:



Then it gives me this screen:



My SSD is Samsung and I am concerned that quarantining this may adversley effect my PC. Do I leave 'PreInstalled.SamsungSmartSwitch' unticked and click on quarantine to quarantine/remove the items in screenshot 1?

Cheers for your continued help - apologies for being a dumb-***

 

[Malnutrition]

You can leave the Samsung item unchecked, it is just pre installed bloatware. Remove or leave that is your choice, the other crap should go.

We may as well clean up the computer while we are at it. Definitely will run smoother when we are done. That is your choice tho.

 

[Ginger-Overlord]

Hi,

Ran Adware - this is the .log it left me with:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-20-2024
# Duration: 00:00:03
# OS: Windows 10 (Build 19045.4651)
# Cleaned: 43
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8
Deleted C:\Program Files (x86)\Downloaded Installers
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\VIDEOVIEWER
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\IObit\Advanced SystemCare V7
Deleted C:\ProgramData\IObit\Advanced SystemCare V8
Deleted C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\Users\MSSQLFDLauncher\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\Users\MSSQLSERVER\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\Users\MSSQLServerOLAPService\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\Users\MsDtsServer110\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\ReportServer\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\Users\chredge\AppData\LocalLow\.acestream
Deleted C:\Users\chredge\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\chredge\AppData\LocalLow\IObit\Advanced SystemCare V8
Deleted C:\Users\chredge\AppData\Local\slimware utilities inc
Deleted C:\Users\chredge\AppData\Roaming\.acestream
Deleted C:\Users\chredge\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\chredge\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted C:\_acestream_cache_

***** [ Files ] *****

Deleted C:\Users\chredge\AppData\Roaming\Mozilla\Firefox\Profiles\vr7y4hjr.default\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\IORRT

***** [ Registry ] *****

Deleted HKCU\Software\Classes\acestream
Deleted HKCU\Software\RegisteredApplications|AceStream
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost64.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFB76C21-3D18-4052-81C2-913B6E62E54D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB76C21-3D18-4052-81C2-913B6E62E54D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iorrt
Deleted HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{80BDBB4C-163E-4F4B-9533-59A7ED62A695}|Publisher
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{9791AB8D-A287-44A1-998E-E81FD126C583}C:\program files (x86)\bitlord\bitlord.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{DEC71C29-B12B-40F2-80CD-473FDCEF153B}C:\program files (x86)\bitlord\bitlord.exe
Deleted HKLM\Software\SlimWare Utilities Inc
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5749 octets] - [20/07/2024 11:43:46]
AdwCleaner[S01].txt - [5810 octets] - [20/07/2024 11:48:01]
AdwCleaner[S02].txt - [5871 octets] - [20/07/2024 13:19:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

 

[Malnutrition]

Now re run FRST and this time, post both frst and addition.txt the last time you double posted addition log. Delete and text related to this thread prior to getting new logs, so there is no issue.

 

[Ginger-Overlord]

OK, I'll try again

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.07.2024
Ran by chredge (administrator) on MYSTERYMACHINE (MSI MS-7758) (20-07-2024 14:55:12)
Running from C:\Users\chredge\Desktop\FRST64.exe
Loaded Profiles: chredge & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER
Platform: Microsoft Windows 10 Home Version 22H2 19045.4651 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atieclxx.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atiesrxx.exe
(services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [C:\WINDOWS\system32\V0770Ext.ax] => C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0770Ext.ax (No File)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [C:\WINDOWS\System32\V0770Ext.ax] => C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\System32\V0770Ext.ax (No File)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableCloudClipboard] 0
HKLM\Software\Policies\...\system: [CloudClipboardAutomaticUpload] 0
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Run: [appnhost] => C:\Users\chredge\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Vladislavas Jarmalis -> Mixesoft Project)
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Run: [MicrosoftEdgeAutoLaunch_3B3BB905A374F1CF0D310AB30E4EDE63] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883560 2024-07-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series XPS: C:\WINDOWS\system32\CNMXLMBX.DLL [393728 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\126.0.6478.128\Installer\chrmstp.exe [2024-07-17] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Watch.lnk [2013-04-10]
ShortcutTarget: Watch.lnk -> C:\Program Files (x86)\MUSTEK 1248UB\Driver\WATCH.exe (Common Group) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {116E3548-253D-4F04-A9E0-FC4387A9822F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C5E60AA-0C47-4621-A967-049429A2D4DF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {38883215-466E-4BD7-8D0C-2A569F5179EE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {519A8396-93C1-430C-9B66-957F837C561F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5243425B-993B-40ED-BDF5-92AB68DBF2EF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {868E7A8D-EFAC-4ECD-9354-CA69CBC63EC0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9BD0A96C-7DCD-4E94-A191-650252DE7A6A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BD83E793-452E-4EC7-83B7-FBE05E1FCD87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D5330EA6-8548-46B2-8013-23AB0D32C1A2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DF573AD4-8335-432C-8091-D74A4B1A2544} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E27C0C30-95E3-440E-B7EF-67557F3B763D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EE8419BF-8261-44DF-9F69-5398DCE47A1A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FBA7627D-3194-440A-87DD-3563128AA85A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {30DB77CA-5DFA-4FAB-A208-86176305F836} - System32\Tasks\{6E00ECDE-3602-4FEF-858D-F51BD4482340} => C:\Windows\System32\pcalua.exe [88064 2024-07-09] (Microsoft Windows -> Microsoft Corporation) -> -a E:\install.exe -d E:\
Task: {8FB8BC4D-0E22-466B-9E91-2CDCE1E2E8B5} - System32\Tasks\{6E96E9DF-8C1C-46FE-A88C-B2C62537F979} => C:\Windows\System32\pcalua.exe [88064 2024-07-09] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {C43DE1C1-1630-4296-82DC-9BE28A3339E2} - System32\Tasks\{DAF28B77-7893-4299-9FE0-8B7FE3AC27C2} => C:\Windows\System32\pcalua.exe [88064 2024-07-09] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\IObit\Advanced SystemCare 8\unins000.exe"
Task: {BB675DF8-604E-488A-B1CB-03BA53AD9745} - System32\Tasks\{F0CF969B-A4F7-451D-98A9-1462AAEA81F3} => C:\Windows\System32\pcalua.exe [88064 2024-07-09] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Chris\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\Chris\Downloads
Task: {C66C6B2B-38F8-4E2C-8D3E-9324C0DA2F68} - System32\Tasks\AdobeAAMUpdater-1.0-Chris-PC-Chris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CC2BAEF1-DA9A-44A0-86C1-AF31E7F676C7} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-07-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {20697CEF-A6C5-4754-86A4-F48E8E92C130} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {B818C323-F13F-4B91-B70F-FD863BE274DD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe -> C:\Program Files\Bitdefender Agent\repair
Task: {0D35864B-769D-4CA0-926E-88D679FDD1FD} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5754336 2024-07-09] (Microsoft Windows -> Microsoft Corporation)
Task: {99DAB5B9-B9AA-45EF-B826-3F7DB707F69D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c (No File)
Task: {E1E5EA9B-45B0-44B6-90F5-9A05AD38AAE7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler (No File)
Task: {C1AF9FBE-2F4C-4B6D-9F6A-16A35AAF107F} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6597.0{FB0D115E-37F7-4F4E-99FA-F612A04431AE} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe [4889704 2024-07-15] (Google LLC -> Google LLC)
Task: {540BFF73-A7A9-4BC1-803F-6848A7DBA4A7} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [855 2014-09-21] () [File not signed]
Task: {54169E29-8553-4111-8896-044299C8BA1F} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [855 2014-09-21] () [File not signed]
Task: {16FE398A-2720-4078-BDF8-C4F616A8DAFD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1ECF0236-9F72-45BA-AD5B-1C3ACF743F2C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {1EC448A7-56D8-444F-8FFB-419390675C2E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {7698B61B-812C-42E9-9A79-EBD591212F69} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {5D92A073-3E21-451D-A751-29DD8BF4B1CC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {3BA3CF0C-28CE-46C7-8EB0-EFADED5D7B26} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {41CBF80B-D38A-4887-951C-827F277A149E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {AF9D17B0-C1C9-467A-BF18-79EA73477B89} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {6772B81E-2739-4656-A805-A38B57F6BB3E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {D72F9EF5-E92D-4349-91D7-C11F80585250} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {04927EC1-C6B4-4772-8E6E-033034782CD1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {6A0B3724-EC49-4DEB-96D3-CD6E3849B0A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {F1851D8E-5C21-44CF-88B4-F0A2D466E043} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {1A793F00-F97B-428A-8963-F4B1118CBAEE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {9A789A97-DE78-46CF-9163-6F9E23B559B1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {2183BFE5-4329-40F4-8A9D-C53244CAC165} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {91CC317A-B720-482D-BEE7-D9F25F0FD773} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {E394741E-C4AD-4E3B-B0CA-E403EEE20BAA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {381A8673-B576-4AB8-95F1-DC99CF561C00} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {3BEE19E5-67EC-4563-BF63-FE89F704316E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {6B34BB93-5EF8-407B-AB1D-17F2D65B30EA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {DA44B33B-AC1F-41F5-B95D-8F686BE929EE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {AAA61D29-CF9C-488F-9E9F-30252612D69E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {80A7A0FB-261E-4464-9389-63AB5781B849} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B6BCB4E1-4114-4150-BE26-CE5DC04DE4BC} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe (No File)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {CA15F4A5-1954-4DE9-8104-3A5ADB8FB69A} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {D9436438-987F-4BD3-AE64-BF398DD96936} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {3807D894-5114-481A-9345-42DFD6847B8F} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {4B65A728-4996-4AE9-AB8B-D2EE2DC3A7C4} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {7C8C0ABB-6874-4E89-B5E8-1954FE774736} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8280ED3F-1830-49C7-B5AB-1E3F3120CF74} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {61755C47-F846-45B6-B4F4-06B622CB4543} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52E0A672-E962-4A65-B734-C78EA0DDF83A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {29B11E1E-942E-495C-A69D-97177A8BBAA0} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-07-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {EAAB85EA-7B25-4FEF-93F5-A6601DA5DDAC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [677448 2024-07-12] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {6F09A005-A0C7-43F4-8E49-3C7E9A1F18DA} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3466739526-2485095647-408758403-1009 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [677448 2024-07-12] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {E7055F57-67EF-4A81-9B45-0DE2A7B31855} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-07-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {862DFBA4-23F4-41E6-A5DD-A3EE59B73024} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => "C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe" /apply /silent /atlogon (No File)
Task: {3CDE6E07-736F-42F6-A679-A6F29AA5A3EA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\/AUTOHIDE
Task: {1609267D-B0C1-4484-BC2E-61A0C5C4D5A1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [56760 2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {B9EB41A6-4BC0-437F-A6AF-49B19B035911} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [291768 2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ASC8_SkipUac_chredge.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{013b464c-8697-4c75-99ff-506f33faecca}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{2925c1fa-818d-4087-b6e4-fe1470812e13}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{5e6392e4-179a-44fc-8ee8-ff0999cbc492}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{6a48626b-bb9c-4aa2-9d50-d55a281d5918}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{bd7af2aa-0472-42f1-8119-fbbde3ff19d3}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{ee550c16-21cf-4ff9-a401-2758c1a38dbe}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\chredge\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-20]
Edge StartupUrls: Default -> "hxxps://uk.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_03ee163caff7e8f369&param1=ArFaIWxoNqArQGMVIDImAHFbMnMqQGMVA7RoNqAdBHFaISoeATVoNqAqAXFaIWQBvmE4ICILNopcGWUIvmFdISoUwVVdISoXNVE9ISIXvFE3vCIVvFRdImoUNVU4ICILNVJdESk8NUM9J6k3vFI9ISILNFdbDSk8wVU9ImIXvFI9ImIWwVA4ISIVwV5cGWUWvmE9GqUNNFxcJqUDNF5bDGUNNEU3wGQGwVNdJmoXvmo9JaYYvFE9JmISvFFdICoWwVI9IaYWwVNdJqYVwVw4ISoUNVVdJCISNVBdIGYYvFQ9IWYXNVE3vGYVNVQ4IGYYNoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoNdImIXNVM4IWYWNVM9JaYWwVw4J6IWvFRdImISvFE4ISk4vmo9I6k3vFE9IWYXwVxdJ6oVwVNdIGYWNVU3vmIYNVE3vCIYvFNbFCILNVVdGSk8vFFoNqAqxrFaIWx4NaJcLWR7MbFbMnVoN9I4ATsux81cM81dMU0gzDRoNqAex807ACRoN9JcNX5dQGR7y6NoN9ICzD4py6waQGQXNGZoNpQRy78o&param2=MapdNGp9NWx6"
Edge DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search{googleathWildcard}?ei={inputEncoding}&fr=crmas&p={searchTerms}
Edge DefaultSearchKeyword: Default -> uk.yahoo.com
Edge DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
Edge Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-15]
Edge Extension: (Edge relevant text changes) - C:\Users\chredge\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-03]

FireFox:
========
FF DefaultProfile: s2vrsgd6.default-1701613744906
FF ProfilePath: C:\Users\chredge\AppData\Roaming\TomTom\HOME\Profiles\33bmloxc.default [2016-05-17]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\chredge\AppData\Roaming\Mozilla\Firefox\Profiles\bkulylrj.default-release-1656109909228 [2024-07-18]
FF ProfilePath: C:\Users\chredge\AppData\Roaming\Mozilla\Firefox\Profiles\s2vrsgd6.default-1701613744906 [2024-07-18]
FF Notifications: Mozilla\Firefox\Profiles\s2vrsgd6.default-1701613744906 -> hxxps://team.soccerstreams100.io
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll [2013-02-28] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files (x86)\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files (x86)\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3466739526-2485095647-408758403-1009: temasys.com.sg/TemWebRTCPlugin -> C:\Users\chredge\AppData\Roaming\Tem\TemWebRTCPlugin\0.8.902\npTemWebRTCPlugin.dll [2017-10-26] (Temasys Communications Pte Ltd -> Temasys)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Default [2024-07-20]
CHR DownloadDir: C:\Users\chredge\Desktop
CHR Notifications: Default -> hxxps://scentsatno3.co.uk; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/"
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-07-05]
CHR Extension: (I don't care about cookies) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2024-06-26]
CHR Extension: (AdBlock — block ads across the web) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-07-16]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-07-18]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10 [2024-07-18]
CHR Extension: (Endpoint Verification) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\callobklhcbilhphinckomhgkigmfocg [2023-06-20]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-20]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-06-20]
CHR Extension: (Gantter Project Management) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\himomacamcpodhkahelbnmaddladgjgo [2023-06-20]
CHR Extension: (Google Forms) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2023-06-20]
CHR Extension: (PrinterLogic Client Extension) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\llhfdhidddepenjnklbngmapjohlbekh [2023-06-20]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-06-20]
CHR Extension: (Google Drawings) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2023-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-20]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11 [2024-07-18]
CHR Extension: (Endpoint Verification) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\callobklhcbilhphinckomhgkigmfocg [2023-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-27]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-06-27]
CHR Extension: (Gantter Project Management) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\himomacamcpodhkahelbnmaddladgjgo [2023-06-27]
CHR Extension: (Google Forms) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2023-06-27]
CHR Extension: (PrinterLogic Client Extension) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\llhfdhidddepenjnklbngmapjohlbekh [2023-06-27]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-06-27]
CHR Extension: (Google Drawings) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2023-06-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-27]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12 [2024-07-18]
CHR Extension: (Endpoint Verification) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\callobklhcbilhphinckomhgkigmfocg [2023-12-07]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-07]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-12-07]
CHR Extension: (Gantter Project Management) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\himomacamcpodhkahelbnmaddladgjgo [2023-12-07]
CHR Extension: (Google Forms) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2023-12-07]
CHR Extension: (PrinterLogic Client Extension) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\llhfdhidddepenjnklbngmapjohlbekh [2023-12-07]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-12-07]
CHR Extension: (Google Drawings) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2023-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-07]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13 [2024-07-18]
CHR Extension: (Endpoint Verification) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\callobklhcbilhphinckomhgkigmfocg [2024-02-26]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-26]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\gomekmidlodglbbmalcneegieacbdmki [2024-02-26]
CHR Extension: (Gantter Project Management) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\himomacamcpodhkahelbnmaddladgjgo [2024-02-26]
CHR Extension: (Google Forms) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2024-02-26]
CHR Extension: (PrinterLogic Client Extension) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\llhfdhidddepenjnklbngmapjohlbekh [2024-02-26]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2024-02-26]
CHR Extension: (Google Drawings) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2024-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-02-26]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-07-18]
CHR Notifications: Profile 2 -> hxxps://appstream2.eu-west-1.aws.amazon.com; hxxps://meet.google.com; hxxps://prd-conn-csd.my.connect.aws; hxxps://veolia.bomgarcloud.com; hxxps://veoliauki1.lightning.force.com
CHR Extension: (Authenticator) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2024-06-03]
CHR Extension: (Endpoint Verification) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\callobklhcbilhphinckomhgkigmfocg [2024-02-20]
CHR Extension: (Adobe Acrobat) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-10]
CHR Extension: (WalkMe Extension) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fckonodhlfjlkndmedanenhgdnbopbmh [2024-05-27]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-19]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2024-06-05]
CHR Extension: (Gantter Project Management) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\himomacamcpodhkahelbnmaddladgjgo [2021-12-10]
CHR Extension: (Bomgar Remote Support) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipfljipbjloahhabacnofonhfbddnajm [2021-12-10]
CHR Extension: (Google Forms) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2021-12-10]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-07-12]
CHR Extension: (PrinterLogic Client Extension) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\llhfdhidddepenjnklbngmapjohlbekh [2024-07-17]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-10-06]
CHR Extension: (Google Drawings) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2021-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-10]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-07-18]
CHR Extension: (Slides) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-01-21]
CHR Extension: (Docs) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2022-01-21]
CHR Extension: (Google Drive) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-01-21]
CHR Extension: (YouTube) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-01-21]
CHR Extension: (Adobe Acrobat) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-01-21]
CHR Extension: (Sheets) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-21]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-01-21]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2022-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-21]
CHR Extension: (Gmail) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-01-21]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4 [2024-07-18]
CHR Notifications: Profile 4 -> hxxps://prd-conn-csd.awsapps.com
CHR Extension: (Slides) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-24]
CHR Extension: (Docs) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-24]
CHR Extension: (Google Drive) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-24]
CHR Extension: (YouTube) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-24]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-24]
CHR Extension: (Sheets) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-24]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-02-24]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2022-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-24]
CHR Extension: (Gmail) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-24]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5 [2024-07-18]
CHR Extension: (Slides) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-03-01]
CHR Extension: (Docs) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2022-03-01]
CHR Extension: (Google Drive) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-01]
CHR Extension: (YouTube) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-03-01]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-07-06]
CHR Extension: (Sheets) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-01]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-03-01]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2024-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-01]
CHR Extension: (Gmail) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-01]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 6 [2024-07-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-02-15]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-15]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-02-15]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-02-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-02-15]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 7 [2024-07-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-03-17]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-17]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-03-17]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-17]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 8 [2024-07-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-04-18]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-18]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-04-18]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-18]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 9 [2024-07-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-25]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-04-25]
CHR Extension: (Ace Script) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2023-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-25]
CHR Profile: C:\Users\chredge\AppData\Local\Google\Chrome\User Data\System Profile [2024-07-20]
CHR HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-04] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [820352 2020-04-20] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-02-10] (Epic Games Inc. -> Epic Games, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [8901528 2024-07-15] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-12] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe [1377416 2024-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218816 2016-09-24] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [50368 2014-05-15] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [194240 2016-09-24] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-09-01] (Electronic Arts, Inc. -> Electronic Arts)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2454720 2014-05-15] (Microsoft Corporation -> Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2016-09-24] (Microsoft Corporation -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe [3236728 2024-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe [133688 2024-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Config"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25584 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\amdkmdag.sys [94467928 2023-04-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-05-29] (Cypress Semiconductor, Inc.) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] (PassMark Software Pty Ltd -> )
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-04-04] (Phoenix Technologies) [File not signed]
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (iolo technologies, LLC -> EldoS Corporation)
S3 ksapi64; C:\WINDOWS\system32\drivers\ksapi64.sys [89776 2020-05-18] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221264 2024-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-09-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MotioninJoyXFilter; C:\WINDOWS\System32\drivers\MijXfilt.sys [121416 2012-05-12] (Shenzhen Saikeware Technology Co., Ltd. -> MotioninJoy) [File not signed]
S4 RsFx0201; C:\WINDOWS\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation -> Microsoft Corporation)
R1 RsProxy; C:\Windows\system32\drivers\RsProxy.sys [15976 2013-10-26] (Realtek Semiconductor Corp -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-07-31] (TunnelBear, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21968 2024-07-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-07-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-07-08] (Microsoft Windows -> Microsoft Corporation)
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-20 14:55 - 2024-07-20 14:55 - 000055600 _____ C:\Users\chredge\Desktop\FRST.txt
2024-07-20 14:51 - 2024-07-20 14:51 - 000003328 _____ C:\WINDOWS\system32\Tasks\IORRT
2024-07-20 14:51 - 2024-07-20 14:51 - 000003120 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2024-07-20 13:21 - 2024-07-20 13:21 - 000005210 _____ C:\Users\chredge\Desktop\AdwCleaner[C02].txt
2024-07-20 11:43 - 2024-07-20 13:20 - 000000000 ____D C:\AdwCleaner
2024-07-20 11:42 - 2024-07-20 11:42 - 008790880 _____ (Malwarebytes) C:\Users\chredge\Desktop\adwcleaner.exe
2024-07-18 22:27 - 2024-07-18 22:29 - 000188450 _____ C:\WINDOWS\ntbtlog.txt
2024-07-18 22:27 - 2024-07-18 22:27 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-07-18 06:50 - 2018-05-02 07:16 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2024-07-18 06:48 - 2024-07-18 06:50 - 000000000 ____D C:\Users\chredge\AppData\Roaming\Geek Uninstaller
2024-07-18 06:47 - 2024-07-18 06:47 - 002961151 _____ C:\Users\chredge\Desktop\geek.zip
2024-07-17 07:36 - 2024-07-17 07:36 - 002395648 _____ (Farbar) C:\Users\chredge\Desktop\FRST64.exe
2024-07-16 07:19 - 2024-07-16 07:19 - 000033139 _____ C:\Users\chredge\Desktop\MYSTERYMACHINE.speccy
2024-07-16 07:13 - 2024-07-16 07:13 - 003082294 _____ C:\Users\chredge\Desktop\GSI6_MYSTERYMACHINE_chredge_07_16_2024_07_04_37.zip
2024-07-16 07:04 - 2024-07-16 07:04 - 014288288 _____ (AO Kaspersky Lab) C:\Users\chredge\Desktop\GSI-6.2.2.58.exe
2024-07-15 21:49 - 2024-07-15 21:49 - 000956928 _____ (Farbar) C:\Users\chredge\Desktop\MiniToolBox.exe
2024-07-12 08:21 - 2024-07-12 23:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-07-09 22:51 - 2024-07-09 20:19 - 000417720 __RSH C:\bootmgr
2024-07-09 22:51 - 2019-12-07 10:08 - 000000001 ___SH C:\BOOTNXT
2024-07-09 22:50 - 2024-07-09 22:50 - 000000000 ____D C:\WINDOWS\system32\compatrel
2024-07-09 20:19 - 2024-07-09 20:19 - 000021724 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-09 20:18 - 2024-07-09 20:18 - 000021724 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-07-09 20:13 - 2024-07-09 20:13 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-07-20 14:55 - 2013-07-22 10:04 - 000000000 ____D C:\FRST
2024-07-20 14:51 - 2023-09-02 10:49 - 000008192 ___SH C:\DumpStack.log.tmp
2024-07-20 14:51 - 2021-04-22 18:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-07-20 13:25 - 2019-12-07 10:03 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2024-07-20 13:25 - 2017-04-15 04:18 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2024-07-20 13:21 - 2021-12-14 23:23 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-07-20 13:20 - 2019-05-05 15:21 - 000000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\ReportServer\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\MSSQLServerOLAPService\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\MSSQLSERVER\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\MSSQLFDLauncher\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\MsDtsServer110\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\chredge\AppData\Roaming\IObit
2024-07-20 13:20 - 2015-12-05 07:38 - 000000000 ____D C:\Users\chredge\AppData\LocalLow\IObit
2024-07-20 13:20 - 2015-04-04 08:41 - 000000000 ____D C:\ProgramData\IObit
2024-07-20 13:20 - 2015-04-04 08:41 - 000000000 ____D C:\Program Files (x86)\IObit
2024-07-20 13:18 - 2021-04-22 18:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-07-20 13:15 - 2023-09-02 12:17 - 000000000 ____D C:\Users\chredge\AppData\Local\Malwarebytes
2024-07-20 11:39 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-20 07:31 - 2021-04-22 18:04 - 000000000 ____D C:\Users\ReportServer
2024-07-20 07:31 - 2021-04-22 18:04 - 000000000 ____D C:\Users\MSSQLServerOLAPService
2024-07-20 07:31 - 2021-04-22 18:04 - 000000000 ____D C:\Users\MSSQLSERVER
2024-07-20 07:31 - 2021-04-22 18:04 - 000000000 ____D C:\Users\MSSQLFDLauncher
2024-07-20 07:31 - 2021-04-22 18:04 - 000000000 ____D C:\Users\MsDtsServer110
2024-07-20 07:08 - 2021-04-22 18:04 - 000000000 ____D C:\Users\chredge
2024-07-19 04:55 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-07-18 07:00 - 2016-03-08 10:13 - 000000000 ____D C:\Users\chredge\AppData\LocalLow\Temp
2024-07-18 06:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-07-18 06:50 - 2018-05-01 22:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2024-07-18 06:50 - 2018-05-01 22:10 - 000000000 ____D C:\Program Files (x86)\Java
2024-07-17 19:14 - 2018-07-08 15:59 - 000000000 ____D C:\Users\chredge\AppData\Local\D3DSCache
2024-07-17 17:29 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-17 17:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-07-17 06:25 - 2012-12-23 22:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-16 07:03 - 2021-04-22 18:11 - 000976178 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-07-16 07:02 - 2022-06-29 23:02 - 000000000 ____D C:\Users\chredge\AppData\Local\AMD_Common
2024-07-15 14:54 - 2022-02-15 17:03 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-13 16:27 - 2024-02-22 23:41 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-12 23:24 - 2023-12-03 15:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-07-12 09:04 - 2023-12-03 15:29 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-07-12 09:04 - 2023-12-03 15:29 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-07-12 07:07 - 2020-06-08 14:56 - 000000000 ____D C:\Users\chredge\AppData\Roaming\vlc
2024-07-11 21:21 - 2021-04-22 18:10 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-11 21:21 - 2021-04-22 18:10 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-09 22:51 - 2021-04-22 18:03 - 005321568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-07-09 22:50 - 2024-02-22 23:37 - 000000000 ____D C:\WINDOWS\InboxApps
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-07-09 22:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-07-09 20:18 - 2021-04-22 18:03 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-07-09 20:12 - 2013-08-02 23:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-07-09 20:08 - 2012-12-26 09:07 - 194135240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-07-08 21:50 - 2018-06-06 23:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories ========

2015-12-28 23:34 - 2015-12-28 23:34 - 000000000 _____ () C:\Program Files\Microsoft Security Client
2015-12-28 23:34 - 2015-12-28 23:34 - 000000000 _____ () C:\Program Files (x86)\ATI Technologies
2016-04-02 22:53 - 2024-01-23 21:39 - 000000132 _____ () C:\Users\chredge\AppData\Roaming\Adobe BMP Format CS5 Prefs
2016-07-17 23:20 - 2021-03-20 14:36 - 000000132 _____ () C:\Users\chredge\AppData\Roaming\Adobe PNG Format CS5 Prefs
2019-02-28 22:21 - 2019-02-28 22:21 - 000000132 _____ () C:\Users\chredge\AppData\Roaming\Adobe Targa Format CS5 Prefs
2017-01-08 08:57 - 2017-01-30 19:16 - 000000347 _____ () C:\Users\chredge\AppData\Roaming\WB.CFG
2016-07-03 12:04 - 2018-07-22 17:37 - 002128896 _____ () C:\Users\chredge\AppData\Local\file__0.localstorage
2018-03-24 15:47 - 2018-03-24 15:47 - 000001810 _____ () C:\Users\chredge\AppData\Local\recently-used.xbel
2017-11-11 17:58 - 2017-11-11 17:58 - 000000017 _____ () C:\Users\chredge\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

***Now for the addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.07.2024
Ran by chredge (20-07-2024 14:56:51)
Running from C:\Users\chredge\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4651 (X64) (2021-04-22 17:10:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3466739526-2485095647-408758403-500 - Administrator - Disabled)
chredge (S-1-5-21-3466739526-2485095647-408758403-1009 - Administrator - Enabled) => C:\Users\chredge
DefaultAccount (S-1-5-21-3466739526-2485095647-408758403-503 - Limited - Disabled)
Guest (S-1-5-21-3466739526-2485095647-408758403-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3466739526-2485095647-408758403-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3466739526-2485095647-408758403-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1394 OHCI Compliant Host Controller (Legacy) (HKLM-x32\...\{B12878BB-DA05-4F25-96E7-E0200428B220}) (Version: 0.0.1 - Microsoft Corporation)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 23.7.2 - Advanced Micro Devices, Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
Branding64 (HKLM\...\{2A677A6A-43E8-4FE3-A273-07B0E27DADAE}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{4757C19B-4CE3-418C-91D2-E15E938091FB}) (Version: 2.0.39.0 - Epic Games, Inc.)
GDR 5343 for SQL Server 2012 (KB3045321) (64-bit) (HKLM\...\KB3045321) (Version: 11.2.5343.0 - Microsoft Corporation)
GDR 5388 for SQL Server 2012 (KB3194719) (64-bit) (HKLM\...\KB3194719) (Version: 11.2.5388.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.128 - Google LLC)
Google Earth Pro (HKLM\...\{3470AD08-85F2-4B1D-8487-FC4750732087}) (Version: 7.3.6.9796 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Webcam HD 2300 Software (HKLM-x32\...\{74E6771A-47B5-433E-A96F-15E29F70F920}) (Version: 1.00.0000 - Hewlett-Packard)
HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 8.02 - Martin Malik, REALiX s.r.o.)
Imaging And Configuration Designer (HKLM-x32\...\{E0F2B4CC-8551-9304-84E0-73535C1AA953}) (Version: 10.1.17134.1 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{E1A52E1E-7F37-2A0D-3F17-F4B349EB9EA2}) (Version: 10.1.17134.1 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{0EAC56B8-9CC7-C9E0-A0FB-62A6787D2699}) (Version: 10.1.17134.1 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{171C7193-1BB5-4619-BF23-E962598CAB13}) (Version: 1.23.943.1 - Intel Corporation) Hidden
Java 8 Update 162 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{C690B2D9-0AA8-8CDA-965D-FED648C3EF9C}) (Version: 10.1.17134.1 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 7.1.5.2 (HKLM\...\{4F0D0C39-A2CD-4908-AA4C-A1CC9BDCD71A}) (Version: 7.1.5.2 - The Document Foundation)
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version: - Creative Technology Ltd.)
Malwarebytes version 5.1.6.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.6.117 - Malwarebytes)
MediaHuman Audio Converter version 1.9.4 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.9.4 - MediaHuman)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.102 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}) (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}) (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{DC5602AF-666C-4A56-92C3-B8D675003775}) (Version: 11.1.2818.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{2B9EE1FE-105F-4093-A40E-C1BF12F873B7}) (Version: 11.2.5388.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 RsFx Driver (HKLM\...\{9F616548-62E3-4C12-9E35-74A650BC199C}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{C23DBA16-E075-41BE-AE2E-C1B0DD0B4535}) (Version: 11.2.5388.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{FA73FAE6-BAE5-4928-8CBB-00D311B6DFD3}) (Version: 11.2.5388.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{DEB263CA-0386-4648-8382-FB78DBFA2C5F}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30133 (HKLM\...\{E699E009-1C3C-4E50-9B57-2B39F0954C7F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30133 (HKLM\...\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (HKLM\...\{90BF0360-A1DB-4599-A643-95AB90A52C1E}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 128.0 (x64 en-GB)) (Version: 128.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
MUSTEK 1248UB V1.2 (HKLM-x32\...\{514C5488-192E-4C40-ACE5-CD28ECEED0E3}) (Version: 1.00.0000 - mustek) Hidden
MUSTEK 1248UB V1.2 (HKLM-x32\...\InstallShield_{514C5488-192E-4C40-ACE5-CD28ECEED0E3}) (Version: 1.00.0000 - mustek)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
paint.net (HKLM\...\{A89BF790-0679-403A-9CC7-4015DBF4FEBA}) (Version: 5.0.13 - dotPDN LLC)
PC VGA Camer@ Plus (HKLM-x32\...\{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}) (Version: 1.0.0.19 - Aecotech)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: 1.6.0 - PCSX2 Team)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Pegasun System Utilities (HKLM-x32\...\{BFDC3B26-7DB0-43D3-BC84-7E9649C157EA}_is1) (Version: 7.1 - Pegasun)
PixInsight Core for Windows (HKLM-x32\...\PCL64) (Version: - )
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Qtracker (HKLM-x32\...\Qtracker) (Version: 4.92 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.053.1001.2021 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
RegiStax 5 (HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\RegiStax 5) (Version: - )
RegiStax 6 (HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\RegiStax 6) (Version: - )
RegiStax 6.1.0.8 update (HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\RegiStax 6.1.0.8 update) (Version: - )
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
Shotcut (HKLM-x32\...\Shotcut) (Version: 20.04.12 - Meltytech, LLC)
SlimComputer (HKLM-x32\...\{80BDBB4C-163E-4F4B-9533-59A7ED62A695}) (Version: 1.1.4130 - )
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SQL Server 2012 Analysis Services (HKLM\...\{9674CB74-4808-4B59-B79D-9AB501F23279}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Analysis Services (HKLM\...\{FB1349FD-D102-4722-9F0A-2543670FF7FB}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (HKLM\...\{656E214E-B73F-458C-AD64-ED316F008207}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (HKLM\...\{EE1B54D1-BFBC-4C19-8D66-E0AF3E967896}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (HKLM\...\{6B3840D6-4B8F-4E74-9202-9CE36DA94E99}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (HKLM\...\{7842C220-6E9A-4D5A-AE70-0E138271F883}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (HKLM\...\{3C50A8F3-6BB8-44E8-9B8B-D3696561DF2E}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (HKLM\...\{80162C08-0FA6-4656-9685-AD88C6527F0B}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (HKLM\...\{1ABA92B0-CD1F-478B-A351-415F79B2A9E6}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (HKLM\...\{38661DD1-576D-48CA-A188-F97819D5B5FB}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (HKLM\...\{7272DF1C-2F88-43AC-A481-84DD67DF9746}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (HKLM\...\{B3192F55-2CE8-4C8E-9E40-D3B4998276B2}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (HKLM\...\{CECA0188-BD7A-43EF-B1F7-DDF719099C46}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (HKLM\...\{34A7A77A-A23D-44ED-B3B6-EC8198BE2622}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (HKLM\...\{22BCA430-2A68-4678-9824-184F3839948F}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (HKLM\...\{36BF5D42-BF68-4E0C-A165-A4C6E9841F4A}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (HKLM\...\{DCCB1789-1DA0-4E3A-A52F-7815B602CC98}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (HKLM\...\{FCD81E1A-6ED6-4F19-A572-82FFE102654E}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (HKLM\...\{D307B5CF-D1F0-48A4-8DA3-54765F535208}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.2.5058.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TemWebRTCPlugin (HKLM-x32\...\{00A96020-0597-4602-9E6F-FDACD74483B4}) (Version: 0.8.902 - Temasys)
the Free Unix Spectrum Emulator (Fuse) 1.6.0 (HKLM-x32\...\Fuse) (Version: 1.6.0 - )
Toolkit Documentation (HKLM-x32\...\{563689A6-D95B-EA6D-665F-97959643E0DB}) (Version: 10.1.17134.1 - Microsoft) Hidden
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 137.0.10799 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UEV Tools on amd64 (HKLM\...\{45B55BB8-B09F-6204-E1A1-1443C81DCDA9}) (Version: 10.1.17134.1 - Microsoft) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
User State Migration Tool (HKLM-x32\...\{E224B062-6D80-A746-F08C-9847DF1B5144}) (Version: 10.1.17134.1 - Microsoft) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{d794748d-72e9-45d7-9ab7-83d6c4c80f7f}) (Version: 10.1.17134.1 - Microsoft Corporation)
Windows Deployment Customizations (HKLM-x32\...\{A28EBA01-553B-4346-F8F2-E780592F0BB8}) (Version: 10.1.17134.1 - Microsoft) Hidden
Windows Deployment Tools (HKLM-x32\...\{C4443D4E-AC00-CF0E-9519-C9111E83ADBB}) (Version: 10.1.17134.1 - Microsoft) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{CE52672C-A0E9-4450-8875-88A221D5CD50}) (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows PE ARM ARM64 (HKLM-x32\...\{C80B2DA8-46D4-EFFC-8054-D2C663C468D7}) (Version: 10.1.17134.1 - Microsoft) Hidden
Windows PE ARM ARM64 wims (HKLM-x32\...\{1C15FC16-76B9-E297-905C-0A99FBC5DA1F}) (Version: 10.1.17134.1 - Microsoft) Hidden
Windows PE x86 x64 (HKLM-x32\...\{346FC109-E9A8-2224-5726-843C7283E4F7}) (Version: 10.1.17134.1 - Microsoft) Hidden
Windows PE x86 x64 wims (HKLM-x32\...\{64FF0563-D6F1-C8E4-56F8-F678D1158C58}) (Version: 10.1.17134.1 - Microsoft) Hidden
Windows System Image Manager on amd64 (HKLM-x32\...\{90D52AE3-4CAB-C97A-84D9-9DF0348BBDCA}) (Version: 10.1.17134.1 - Microsoft) Hidden
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.123 - MSI)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WP_CPTT_NT-x86-fre (HKLM-x32\...\{E6F4B9E6-6C5C-9EE0-1CEC-23F80B1960F5}) (Version: 10.1.17134.1 - Microsoft) Hidden
WPT Redistributables (HKLM-x32\...\{EEB65046-3AB2-821A-12BD-F0C0490D46D2}) (Version: 10.1.17134.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{C7B318E4-43EF-AA14-637F-6C6EDF59917D}) (Version: 10.1.17134.1 - Microsoft) Hidden
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
ZX-Paintbrush (HKLM-x32\...\{59EBF467-993A-48CC-98AE-34510EE8A1F0}) (Version: 2.4.0.1 - Claus Jahn)
Packages:
=========
AMD Link -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDLink_10.23.30003.0_x64__0a9344xs7nr4m [2024-01-25] (Advanced Micro Devices Inc.)
DuckDuckGo -> C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.56.1.0_x64__ya2fgkz3nks94 [2023-11-05] (DuckDuckGo)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-01-28] (Microsoft Corporation) [MS Ad]
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.4.2.0_x64__sbe4t8mqwq93a [2024-07-17] (NG PDF Lab) [Startup Task]
Windows App Studio Installer -> C:\Program Files\WindowsApps\Microsoft.WindowsAppStudioInstaller_1.0.18.0_x86__8wekyb3d8bbwe [2023-01-28] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-09-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2022-11-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-09-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-22] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-22] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-22] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\chredge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\DBandT Helper.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=mpnidfjngpijmjaloelmomppgpebokim
ShortcutWithArgument: C:\Users\chredge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Christopher (veolia.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
==================== Loaded Modules (Whitelisted) =============
2012-12-23 21:04 - 2012-03-26 18:12 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2021-04-22 18:05 - 2021-04-22 18:05 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6229_none_8a167c0b2edeae4c\ATL80.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_162\bin\ssv.dll [2018-05-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-05-02] (Oracle America, Inc. -> Oracle Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2024-07-18 06:52 - 2024-07-18 06:52 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\adb;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\ProgramData\chocolatey\bin;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\chredge\Desktop\microsoft_nostalgic_windows_wallpaper_4k.jpg
HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk => C:\Windows\pss\What's my computer doing.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Chromium => "c:\users\chredge\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: MicrosoftEdgeAutoLaunch_3B3BB905A374F1CF0D310AB30E4EDE63 => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\...\StartupApproved\StartupFolder: => "Watch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "What's my computer doing.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run32: => "cmsc"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RtsCM"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "appnhost"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\StartupApproved\Run: => "vidnotifier.exe"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A5A387CE-60A9-47D2-858F-FF5F5A867BF2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B45FFF36-8BD2-4088-8EFF-E2A1267ECC52}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{78016A53-190B-440B-BBBC-1F5EA3A62B31}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe (Ronald E. Mercer) [File not signed]
FirewallRules: [TCP Query User{6CB6F6C2-9ACE-4CD0-AFED-7747D071EE74}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe (Ronald E. Mercer) [File not signed]
FirewallRules: [UDP Query User{7AB173E6-26C0-4BCB-8386-6ED42715A83A}C:\users\chredge\desktop\openarena-0.8.8\openarena.exe] => (Allow) C:\users\chredge\desktop\openarena-0.8.8\openarena.exe () [File not signed]
FirewallRules: [TCP Query User{998595D1-4A45-478A-A1EB-4365F00808A8}C:\users\chredge\desktop\openarena-0.8.8\openarena.exe] => (Allow) C:\users\chredge\desktop\openarena-0.8.8\openarena.exe () [File not signed]
FirewallRules: [{F16C9550-FF25-43F6-B2E3-C326A56E530C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [{C07C0AFA-25DA-4F18-A225-342B944FF738}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [UDP Query User{C28774B5-C54C-4FB4-8D87-5B5126F8200C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{089CEDDF-E4CB-4DD2-A91C-4F1C6938F286}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23F73AC9-43A7-4903-9AAB-1AD8064A7BBA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0808F055-1FE7-4613-B994-2AC6B0E421F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{668F70CF-F4D7-4F7E-8668-1169392C5391}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{65B945B7-5306-4657-8950-8BB42B08B16B}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{2E8B619A-CF34-4020-A5AD-12B7236A8243}] => (Allow) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.56.1.0_x64__ya2fgkz3nks94\WindowsBrowser\WebView2\msedgewebview2.exe (Duck Duck Go, Inc. -> Microsoft Corporation)
FirewallRules: [{3621FAFB-8E8B-453D-99B4-C9FD2627AE7A}] => (Allow) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.56.1.0_x64__ya2fgkz3nks94\WindowsBrowser\WebView2\msedgewebview2.exe (Duck Duck Go, Inc. -> Microsoft Corporation)
FirewallRules: [{C382FDEC-E3F5-4317-88B4-1601038892BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CB0AB420-C938-4AED-83E8-9651C1B7B756}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{130B8B32-2EBC-41A9-8D46-EA29A2044F40}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9D6C8437-0FA7-4AD6-8835-56AB6D836242}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.102\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64738077-F7F5-430E-9AB4-3CB8C2DB3FA1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
29-06-2024 18:59:21 Scheduled Checkpoint
09-07-2024 06:44:53 Scheduled Checkpoint
17-07-2024 19:18:52 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/20/2024 02:51:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
Error: (07/20/2024 02:51:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 113) (User: )
Description: The report server cannot create the Cache Flushes/Sec performance counter.
Error: (07/20/2024 02:51:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 113) (User: )
Description: The report server cannot create the Total Cache Flushes performance counter.
Error: (07/20/2024 02:51:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 113) (User: )
Description: The report server cannot create the Snapshot Updates/Sec performance counter.
Error: (07/20/2024 02:51:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 113) (User: )
Description: The report server cannot create the Total Snapshot Updates performance counter.
Error: (07/20/2024 02:51:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 113) (User: )
Description: The report server cannot create the Events/Sec performance counter.
Error: (07/20/2024 02:51:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 113) (User: )
Description: The report server cannot create the Total Events performance counter.
Error: (07/20/2024 02:51:45 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 113) (User: )
Description: The report server cannot create the Delivers/Sec performance counter.
System errors:
=============
Error: (07/20/2024 02:51:07 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (07/20/2024 01:21:48 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (07/20/2024 01:20:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAMSUNG Mobile Connectivity Service V2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
Error: (07/20/2024 01:20:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
Error: (07/20/2024 01:20:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (07/20/2024 01:20:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD Crash Defender Service service terminated unexpectedly. It has done this 1 time(s).
Error: (07/20/2024 01:20:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
Error: (07/20/2024 11:29:22 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Windows Defender:
================Event[0]:
Date: 2024-07-18 22:27:31
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
==================== Memory info ===========================
BIOS: American Megatrends Inc. V2.4 06/19/2012
Motherboard: MSI Z77A-G41 (MS-7758)
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 29%
Total physical RAM: 16332.88 MB
Available physical RAM: 11474.95 MB
Total Virtual: 32716.88 MB
Available Virtual: 26307.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.26 GB) (Free:227.13 GB) (Model: Samsung SSD 850 EVO 500GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (Storage1) (Fixed) (Total:465.75 GB) (Free:218.52 GB) (Model: Hitachi HDT721050SLA360) NTFS
\\?\Volume{03a9c944-0000-0000-0000-c05074000000}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 03A9C944)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=511 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 658D658D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================

 

[Malnutrition]

. I am currently at work, I’ll be home in 8 or so hours. I’ll have to check this on my laptop.

 

[Malnutrition]

Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
EmptyEventLogs:
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableCloudClipboard] 0
HKLM\Software\Policies\...\system: [CloudClipboardAutomaticUpload] 0
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Run: [MicrosoftEdgeAutoLaunch_3B3BB905A374F1CF0D310AB30E4EDE63] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3883560 2024-07-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKLM\...\Run: [C:\WINDOWS\system32\V0770Ext.ax] => C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0770Ext.ax (No File)
HKLM-x32\...\Run: [C:\WINDOWS\System32\V0770Ext.ax] => C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\System32\V0770Ext.ax (No File)
HKU\S-1-5-21-3466739526-2485095647-408758403-1009\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
Task: {116E3548-253D-4F04-A9E0-FC4387A9822F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C5E60AA-0C47-4621-A967-049429A2D4DF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {38883215-466E-4BD7-8D0C-2A569F5179EE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {519A8396-93C1-430C-9B66-957F837C561F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5243425B-993B-40ED-BDF5-92AB68DBF2EF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {868E7A8D-EFAC-4ECD-9354-CA69CBC63EC0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9BD0A96C-7DCD-4E94-A191-650252DE7A6A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BD83E793-452E-4EC7-83B7-FBE05E1FCD87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D5330EA6-8548-46B2-8013-23AB0D32C1A2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DF573AD4-8335-432C-8091-D74A4B1A2544} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E27C0C30-95E3-440E-B7EF-67557F3B763D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EE8419BF-8261-44DF-9F69-5398DCE47A1A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FBA7627D-3194-440A-87DD-3563128AA85A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {20697CEF-A6C5-4754-86A4-F48E8E92C130} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {99DAB5B9-B9AA-45EF-B826-3F7DB707F69D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c (No File)
Task: {E1E5EA9B-45B0-44B6-90F5-9A05AD38AAE7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler (No File)
Task: {16FE398A-2720-4078-BDF8-C4F616A8DAFD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1ECF0236-9F72-45BA-AD5B-1C3ACF743F2C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {1EC448A7-56D8-444F-8FFB-419390675C2E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {7698B61B-812C-42E9-9A79-EBD591212F69} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {5D92A073-3E21-451D-A751-29DD8BF4B1CC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {3BA3CF0C-28CE-46C7-8EB0-EFADED5D7B26} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {41CBF80B-D38A-4887-951C-827F277A149E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {AF9D17B0-C1C9-467A-BF18-79EA73477B89} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {6772B81E-2739-4656-A805-A38B57F6BB3E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {D72F9EF5-E92D-4349-91D7-C11F80585250} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {04927EC1-C6B4-4772-8E6E-033034782CD1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {6A0B3724-EC49-4DEB-96D3-CD6E3849B0A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {F1851D8E-5C21-44CF-88B4-F0A2D466E043} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {1A793F00-F97B-428A-8963-F4B1118CBAEE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {9A789A97-DE78-46CF-9163-6F9E23B559B1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {2183BFE5-4329-40F4-8A9D-C53244CAC165} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {91CC317A-B720-482D-BEE7-D9F25F0FD773} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {E394741E-C4AD-4E3B-B0CA-E403EEE20BAA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {381A8673-B576-4AB8-95F1-DC99CF561C00} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {3BEE19E5-67EC-4563-BF63-FE89F704316E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {6B34BB93-5EF8-407B-AB1D-17F2D65B30EA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {DA44B33B-AC1F-41F5-B95D-8F686BE929EE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {AAA61D29-CF9C-488F-9E9F-30252612D69E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {B6BCB4E1-4114-4150-BE26-CE5DC04DE4BC} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe (No File)
Task: {862DFBA4-23F4-41E6-A5DD-A3EE59B73024} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => "C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe" /apply /silent /atlogon (No File)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
unlock: C:\Program Files (x86)\Safer-Networking Ltd
unlock: C:\Program Files\Common Files\AVAST Software
unlock: C:\Program Files\Microsoft Security Client
unlock: C:\Program Files (x86)\IObit
C:\Program Files (x86)\IObit
C:\Program Files\Microsoft Security Client
C:\Program Files (x86)\Safer-Networking Ltd
C:\Program Files\Common Files\AVAST Software
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{013b464c-8697-4c75-99ff-506f33faecca}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{2925c1fa-818d-4087-b6e4-fe1470812e13}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{5e6392e4-179a-44fc-8ee8-ff0999cbc492}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{6a48626b-bb9c-4aa2-9d50-d55a281d5918}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{bd7af2aa-0472-42f1-8119-fbbde3ff19d3}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{ee550c16-21cf-4ff9-a401-2758c1a38dbe}: [DhcpNameServer] 194.168.4.100 194.168.8.100
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-06-20]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 11\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-06-27]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 12\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-12-07]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\gomekmidlodglbbmalcneegieacbdmki [2024-02-26]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2024-06-05]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-01-21]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-02-24]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-03-01]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-02-15]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-03-17]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-04-18]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-04-25]
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X]
Task: {C43DE1C1-1630-4296-82DC-9BE28A3339E2} - System32\Tasks\{DAF28B77-7893-4299-9FE0-8B7FE3AC27C2} => C:\Windows\System32\pcalua.exe [88064 2024-07-09] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\IObit\Advanced SystemCare 8\unins000.exe"
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_chredge.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
2024-07-20 13:20 - 2019-05-05 15:21 - 000000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\ReportServer\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\MSSQLServerOLAPService\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\MSSQLSERVER\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\MSSQLFDLauncher\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\MsDtsServer110\AppData\Roaming\IObit
2024-07-20 13:20 - 2018-06-06 23:36 - 000000000 ____D C:\Users\chredge\AppData\Roaming\IObit
2024-07-20 13:20 - 2015-12-05 07:38 - 000000000 ____D C:\Users\chredge\AppData\LocalLow\IObit
2024-07-20 13:20 - 2015-04-04 08:41 - 000000000 ____D C:\ProgramData\IObit
2024-07-20 13:20 - 2015-04-04 08:41 - 000000000 ____D C:\Program Files (x86)\IObit
2017-01-08 08:57 - 2017-01-30 19:16 - 000000347 _____ () C:\Users\chredge\AppData\Roaming\WB.CFG
2016-07-03 12:04 - 2018-07-22 17:37 - 002128896 _____ () C:\Users\chredge\AppData\Local\file__0.localstorage
2018-03-24 15:47 - 2018-03-24 15:47 - 000001810 _____ () C:\Users\chredge\AppData\Local\recently-used.xbel
2017-11-11 17:58 - 2017-11-11 17:58 - 000000017 _____ () C:\Users\chredge\AppData\Local\resmon.resmoncfg
ShortcutWithArgument: C:\Users\chredge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\DBandT Helper.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=mpnidfjngpijmjaloelmomppgpebokim
ShortcutWithArgument: C:\Users\chredge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Christopher (veolia.com) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
StartBatch:
WMIC SERVICE WHERE Name="dcomlaunch" set startmode="auto"
WMIC SERVICE WHERE Name="nsi" set startmode="auto"
WMIC SERVICE WHERE Name="dhcp" set startmode="auto"
WMIC SERVICE WHERE Name="rpcss" set startmode="auto"
WMIC SERVICE WHERE Name="rpceptmapper" set startmode="auto"
WMIC SERVICE WHERE Name="winmgmt" set startmode="auto"
WMIC SERVICE WHERE Name="sdrsvc" set startmode="manual"
WMIC SERVICE WHERE Name="vss" set startmode="manual"
WMIC SERVICE WHERE Name="eventlog" set startmode="auto"
WMIC SERVICE WHERE Name="bfe" set startmode="auto"
WMIC SERVICE WHERE Name="eventsystem" set startmode="auto"
WMIC SERVICE WHERE Name="msiserver" set startmode="manual"
WMIC SERVICE WHERE Name="sstpsvc" set startmode="manual"
WMIC SERVICE WHERE Name="rasman" set startmode="manual"
WMIC SERVICE WHERE Name="trustedinstaller" set startmode="auto"
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
"%WINDIR%\SYSTEM32\lodctr.exe" /R
"%WINDIR%\SysWOW64\lodctr.exe" /R
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winhttp reset proxy
bitsadmin /list /allusers
bitsadmin /reset /allusers
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
netsh advfirewall reset
netsh advfirewall set allprofiles state on
del /f /s /q %windir%\prefetch\*.*
sc stop sysmain
sc config sysmain start= disabled
sc stop DiagTrack
sc config DiagTrack start= disabled
sc stop dmwappushservice
sc config dmwappushservice start= disabled
sc stop WSearch
sc config WSearch start= disabled
sc stop lfsvc
sc config lfsvc start= disabled
Endbatch:
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
End::

 

[Ginger-Overlord]

Hi,

Please find the attached Fixlog.txt

 

[Malnutrition]

We removed a heap of garbage, we will make one more dig for trash files. How is the machine running?

Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.

 

[Ginger-Overlord]

Hi,

The PC is running super-quick and super-smooth at the moment, like it's had a new lease of life! A spring chicken again! Cheers.

Here's the ZHPdiag.txt

 

[Malnutrition]

A spring chicken again!

Let me take a look at this log will take 30 minutes or so....

Do you use edge?
Do you use One Drive?
Bitlocker?
Care for updates?

You can disable them all with these tools.

Edge Blocker https://www.sordum.org/downloads/?st-edge-block
Disable One Drive. https://www.howtogeek.com/225973/ho...d-remove-it-from-file-explorer-on-windows-10/
Disable Bitlocker https://support.lenovo.com/us/en/so...urn-off-bitlocker-in-windows-10-or-windows-11
Disable updates https://www.sordum.org/9470/windows-update-blocker-v1-8/

---

---

Clean up old temp files etc Privazer https://privazer.com/en/

 

[Malnutrition]

Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
DeleteValue: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|DriverUpdate.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceStream
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|CCleaner Smart Cleaning
DeleteValue: HKEY_USERS\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|CCleaner Monitoring
DeleteValue: HKEY_USERS\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceStream
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|IObit Malware Fighter
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AvastUI.exe
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Wondershare Helper Compact.exe
DeleteKey: HKLM\SOFTWARE\AVAST Software
DeleteKey: HKLM\SOFTWARE\CoreSecurity
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Auslogics
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Symantec
DeleteKey: HKCU\SOFTWARE\Avast Software
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\IObit
DeleteKey: HKCU\SOFTWARE\KasperskyLab
DeleteKey: HKCU\SOFTWARE\Safer Networking Limited
DeleteKey: HKCU\SOFTWARE\Safer-Networking Ltd.
DeleteKey: HKU\.DEFAULT\SOFTWARE\IObit
DeleteKey: HKU\.DEFAULT\SOFTWARE\Safer Networking Limited
DeleteKey: HKU\.DEFAULT\SOFTWARE\Safer-Networking Ltd.
DeleteKey: HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\Avast Software
DeleteKey: HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\IObit
DeleteKey: HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\KasperskyLab
DeleteKey: HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\Safer Networking Limited
DeleteKey: HKU\S-1-5-21-3466739526-2485095647-408758403-1009\SOFTWARE\Safer-Networking Ltd.
DeleteKey: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
File: C:\WINDOWS\System32\drivers\ElRawDsk.sys
File: C:\WINDOWS\System32\drivers\JitDriver.sys
File: C:\IORRT\IORRT.bat
VirusTotal: C:\WINDOWS\System32\drivers\JitDriver.sys
C:\Users\chredge\AppData\Local\AVAST Software
C:\ProgramData\Driver Support
C:\ProgramData\McAfee
C:\ProgramData\Trend Micro
C:\Program Files (x86)\Common Files\IObit
C:\Users\chredge\AppData\Local\Safer-Networking Ltd
emptytemp:
Reboot:
End::

---

---

Security Check Scan.

• Download Security Check to your desktop.
• Right click it run as administrator.
• When the program completes, the tool will automatically open a log file.
• Please Copy and paste that log here in your next post.
• There will be items listed in red when you post this log, those items need to be updated.

 

[Ginger-Overlord]

Hi again,

The Fixlog you asked for is attached.

Here is the SecurityChecklist.txt:

SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24]
WebSite: www.safezone.cc
DateLog: 20.07.2024 21:28:51
Path starting: C:\Users\chredge\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: chredge
VersionXML: 12.38is-14.07.2024
___________________________________________________________________________
Windows 10(6.3.19045) (x64) Core Release: 2009 Lang: English(0409)
Installation date OS: 22.04.2021 17:10:26
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.3 Gb] Used: [231.7 Gb] Free: [233.6 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 2)
Automatically download and schedule installation
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.1.6.117 v.5.1.6.117
--------------------------- [ OtherUtilities ] ----------------------------
AMD Software v.23.7.2 Warning! Download Update
Microsoft SQL Server 2012 (64-bit) Warning! This software is no longer supported.
Microsoft SQL Server 2012 Native Client v.11.2.5388.0 Warning! This software is no longer supported.
LibreOffice 7.1.5.2 v.7.1.5.2 Warning! Download Update
Microsoft .NET Framework 4.5.1 v.4.5.50938 Warning! Download Update
Microsoft SQL Server 2012 RsFx Driver v.11.2.5058.0 Warning! This software is no longer supported.
Microsoft SQL Server 2008 Setup Support Files v.10.1.2731.0 Warning! This software is no longer supported.
Microsoft SQL Server 2012 Setup (English) v.11.2.5388.0 Warning! This software is no longer supported.
Microsoft SQL Server 2012 T-SQL Language Service v.11.0.2100.60 Warning! This software is no longer supported.
Microsoft SQL Server 2012 Data-Tier App Framework v.11.1.2818.0 Warning! This software is no longer supported.
Microsoft SQL Server 2012 Transact-SQL ScriptDom v.11.2.5058.0 Warning! This software is no longer supported.
Microsoft SQL Server 2012 Management Objects (x64) v.11.0.2100.60 Warning! This software is no longer supported.
Microsoft SQL Server 2012 Transact-SQL Compiler Service v.11.2.5388.0 Warning! This software is no longer supported.
Microsoft Edge WebView2 Runtime v.126.0.2592.113 [+]
Steam v.1.0.0.0 Warning! Download Update
Microsoft SQL Server 2008 R2 Management Objects v.10.51.2500.0 Warning! This software is no longer supported.
Microsoft SQL Server 2012 Management Objects v.11.0.2100.60 Warning! This software is no longer supported.
Microsoft SQL Server 2012 Policies v.11.2.5058.0 Warning! This software is no longer supported.
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 5.70 (64-bit) v.5.70.0 Warning! Download Update
------------------------------- [ Imaging ] -------------------------------
paint.net v.5.0.13
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 162 v.8.0.1620.12 Warning! Download Update
Uninstall old version and install new one (jre-8u411-windows-i586.exe).
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.10 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it.
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 en-GB) v.128.0
Google Chrome v.126.0.6478.128 [+]
Microsoft Edge v.126.0.2592.113 [+]
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1306
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe v.4.18.24060.7
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe v.4.18.24060.7
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
PrivaZer v.4.0.90.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
AppNHost 1.0.5.1 v.1.0.5.1 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------

 

[Malnutrition]

Make sure and update everything you can as per log. Or use Patch My PC Home
Remove Anything you do not want on the machine with GeekUninstaller.

---

---

This file comes back as malicious when I run the MD5 at VirusTotal. I want to be sure before we remove anything, so I'll have you manually scan it.


Upload to VT

Upload Files to VirusTotal

• Please go to VirusTotal.
• Click the Choose File button.
• Navigate to >>>>>>>> C:\WINDOWS\System32\drivers\ElRawDsk.sys
• or simply copy and paste it.
• Click the Scan it! button.
• You might see a message saying File already analysed, if you do click Reanalyse.
• Wait for all the scans to finish then copy and paste the web address from your broswer's address bar.
  Example of web address :
  
  
  
• Include the link in your next reply.

---

---

Are there any more issues to speak of?

You recognize these?

CHR Extension: (Bomgar Remote Support) - C:\Users\chredge\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipfljipbjloahhabacnofonhfbddnajm [2021-12-10]

---

FF Plugin HKU\S-1-5-21-3466739526-2485095647-408758403-1009: temasys.com.sg/TemWebRTCPlugin -> C:\Users\chredge\AppData\Roaming\Tem\TemWebRTCPlugin\0.8.902\npTemWebRTCPlugin.dll [2017-10-26] (Temasys Communications Pte Ltd -> Temasys)
StartMenuInternet: FIREFOX.EXE - firefox.exe

 

[Ginger-Overlord]

Hi,

Cheers for your ongoing help this evening, really appriciate it!

I will have to go bed soon, so I will perform your requests tomorrow morning and update you.

Good night and thanks again.