|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
July 31st, 2023, 11:43 PM
|
||||
|
||||
I think I may have malware on my computer
Thank you for reading this post. Several weeks ago I began having a problem with Chrome which I normally use. When I would sign in, it was very slow, so I deleted it and then reinstalled it. Then when I would sign in i would get a small pop up screen saying that there was an Enhanced ad privacy in Chrome
I would click "got it" and it would go away and allow me to use chrome. It really became annoying and I have tried many times to remove it and reinstall it. Now I don't have it installed. The last time I downloaded it, it wouldn't work, saying I wasn't connected to the internet but of course I am and could use firefox or opera. I ran cc cleaner and I thought I cleaned up everything. So I checked on line and one suggestion was to flush my dna. I am not able to do that and I'm not sure why. It says flushdna is not recognized as an internal or external command, operable program or bath file. Any help would be greatly appreciated. Thank you so much. Gae Last edited by gaesilva; July 31st, 2023 at 11:47 PM. Reason: got the actual name of the issue in chrome 
|
|
#2
August 1st, 2023, 07:42 PM
|
||||
|
||||
|
Hello Gae,
Not reading much malware in this. As an aside: Click the Start button. ... Click All Programs > Accessories. Select Command Prompt. In the command prompt window, type ipconfig /flushdns. Press Enter. You should see a message confirming that the DNS Resolver Cache was successfully flushed.
|
|
#3
August 3rd, 2023, 12:17 PM
|
||||
|
||||
|
Thank you I was able to flushdns. However I still have a problem getting into Chrome. I deleted Chrome because I am getting so many problems with it. I try to get to chrome through firefox and get the same result.
The ighome page appears in the back and on top of it I get this: Enhanced ad privacy in Chrome Chrome notes topics of interest based on your recent browsing history. Also, sites you visit can determine what you like. Later, sites can ask for this information to show you personalized ads. You can choose which topics and sites are used to show you ads. To measure the performance of an ad, limited types of data are shared between sites, such as the time of day an ad was shown to you. More about ads in Chrome You can make changes in Chrome settings At the bottom of the second screen it says in a box "Got It" or "Settings".....Settings only allows me to change the colors. If I click Got it, the Enhanced Screen goes away but when i try to use Google search, it just keeps spinning and nothing comes up. Any help would be appreciated. This has been going on for quite a while, I even restore to a previous version and have the same problem. Thank you for you help.
|
|
#4
August 5th, 2023, 05:49 PM
|
||||
|
||||
|
Still not reading malware in this. Let's clear out Chrome. Make sure Chrome is uninstalled.
Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
|
|
#5
August 5th, 2023, 11:26 PM
|
||||
|
||||
|
Is this what you see? https://www.androidpolice.com/topics...-beta-rollout/
|
|
#6
August 7th, 2023, 04:53 PM
|
||||
|
||||
|
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2023
Ran by gaele (07-08-2023 11:36:39) Running from C:\Users\gaele.000\Desktop Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2023-06-18 04:01:21) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3036132105-1439115854-3050649200-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3036132105-1439115854-3050649200-503 - Limited - Disabled) gaele (S-1-5-21-3036132105-1439115854-3050649200-1000 - Administrator - Enabled) => C:\Users\gaele.000 Guest (S-1-5-21-3036132105-1439115854-3050649200-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3036132105-1439115854-3050649200-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform) cnn (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\90da1836a8ef40533bf48bf9527efc67) (Version: 1.0 - Google\Chrome) Dell Digital Delivery (HKLM-x32\...\{7B2D0B6F-F02D-4363-ACDF-00DE6247ACBC}) (Version: 3.5.2015.0 - Dell Products, LP) Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.) Dell SupportAssist Remediation (HKLM\...\{0ACC4393-7CDB-4512-800B-0404A9DF75E6}) (Version: 5.5.6.18729 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{3238f3fe-4c2d-4438-8bfd-e6bb87adb36e}) (Version: 5.5.6.18729 - Dell Inc.) Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.) Dynamic Application Loader Host Interface Service (HKLM\...\{74DF895B-001F-456C-BEA4-9254A3FCC5E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.171 - Google LLC) Google News (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\a0f47c7035a67f4ca3363535fdf90fb6) (Version: 1.0 - Google\Chrome) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Intel(R) Icls (HKLM\...\{8761CF94-4FD5-47A0-9F7F-5F9B23371AB4}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2218.2.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{72F03A9B-21C6-4599-95FC-FFB4D9B7F50C}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{B9C358AF-2012-4BD3-A476-CAFB5761B5BC}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME WMI Provider (HKLM\...\{96EC8F94-3894-4F08-8FEF-227E9F790FFC}) (Version: 1.0.0.0 - Intel Corporation) Hidden Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes) Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.16626.20134 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\OneDriveSetup.exe) (Version: 23.147.0716.0001 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\d962ca0c921f22d9) (Version: 17.1.268.13 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 116.0.1 (x64 en-US)) (Version: 116.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.0.2 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company) Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company) Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company) Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company) Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company) Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company) Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden Opera Stable 100.0.4815.76 (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Opera 100.0.4815.76) (Version: 100.0.4815.76 - Opera Software) OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9400.1 - Realtek Semiconductor Corp.) Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company) SupportAssist Recovery Assistant (HKLM\...\{0A51D0FA-351E-48E2-98E3-EE1B2B7F5409}) (Version: 5.5.6.18729 - Dell Inc.) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Wondershare PDFelement ( Version 9.5.10 ) (HKLM\...\{BC2AC233-DEF1-4D05-B6B8-6B46AA69E885}_is1) (Version: 9.5.10 - Wondershare) Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare) Zoom (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\ZoomUMX) (Version: 5.15.2 (18096) - Zoom Video Communications, Inc.) Packages: ========= AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1. 61781.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.14.4.0_x64__htrsf667h5kn2 [2023-07-31] (Dell Inc) Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86_ _htrsf667h5kn2 [2023-07-31] (Dell Inc) Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_6.19.1.0 _x64__kgqvnymyfvs32 [2023-07-31] (king.com) Find Duplicate Files -> C:\Program Files\WindowsApps\28686TrentTaylor.FindDuplicateFi les_0.0.0.0_x64__jcszgpz62jaz4 [2023-07-31] (Trent Taylor) [MS Ad] IntelŽ Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.5131.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP) [Startup Task] IntelŽ Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.53 1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.50901.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.2 3.19.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.54.0_x64__ sbe4t8mqwq93a [2023-07-31] (NG PDF Lab) [Startup Task] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Studios) [MS Ad] Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2023-07-31] (Waves Audio) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> ) ContextMenuHandlers1: [PDFelement.ContextMenu] -> {ea6c980d-7823-3752-88ac-d43b3a873d20} => C:\Program Files\Common Files\Wondershare\PDFelement9\Shell Extensions\PEShellContextMenu4.exe [2023-06-09] (Wondershare Technology Group Co.,Ltd -> Wondershare) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> ) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\gaele.000\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\you tube music - Search.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=camhhmceiekkpjglehlcmcmaeabmidjn --app-url=hxxps://www.bing.com/search?q=you+tube+music&form=ANSPH1&refig=21b77070 ae5945899c53559d32ef0583&pc=U531 --app-launch-source=4 ==================== Loaded Modules (Whitelisted) ============= 2013-02-23 04:12 - 2013-02-23 04:12 - 000126976 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\CynergySystems.Commons.dll 2013-02-04 15:02 - 2013-02-04 15:02 - 000020992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\LinFu.DynamicProxy.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000031744 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Retlang.dll 2013-02-04 15:02 - 2013-02-04 15:02 - 000245760 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\StructureMap.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 001784832 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.Input.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 002735104 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.Navigatio n.dll 2023-06-18 11:34 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2023-06-18 11:34 - 2005-04-22 00:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll 2023-06-18 09:35 - 2013-02-04 13:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000032768 _____ (broloco) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.LambdaExtensions.dll 2023-06-18 11:34 - 2012-07-13 13:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2023-06-18 11:34 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll 2023-06-18 11:34 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2023-06-18 11:34 - 2012-11-29 19:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2023-06-18 11:30 - 2013-01-30 15:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2023-06-18 11:30 - 2012-12-21 12:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2023-06-18 11:30 - 2012-12-21 12:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2023-06-18 11:30 - 2013-01-18 14:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll 2023-06-18 11:34 - 2012-10-19 08:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000237568 _____ (Eric Woodruff) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\EWSoftware.PDI.Data.dll 2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll 2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000148480 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Microsoft.Windows.Shell.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000050688 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\ShaderEffectLibrary.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000215040 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.OpenXmlRendering .dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000036864 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.XpsRendering.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000057344 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\TreeListView.dll 2013-02-04 15:02 - 2013-02-04 15:02 - 001761280 _____ (Neat) [File not signed] C:\Program Files (x86)\Neat\exec\sdk3\Neat.V3.Common.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000349184 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Newtonsoft.Json.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000032768 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Iesi.Collections.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000007168 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.ByteCode.LinFu.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 002117632 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 003219968 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000237056 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.ReportViewer.Wpf.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 002955264 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000270336 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\log4net.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000319488 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Lucene.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000012944 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Classification.AutoDo cument.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000036496 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Configuration.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000267920 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.DocumentEngines.Recei pt.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000046224 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Imaging.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000084112 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.nCapture.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000019600 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.OCR.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000038032 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.AutoDocument.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000201872 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.AutoDocument.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000628368 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Common.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000014480 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Configuration.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000461968 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.DocumentAnalysis.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000061584 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Imaging.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000720016 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Imaging.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000163984 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.nCapture.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000351888 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.nCapture.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000020112 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.OCR.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000097936 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.OCR.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000025744 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Receipt.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000498320 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Receipt.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 006723072 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 000122368 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Models.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000011776 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.PdfExtraction.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 001277952 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatReceipts.Components.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 002075648 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatWorks.CE.Database.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 000042496 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatWorks.Components.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000032768 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\ImageFileInputAd apter\NeatCompany.QuickScan.Inputs.ImageFileInputA dapter.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000122368 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\nCaptureInputAda pter\NeatCompany.QuickScan.Inputs.nCaptureInputAda pter.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000033792 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\PdfFileInputAdap ter\NeatCompany.QuickScan.Inputs.PdfFileInputAdapt er.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000018944 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\PrinterInputAdap ter\NeatCompany.NeatWorks.PrinterInputAdapter.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000139776 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\NeatCompany.QuickScan.Core.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000034304 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\NeatCompany.QuickScan.Interfac es.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000033792 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\ImageFileOutput Adapter\NeatCompany.QuickScan.Outputs.ImageFileOut putAdapter.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000074240 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\NeatOutputAdapt er\NeatCompany.QuickScan.Outputs.NeatOutputAdapter .dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000034816 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\PdfFileOutputAd apter\NeatCompany.QuickScan.Outputs.PdfFileOutputA dapter.dll 2013-02-04 15:02 - 2013-02-04 15:02 - 000022528 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\sdk3\Neat.SDK.V3.Configuration.Net .dll 2013-02-04 15:02 - 2013-02-04 15:02 - 000038400 _____ (The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\sdk3\Neat.V3.Configuration.C.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000102400 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Compression.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000122880 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.FileSystem.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000167936 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Wpf.Controls.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 003133440 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Wpf.DataGrid.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000196608 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Zip.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\gaele.000\Downloads\iTunes64Setup.exe:MBA M.Zone.Identifier [231] AlternateDataStreams: C:\Users\gaele.000\Downloads\tunesgo_setup_full271 0.exe:MBAM.Zone.Identifier [100] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed] Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele.000\AppData\Local\Microsoft\Windows \Themes\RoamedThemeFiles\DesktopBackground\venice 6.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Host => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "BrHelp" HKLM\...\StartupApproved\Run32: => "IndexSearch" HKLM\...\StartupApproved\Run32: => "PaperPort PTD" HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\StartupApproved\StartupFolder: => "OneLaunch.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2AF92735-E52F-4235-9913-E08836D3FF56}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{55FDDF1A-F12D-4878-82DE-4AB319A7F034}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A454FC25-CE19-4694-897B-1801072D6BA9}] => (Allow) D:\AUTORUN.EXE => No File FirewallRules: [{4389B8DD-720B-4E23-811B-798229D12A58}] => (Allow) D:\AUTORUN.EXE => No File FirewallRules: [{D886C8C5-B744-407D-87CC-584E96F5B010}] => (Allow) D:\AUTORUN.EXE => No File FirewallRules: [{1E3D2CB2-01F2-490F-A1B5-6CB666AABE1C}] => (Allow) D:\AUTORUN.EXE => No File FirewallRules: [{8809C457-E45C-4D6A-B383-BF8D38400247}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed] FirewallRules: [{FDBA6ECB-F610-48B1-9BFA-90BACB968066}] => (Allow) LPort=54925 FirewallRules: [TCP Query User{8438EDCD-56B8-4F9A-8EAE-0E2BA1375187}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software) FirewallRules: [UDP Query User{E5A5ED5A-2740-4BF3-B955-A8C739BB9659}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software) FirewallRules: [TCP Query User{AAD2956C-1729-472F-9448-00ED8E39941C}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software) FirewallRules: [UDP Query User{EA6B6508-1D7C-46B0-B095-42448D084FE7}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software) FirewallRules: [{25280E73-70BA-47BC-BA79-782371C3803F}] => (Allow) C:\Users\gaele.000\AppData\Roaming\Zoom\bin\Zoom.e xe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{13D17F2B-328C-4B26-990A-83F04653823D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C82BEFDC-D688-4604-8AD1-5573C355D81E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{91D0B12C-65CC-4E0B-8524-831A722CE131}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A96DA85B-0FC1-40FE-8702-72D3661DDA8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6D2299D1-A56B-479D-91DE-05629309F22D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D2F34186-5AFB-4C2A-87A1-DBAAD106C052}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B20CD597-E92A-42E9-B7F1-EB8C6A4209A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{11222815-A0C1-4ECF-81D8-C5DBF3D792BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8CA33CEE-E480-4A86-AD6B-1072592E4957}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C7B883F6-37E3-405A-97E2-47994D3D359E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{FD149D9B-6E79-40C7-9243-AF384C86253F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9EC98D8E-C2B9-4A9B-88BA-EB9D0A061564}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{81F6D74F-DF02-466B-BCFB-00A2FFCF445E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7AEE4769-6126-433C-BC2D-67C1E9C4DEE9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901 .188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DA677347-AE07-402F-BB9C-94429F3BF281}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 19-07-2023 22:03:59 July 19 2023 after resetting a few week s ago. 27-07-2023 04:11:02 Scheduled Checkpoint 31-07-2023 13:54:59 Restore Operation ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-KJSDKU5.local already in use; will try DESKTOP-KJSDKU5-2.local instead Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-KJSDKU5.local. Addr 192.168.0.15 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA FE80:0000:0000:0000:5976:FB70:E481:2085 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:84B4:5076:A62C:8714 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:2CB7:A727  BFB:58B3System errors: ============= Error: (08/03/2023 08:07:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (08/02/2023 04:08:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {348f0158-26b9-484f-86ee-822da5ef551e}, had event 74 Error: (07/31/2023 02:42:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Mozilla Maintenance Service service terminated with the following error: Incorrect function. Error: (07/31/2023 12:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (07/29/2023 12:27:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (07/27/2023 01:33:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (07/25/2023 04:04:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (07/23/2023 06:07:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Windows Defender: ================ Date: 2023-08-06 18:38:12 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-08-05 19:14:14 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-08-03 19:04:10 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-07-30 19:56:46 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-07-29 19:56:46 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2023-07-31 14:07:38 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version. Security intelligence Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Security intelligence Version: 0.0.0.0;0.0.0.0 Engine Version: 0.0.0.0 Date: 2023-06-25 15:32:22 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.391.1857.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23050.3 Error code: 0x80070643 Error description: Fatal error during installation. Date: 2023-06-25 15:32:22 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.391.2598.0 Previous security intelligence Version: 1.391.1857.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.23050.3 Previous Engine Version: 1.1.23050.3 Error code: 0x80501102 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2023-06-25 15:32:22 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.391.2598.0 Previous security intelligence Version: 1.391.1857.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.23050.3 Previous Engine Version: 1.1.23050.3 Error code: 0x80501102 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. CodeIntegrity: =============== Date: 2023-08-07 11:29:20 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2023-08-07 11:24:26 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-08-07 11:18:08 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. 1.20.0 03/08/2023 Motherboard: Dell Inc. 0FK9H3 Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz Percentage of memory in use: 43% Total physical RAM: 16215.92 MB Available physical RAM: 9204.88 MB Total Virtual: 18647.92 MB Available Virtual: 10048.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:461.1 GB) (Free:266.34 GB) (Model: KBG40ZNS512G NVMe KIOXIA 512GB) (Protected) NTFS \\?\Volume{c7235e5c-943b-4583-8a2a-bf8050d16ac4}\ (WINRETOOLS) (Fixed) (Total:1.2 GB) (Free:0.2 GB) NTFS \\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:5.98 GB) NTFS \\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.51 GB) NTFS \\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.05 GB) FAT32 ==================== MBR & Partition Table ==================== ================================================== ======== Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D) Partition: GPT. ==================== End of Addition.txt ===========
|
|
#9
August 8th, 2023, 06:38 PM
|
||||
|
||||
|
First TXT:
FC:\Users\gaele.000\AppData\Local\Google\Chrome\Us er Data\Default\Extensions\noondiphcddnnabmjcihcjfbhf klnnep [2023-06-24] CHR Extension: (Switch to Classic design on Facebook™) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\oancckmjgaoejmbedngcoiakbl hacbog [2023-06-18] CHR Extension: (RocketReach Chrome Extension) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\oiecklaabeielolbliiddlbokp fnmhba [2023-06-24] CHR Extension: (Privacy Test) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pdabfienifkbhoihedcgeogidf mibmhp [2023-06-24] CHR Extension: (Click to start / stop recording) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2023-07-25] CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Guest Profile [2023-08-08] CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\System Profile [2023-08-08] Opera: ======= OPR Profile: C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable [2023-08-08] OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera &ie={inputEncoding}&oe={outputEncoding} OPR DefaultSearchKeyword: Opera Stable -> g OPR Extension: (Rich Hints Agent) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-09] OPR Extension: (Opera Wallet) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-02] OPR Extension: (Aria) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-31] OPR Extension: (opera-intro) - C:\Users\gaele.000\AppData\Local\Programs\Opera\10 0.0.4815.76\resources\opera_intro_extension [2023-07-26] StartMenuInternet: (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000) OperaStable - "C:\Users\gaele.000\AppData\Local\Programs\Opera\L auncher.exe" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe [22224 2023-04-11] (Dell Inc -> Dell INC.) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-05-08] (Dell Inc -> ) R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell) R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\int coed.inf_amd64_5a9d4e2af428d38d\\AS\\IAS\\IntelAud ioService.exe [412160 ] (Intel Corporation -> Intel) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-01] (Malwarebytes Inc. -> Malwarebytes) R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R2 SupportAssistAgent; c:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-24] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [48464 2023-04-11] (Dell Inc. -> Dell Inc.) R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sy s [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKsl7577421d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D7AE43D-4B92-438D-BE7B-DA9702EC047B}\MpKslDrv.sys [221480 2023-08-07] (Microsoft Windows -> Microsoft Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2023-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2023-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-07-24] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-24] (Microsoft Windows -> Microsoft Corporation) S4 DBUtilDrv2; \SystemRoot\System32\drivers\DBUtilDrv2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-08 13:15 - 2023-08-08 13:15 - 002384896 _____ (Farbar) C:\Users\gaele.000\Downloads\FRST64.exe 2023-08-08 13:08 - 2023-08-08 13:08 - 000002084 _____ C:\Users\gaele.000\Documents\cc_20230808_130852.re g 2023-08-08 01:29 - 2023-08-08 08:29 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-08-07 11:34 - 2023-08-08 13:16 - 000041056 _____ C:\Users\gaele.000\Desktop\FRST.txt 2023-08-07 11:33 - 2023-08-08 13:16 - 000000000 ____D C:\FRST 2023-08-06 15:10 - 2023-08-06 15:10 - 002384896 _____ (Farbar) C:\Users\gaele.000\Desktop\FRST64.exe 2023-08-04 04:19 - 2023-08-04 04:19 - 000000000 ____D C:\Windows\Firmware 2023-08-02 14:51 - 2023-08-02 14:51 - 000000000 _____ C:\Users\gaele.000\FLUSHDNA 2023-07-31 18:41 - 2023-07-31 18:41 - 000000000 _____ C:\Users\gaele.000\flushdna' 2023-07-31 16:39 - 2023-07-31 16:39 - 000000000 ____D C:\Users\gaele.000\AppData\Local\ToastNotification ManagerCompat 2023-07-31 16:38 - 2023-07-31 16:38 - 003145080 ____N (OneLaunch ) C:\Users\gaele.000\Downloads\OneLaunch - Manuals_ln2to.exe 2023-07-31 16:33 - 2023-07-31 16:33 - 000393875 _____ C:\Users\gaele.000\Downloads\Oregon Scientific Clock RM308PA User Guide ManualsOnline.com.htm 2023-07-31 16:33 - 2023-07-31 16:33 - 000000000 ____D C:\Users\gaele.000\Downloads\Oregon Scientific Clock RM308PA User Guide ManualsOnline.com_files 2023-07-31 16:31 - 2023-07-31 16:31 - 001084872 _____ () C:\Users\gaele.000\Downloads\mypdfmanager.exe 2023-07-31 15:20 - 2023-07-31 15:20 - 000000306 _____ C:\Users\gaele.000\Downloads\Untitled attachment 00005.htm 2023-07-31 15:20 - 2023-07-31 15:20 - 000000306 _____ C:\Users\gaele.000\Downloads\Untitled attachment 00005(1).htm 2023-07-31 15:16 - 2023-07-31 15:16 - 011866734 _____ C:\Users\gaele.000\Downloads\Chinese Ikea.mp4 2023-07-31 15:16 - 2023-07-31 15:16 - 011866734 _____ C:\Users\gaele.000\Downloads\Chinese Ikea(1).mp4 2023-07-31 14:47 - 2023-07-31 14:47 - 000003568 _____ C:\Users\gaele.000\Documents\cc_20230731_144734.re g 2023-07-18 17:17 - 2023-07-18 17:17 - 000000000 ___HD C:\$WinREAgent 2023-07-15 11:31 - 2023-07-15 11:31 - 001352702 _____ C:\Users\gaele.000\Documents\How To Make A Snuffle Mat - 3 Ways To Make A DIY Snuffle Mat ⋆ Hello Sewing.pdf 2023-07-15 10:29 - 2023-08-08 13:14 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-07-15 10:29 - 2023-08-08 08:29 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-07-15 10:29 - 2023-08-08 08:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-07-15 10:29 - 2023-07-15 10:29 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk 2023-07-15 10:29 - 2023-07-15 10:29 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk 2023-07-15 10:29 - 2023-07-15 10:29 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-07-15 10:29 - 2023-07-15 10:29 - 000000000 ____D C:\Users\gaele.000\Desktop\Old Firefox Data 2023-07-13 09:35 - 2023-07-13 09:35 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Input Method 2023-07-12 17:04 - 2023-07-21 10:59 - 000004752 _____ C:\Users\gaele.000\Documents\2022 and up thru 7-12-23claims .csv 2023-07-12 16:59 - 2023-07-12 16:59 - 000009543 _____ C:\Users\gaele.000\Downloads\claims (6).csv 2023-07-12 13:57 - 2023-08-08 13:07 - 000000000 ____D C:\Program Files (x86)\Google 2023-07-11 12:16 - 2023-07-11 12:16 - 000002870 _____ C:\Users\gaele.000\Downloads\claims (5).csv 2023-07-09 14:46 - 2023-07-09 14:46 - 001390720 _____ C:\Users\gaele.000\Downloads\Winston watching tv with me(1).heic 2023-07-09 14:31 - 2023-07-09 14:31 - 001295802 _____ C:\Users\gaele.000\Downloads\Brenda and Gary (1).mp4 2023-07-09 08:43 - 2023-07-09 08:43 - 000000000 ____D C:\Users\gaele.000\Downloads\takeout-20230620T055001Z-001 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-08 13:07 - 2023-06-18 13:53 - 000000000 ____D C:\Program Files\CCleaner 2023-08-08 13:07 - 2022-01-18 12:59 - 000000000 ____D C:\Windows\SystemTemp 2023-08-08 11:20 - 2023-06-18 11:18 - 000004214 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1687101525 2023-08-08 11:20 - 2023-06-13 09:05 - 000001423 _____ C:\Users\gaele.000\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Opera Browser.lnk 2023-08-08 10:49 - 2023-06-18 11:30 - 000007909 _____ C:\Windows\BRRBCOM.INI 2023-08-08 10:45 - 2023-06-18 02:12 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-08-08 10:45 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-08-08 10:44 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-08 10:20 - 2023-06-18 11:36 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronizatio n-{0416AA07-CBB7-4DFF-9D12-5ABBBA2D12A0} 2023-08-08 03:24 - 2023-06-18 02:12 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-08-08 03:24 - 2023-06-18 02:12 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-08-08 03:24 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-08 03:24 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness 2023-08-07 15:15 - 2023-06-18 11:09 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Malwarebytes 2023-08-07 14:15 - 2023-06-18 04:46 - 000000000 ___RD C:\Users\gaele.000\OneDrive 2023-08-07 11:37 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF 2023-08-06 16:19 - 2023-06-18 06:07 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Word 2023-08-04 15:18 - 2023-06-18 02:22 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI 2023-08-04 15:14 - 2023-06-18 02:12 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-04 15:14 - 2023-06-18 02:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-08-04 15:14 - 2023-06-18 02:12 - 000000000 ____D C:\Intel 2023-08-04 15:14 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState 2023-08-04 15:13 - 2019-12-07 05:03 - 000786432 _____ C:\Windows\system32\config\BBI 2023-08-03 14:06 - 2023-06-18 06:04 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Excel 2023-08-02 15:45 - 2023-06-18 04:47 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3036132105-1439115854-3050649200-1000 2023-08-02 15:45 - 2023-06-18 04:46 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3036132105-1439115854-3050649200-1000 2023-08-02 15:45 - 2023-06-18 02:16 - 000002397 _____ C:\Users\gaele.000\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\OneDrive.lnk 2023-08-02 14:51 - 2023-06-18 02:16 - 000000000 ____D C:\Users\gaele.000 2023-08-02 14:47 - 2023-06-18 04:52 - 000000000 ____D C:\Users\gaele.000\AppData\Local\D3DSCache 2023-08-01 15:33 - 2023-06-26 06:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2023-07-31 16:51 - 2023-06-18 11:31 - 000000000 ____D C:\Users\gaele.000\AppData\Local\CrashDumps 2023-07-31 16:44 - 2020-04-14 14:19 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Offic e 2023-07-31 14:55 - 2023-06-18 00:03 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Packages 2023-07-31 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\registration 2023-07-31 13:19 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\NDF 2023-07-27 18:17 - 2023-06-18 02:05 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2023-07-24 18:07 - 2023-06-18 02:12 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-07-21 10:59 - 2023-06-16 16:08 - 000001269 _____ C:\Users\gaele.000\Documents\presciption claims 2023.csv 2023-07-21 10:59 - 2023-01-18 16:39 - 000003068 _____ C:\Users\gaele.000\Downloads\2022 Prescriptionsummary .CSV 2023-07-19 17:56 - 2023-06-18 13:53 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-07-19 14:23 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp 2023-07-19 10:32 - 2023-06-18 13:53 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-07-19 10:32 - 2023-06-18 13:53 - 000003476 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-07-18 18:14 - 2023-06-18 02:12 - 000436232 _____ C:\Windows\system32\FNTCACHE.DAT 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr 2023-07-18 17:20 - 2023-06-18 02:14 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-07-16 10:24 - 2023-06-18 04:48 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Comms 2023-07-16 09:18 - 2022-11-23 11:43 - 000010601 _____ C:\Users\gaele.000\Documents\Fidelity.xlsx 2023-07-15 10:29 - 2023-06-18 02:23 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Mozilla 2023-07-13 09:00 - 2022-01-20 03:25 - 000000000 ____D C:\ProgramData\Dell 2023-07-12 13:57 - 2023-06-18 02:16 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Google 2023-07-12 13:12 - 2023-06-24 12:47 - 000000000 ____D C:\Users\gaele.000\Downloads\2023 2023-07-12 01:56 - 2023-06-18 02:09 - 000000000 ____D C:\Windows\system32\MRT 2023-07-12 01:34 - 2023-06-18 02:09 - 173351160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-07-11 20:18 - 2023-06-18 02:12 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA 2023-07-11 20:18 - 2023-06-18 02:12 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore ==================== Files in the root of some directories ======== 2023-06-26 06:19 - 2023-06-26 06:19 - 000000373 _____ () C:\Users\gaele.000\AppData\Roaming\SaraBat.bat 2023-06-26 06:19 - 2023-06-26 06:19 - 000196984 _____ (Microsoft Corporation) C:\Users\gaele.000\AppData\Roaming\SetupProd_Act.e xe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
|
|
#10
August 8th, 2023, 06:43 PM
|
||||
|
||||
|
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2023
Ran by gaele (08-08-2023 13:40:24) Running from C:\Users\gaele.000\Desktop Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) (2023-06-18 04:01:21) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3036132105-1439115854-3050649200-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3036132105-1439115854-3050649200-503 - Limited - Disabled) gaele (S-1-5-21-3036132105-1439115854-3050649200-1000 - Administrator - Enabled) => C:\Users\gaele.000 Guest (S-1-5-21-3036132105-1439115854-3050649200-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3036132105-1439115854-3050649200-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform) cnn (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\90da1836a8ef40533bf48bf9527efc67) (Version: 1.0 - Google\Chrome) Dell Digital Delivery (HKLM-x32\...\{7B2D0B6F-F02D-4363-ACDF-00DE6247ACBC}) (Version: 3.5.2015.0 - Dell Products, LP) Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.) Dell SupportAssist Remediation (HKLM\...\{0ACC4393-7CDB-4512-800B-0404A9DF75E6}) (Version: 5.5.6.18729 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{3238f3fe-4c2d-4438-8bfd-e6bb87adb36e}) (Version: 5.5.6.18729 - Dell Inc.) Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.) Dynamic Application Loader Host Interface Service (HKLM\...\{74DF895B-001F-456C-BEA4-9254A3FCC5E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden Google News (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\a0f47c7035a67f4ca3363535fdf90fb6) (Version: 1.0 - Google\Chrome) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Intel(R) Icls (HKLM\...\{8761CF94-4FD5-47A0-9F7F-5F9B23371AB4}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2218.2.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{72F03A9B-21C6-4599-95FC-FFB4D9B7F50C}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{B9C358AF-2012-4BD3-A476-CAFB5761B5BC}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME WMI Provider (HKLM\...\{96EC8F94-3894-4F08-8FEF-227E9F790FFC}) (Version: 1.0.0.0 - Intel Corporation) Hidden Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes) Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.200 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.16626.20134 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\OneDriveSetup.exe) (Version: 23.147.0716.0001 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\d962ca0c921f22d9) (Version: 17.1.268.13 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 116.0.2 (x64 en-US)) (Version: 116.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.0.2 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company) Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company) Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company) Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company) Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company) Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company) Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden Opera Stable 101.0.4843.33 (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Opera 101.0.4843.33) (Version: 101.0.4843.33 - Opera Software) OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9400.1 - Realtek Semiconductor Corp.) Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company) SupportAssist Recovery Assistant (HKLM\...\{0A51D0FA-351E-48E2-98E3-EE1B2B7F5409}) (Version: 5.5.6.18729 - Dell Inc.) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation) Wondershare PDFelement ( Version 9.5.10 ) (HKLM\...\{BC2AC233-DEF1-4D05-B6B8-6B46AA69E885}_is1) (Version: 9.5.10 - Wondershare) Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare) Zoom (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\ZoomUMX) (Version: 5.15.2 (18096) - Zoom Video Communications, Inc.) Packages: ========= AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1. 61781.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.14.4.0_x64__htrsf667h5kn2 [2023-07-31] (Dell Inc) Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86_ _htrsf667h5kn2 [2023-07-31] (Dell Inc) Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_6.19.1.0 _x64__kgqvnymyfvs32 [2023-07-31] (king.com) Find Duplicate Files -> C:\Program Files\WindowsApps\28686TrentTaylor.FindDuplicateFi les_0.0.0.0_x64__jcszgpz62jaz4 [2023-07-31] (Trent Taylor) [MS Ad] IntelŽ Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.5131.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP) [Startup Task] IntelŽ Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.53 1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.50901.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.2 3.19.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.54.0_x64__ sbe4t8mqwq93a [2023-07-31] (NG PDF Lab) [Startup Task] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Studios) [MS Ad] Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2023-07-31] (Waves Audio) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> ) ContextMenuHandlers1: [PDFelement.ContextMenu] -> {ea6c980d-7823-3752-88ac-d43b3a873d20} => C:\Program Files\Common Files\Wondershare\PDFelement9\Shell Extensions\PEShellContextMenu4.exe [2023-06-09] (Wondershare Technology Group Co.,Ltd -> Wondershare) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> ) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\gaele.000\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\you tube music - Search.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=camhhmceiekkpjglehlcmcmaeabmidjn --app-url=hxxps://www.bing.com/search?q=you+tube+music&form=ANSPH1&refig=21b77070 ae5945899c53559d32ef0583&pc=U531 --app-launch-source=4 ==================== Loaded Modules (Whitelisted) ============= 2013-02-23 04:12 - 2013-02-23 04:12 - 000126976 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\CynergySystems.Commons.dll 2013-02-04 15:02 - 2013-02-04 15:02 - 000020992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\LinFu.DynamicProxy.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000031744 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Retlang.dll 2013-02-04 15:02 - 2013-02-04 15:02 - 000245760 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\StructureMap.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 001784832 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.Input.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 002735104 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.Navigatio n.dll 2023-06-18 11:34 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2023-06-18 11:34 - 2005-04-22 00:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll 2023-06-18 09:35 - 2013-02-04 13:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000032768 _____ (broloco) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.LambdaExtensions.dll 2023-06-18 11:34 - 2012-07-13 13:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2023-06-18 11:34 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll 2023-06-18 11:34 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2023-06-18 11:34 - 2012-11-29 19:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2023-06-18 11:30 - 2013-01-30 15:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2023-06-18 11:30 - 2012-12-21 12:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2023-06-18 11:30 - 2012-12-21 12:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2023-06-18 11:30 - 2013-01-18 14:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll 2023-06-18 11:34 - 2012-10-19 08:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000237568 _____ (Eric Woodruff) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\EWSoftware.PDI.Data.dll 2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll 2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000148480 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Microsoft.Windows.Shell.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000050688 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\ShaderEffectLibrary.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000215040 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.OpenXmlRendering .dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000036864 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.XpsRendering.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000057344 _____ (Microsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\TreeListView.dll 2013-02-04 15:02 - 2013-02-04 15:02 - 001761280 _____ (Neat) [File not signed] C:\Program Files (x86)\Neat\exec\sdk3\Neat.V3.Common.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000349184 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Newtonsoft.Json.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000032768 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Iesi.Collections.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000007168 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.ByteCode.LinFu.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 002117632 _____ (NHibernate.org) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NHibernate.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 003219968 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Reporting.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000237056 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.ReportViewer.Wpf.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 002955264 _____ (Telerik) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Telerik.Windows.Controls.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000270336 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\log4net.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000319488 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Lucene.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000012944 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Classification.AutoDo cument.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000036496 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Configuration.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000267920 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.DocumentEngines.Recei pt.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000046224 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.Imaging.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000084112 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.nCapture.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000019600 _____ (The Neat Company -> The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\Neat.SDK.OCR.Net.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000038032 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.AutoDocument.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000201872 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.AutoDocument.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000628368 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Common.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000014480 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Configuration.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000461968 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.DocumentAnalysis.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000061584 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Imaging.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000720016 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Imaging.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000163984 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.nCapture.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000351888 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.nCapture.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000020112 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.OCR.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000097936 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.OCR.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000025744 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Receipt.C.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000498320 _____ (The Neat Company -> The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\qsp\Neat.Receipt.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 006723072 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 000122368 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Models.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000011776 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.PdfExtraction.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 001277952 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatReceipts.Components.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 002075648 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatWorks.CE.Database.dll 2013-02-23 04:11 - 2013-02-23 04:11 - 000042496 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatWorks.Components.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000032768 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\ImageFileInputAd apter\NeatCompany.QuickScan.Inputs.ImageFileInputA dapter.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000122368 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\nCaptureInputAda pter\NeatCompany.QuickScan.Inputs.nCaptureInputAda pter.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000033792 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\PdfFileInputAdap ter\NeatCompany.QuickScan.Inputs.PdfFileInputAdapt er.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000018944 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\InputAdapters\PrinterInputAdap ter\NeatCompany.NeatWorks.PrinterInputAdapter.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000139776 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\NeatCompany.QuickScan.Core.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000034304 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\NeatCompany.QuickScan.Interfac es.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000033792 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\ImageFileOutput Adapter\NeatCompany.QuickScan.Outputs.ImageFileOut putAdapter.dll 2013-02-23 04:12 - 2013-02-23 04:12 - 000074240 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\NeatOutputAdapt er\NeatCompany.QuickScan.Outputs.NeatOutputAdapter .dll 2012-07-11 20:15 - 2012-07-11 20:15 - 000034816 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\qsp\OutputAdapters\PdfFileOutputAd apter\NeatCompany.QuickScan.Outputs.PdfFileOutputA dapter.dll 2013-02-04 15:02 - 2013-02-04 15:02 - 000022528 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\sdk3\Neat.SDK.V3.Configuration.Net .dll 2013-02-04 15:02 - 2013-02-04 15:02 - 000038400 _____ (The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\sdk3\Neat.V3.Configuration.C.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000102400 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Compression.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000122880 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.FileSystem.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000167936 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Wpf.Controls.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 003133440 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Wpf.DataGrid.dll 2013-02-04 15:01 - 2013-02-04 15:01 - 000196608 _____ (Xceed Software Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\Xceed.Zip.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\gaele.000\Downloads\iTunes64Setup.exe:MBA M.Zone.Identifier [231] AlternateDataStreams: C:\Users\gaele.000\Downloads\tunesgo_setup_full271 0.exe:MBAM.Zone.Identifier [100] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed] Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele.000\AppData\Local\Microsoft\Windows \Themes\RoamedThemeFiles\DesktopBackground\venice 6.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Host => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "BrHelp" HKLM\...\StartupApproved\Run32: => "IndexSearch" HKLM\...\StartupApproved\Run32: => "PaperPort PTD" HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\StartupApproved\StartupFolder: => "OneLaunch.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2AF92735-E52F-4235-9913-E08836D3FF56}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{55FDDF1A-F12D-4878-82DE-4AB319A7F034}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A454FC25-CE19-4694-897B-1801072D6BA9}] => (Allow) D:\AUTORUN.EXE => No File FirewallRules: [{4389B8DD-720B-4E23-811B-798229D12A58}] => (Allow) D:\AUTORUN.EXE => No File FirewallRules: [{D886C8C5-B744-407D-87CC-584E96F5B010}] => (Allow) D:\AUTORUN.EXE => No File FirewallRules: [{1E3D2CB2-01F2-490F-A1B5-6CB666AABE1C}] => (Allow) D:\AUTORUN.EXE => No File FirewallRules: [{8809C457-E45C-4D6A-B383-BF8D38400247}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed] FirewallRules: [{FDBA6ECB-F610-48B1-9BFA-90BACB968066}] => (Allow) LPort=54925 FirewallRules: [TCP Query User{8438EDCD-56B8-4F9A-8EAE-0E2BA1375187}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software) FirewallRules: [UDP Query User{E5A5ED5A-2740-4BF3-B955-A8C739BB9659}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software) FirewallRules: [TCP Query User{AAD2956C-1729-472F-9448-00ED8E39941C}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software) FirewallRules: [UDP Query User{EA6B6508-1D7C-46B0-B095-42448D084FE7}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software) FirewallRules: [{25280E73-70BA-47BC-BA79-782371C3803F}] => (Allow) C:\Users\gaele.000\AppData\Roaming\Zoom\bin\Zoom.e xe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{13D17F2B-328C-4B26-990A-83F04653823D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C82BEFDC-D688-4604-8AD1-5573C355D81E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{91D0B12C-65CC-4E0B-8524-831A722CE131}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A96DA85B-0FC1-40FE-8702-72D3661DDA8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6D2299D1-A56B-479D-91DE-05629309F22D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D2F34186-5AFB-4C2A-87A1-DBAAD106C052}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B20CD597-E92A-42E9-B7F1-EB8C6A4209A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{11222815-A0C1-4ECF-81D8-C5DBF3D792BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8CA33CEE-E480-4A86-AD6B-1072592E4957}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C7B883F6-37E3-405A-97E2-47994D3D359E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{FD149D9B-6E79-40C7-9243-AF384C86253F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9EC98D8E-C2B9-4A9B-88BA-EB9D0A061564}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{81F6D74F-DF02-466B-BCFB-00A2FFCF445E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7AEE4769-6126-433C-BC2D-67C1E9C4DEE9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901 .188\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 19-07-2023 22:03:59 July 19 2023 after resetting a few week s ago. 27-07-2023 04:11:02 Scheduled Checkpoint 31-07-2023 13:54:59 Restore Operation 08-08-2023 03:14:29 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-KJSDKU5.local already in use; will try DESKTOP-KJSDKU5-2.local instead Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-KJSDKU5.local. Addr 192.168.0.15 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA FE80:0000:0000:0000:5976:FB70:E481:2085 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:84B4:5076:A62C:8714 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.15:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67 Error: (08/02/2023 04:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:2CB7:A727 BFB:58B3System errors: ============= Error: (08/03/2023 08:07:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (08/02/2023 04:08:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {348f0158-26b9-484f-86ee-822da5ef551e}, had event 74 Error: (07/31/2023 02:42:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Mozilla Maintenance Service service terminated with the following error: Incorrect function. Error: (07/31/2023 12:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (07/29/2023 12:27:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (07/27/2023 01:33:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (07/25/2023 04:04:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (07/23/2023 06:07:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Windows Defender: ================ Date: 2023-08-07 19:14:17 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-08-06 18:38:12 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-08-05 19:14:14 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-08-03 19:04:10 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-07-30 19:56:46 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2023-07-31 14:07:38 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version. Security intelligence Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Security intelligence Version: 0.0.0.0;0.0.0.0 Engine Version: 0.0.0.0 Date: 2023-06-25 15:32:22 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.391.1857.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23050.3 Error code: 0x80070643 Error description: Fatal error during installation. Date: 2023-06-25 15:32:22 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.391.2598.0 Previous security intelligence Version: 1.391.1857.0 Update Source: User Security intelligence Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.23050.3 Previous Engine Version: 1.1.23050.3 Error code: 0x80501102 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2023-06-25 15:32:22 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: 1.391.2598.0 Previous security intelligence Version: 1.391.1857.0 Update Source: User Security intelligence Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.23050.3 Previous Engine Version: 1.1.23050.3 Error code: 0x80501102 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. CodeIntegrity: =============== Date: 2023-08-08 13:30:58 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2023-08-08 13:22:18 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: Dell Inc. 1.20.0 03/08/2023 Motherboard: Dell Inc. 0FK9H3 Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz Percentage of memory in use: 62% Total physical RAM: 16215.92 MB Available physical RAM: 6127.26 MB Total Virtual: 18647.92 MB Available Virtual: 5389.63 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:461.1 GB) (Free:265.52 GB) (Model: KBG40ZNS512G NVMe KIOXIA 512GB) (Protected) NTFS \\?\Volume{c7235e5c-943b-4583-8a2a-bf8050d16ac4}\ (WINRETOOLS) (Fixed) (Total:1.2 GB) (Free:0.2 GB) NTFS \\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:5.98 GB) NTFS \\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.51 GB) NTFS \\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.05 GB) FAT32 ==================== MBR & Partition Table ==================== ================================================== ======== Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D) Partition: GPT. ==================== End of Addition.txt =======================
|
Med problems
|
#14
August 14th, 2023, 01:57 PM
|
||||
|
||||
|
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2023
Ran by gaele (administrator) on DESKTOP-KJSDKU5 (Dell Inc. Inspiron 5490 AIO) (14-08-2023 08:30:01) Running from C:\Users\gaele.000\Desktop\FRST64(1).exe Loaded Profiles: gaele Platform: Microsoft Windows 10 Home Version 22H2 19045.3324 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHu b.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHu b.Instrumentation.UserProcess.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury. API.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Anal ytics.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.Da taManager.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Di agnostics.SubAgent.exe (C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHu b.Instrumentation.SubAgent.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe (DriverStore\FileRepository\cui_dch.inf_amd64_7208 949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_7208949846a9b9dc\igfxEM.exe (explorer.exe ->) (614A9D21-6F29-4C9D-9F7D-FF59321D9E5F -> ) C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.54.0_x64__ sbe4t8mqwq93a\FileWatcher\FileWatcher.exe (explorer.exe ->) (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <23> (explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_cc5d5bc621122d7c\WavesSvc64.exe (explorer.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\Wondershare PDFelement for Windows (CPC)\PENotify.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <28> (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe (services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe (services.exe ->) (Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ias torac.inf_amd64_d6e4236a0f82e7b4\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igc c_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinSe rvice.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_1840c0e85c622882\IntelCpHDCPSvc.ex e (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_1840c0e85c622882\IntelCpHeciSvc.ex e (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mew miprov.inf_amd64_d4564390a9b1e980\WMIRegistrationS ervice.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\int coed.inf_amd64_5a9d4e2af428d38d\AS\IAS\IntelAudioS ervice.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal .inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms .inf_amd64_dd349ca1e8d98184\LMS.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe (services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\rea ltekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUServ ice64.exe <3> (services.exe ->) (The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (services.exe ->) (Two Pilots) [File not signed] C:\Windows\VPDAgent_x64.exe (services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_cc5d5bc621122d7c\WavesSysSvc64. exe (services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.21534.0_x64__8wekyb3d8bbwe\HxOutlo ok.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_16005.14326.21534.0_x64__8wekyb3d8bbwe\HxTsr.e xe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.82 3.3261.0_x64__8wekyb3d8bbwe\GameBar.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.82 3.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_ x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\rea ltekservice.inf_amd64_b8f1bff0e3af96f2\RtkAudUServ ice64.exe [1594232 2022-08-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_cc5d5bc621122d7c\WavesSvc64.exe [4653240 2022-07-22] (Waves Inc -> Waves Audio Ltd.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [File not signed] HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Run: [Opera Stable] => C:\Users\gaele.000\AppData\Local\Programs\Opera\la uncher.exe [2730912 2023-08-02] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation) HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41572768 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\MountPoints2: {2524ba2f-12b0-11ee-8cbe-84c5a6b2f281} - "D:\LaunchU3.exe" -a HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\MountPoints2: {2684a1d4-0da4-11ee-8cba-a4bb6d40d396} - "D:\setup.EXE" /AUTORUN HKLM\...\Print\Monitors\sdtnm: C:\Windows\system32\sdtnpm.dll [54784 2013-02-04] () [File not signed] HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\PEPrinterMonitor.dll [292592 2023-05-26] (Wondershare Technology Group Co.,Ltd -> Wondershare Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [Neat ADF Scanner 2008] -> reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f HKLM\Software\Microsoft\Active Setup\Installed Components: [Send To Neat] -> reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wondershare PEScreenshot.lnk [2023-06-27] ShortcutTarget: Wondershare PEScreenshot.lnk -> C:\Program Files\Wondershare\Wondershare PDFelement for Windows (CPC)\PENotify.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wondershare PEToolbox.lnk [2023-06-27] ShortcutTarget: Wondershare PEToolbox.lnk -> C:\Program Files\Wondershare\Wondershare PDFelement for Windows (CPC)\PENotify.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {BC2372A3-3323-46EE-A40B-42054E0B4C29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {BBD9AFDF-3DCC-4A16-9BA1-5E6C30BEC8F0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {12EDFE47-8E4D-4696-B852-BE349A0761F6} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "02ba5822-d03d-4142-a4cd-d5d8114a1b63" --version "6.14.10584" --silent Task: {E52D2610-BDF7-48A5-977E-B84E074CC80E} - System32\Tasks\CCleanerSkipUAC - gaele => C:\Program Files\CCleaner\CCleaner.exe [34677664 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {959F8DA3-630B-4467-B812-EE6A02C5D2BA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => c:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\ SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.) Task: {72476E7D-B3E5-43E0-A7A9-034514B95F06} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {200D4811-93C7-4793-B76D-0BBADE138476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {10E03BBA-5B01-442E-90EC-0A19F5780AE3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124312 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {351F1896-5E1E-4BCE-8F5C-9F96EDF507C8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124312 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Task: {9DD3A2EC-9A50-4A27-884C-251DA38EB9DE} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc Task: {9DD3A2EC-9A50-4A27-884C-251DA38EB9DE} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f oScheduledTelemetryRunTask: {9DD3A2EC-9A50-4A27-884C-251DA38EB9DE} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData Task: {0219847F-5C6F-4DFF-94CD-753D6F09BEE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CE418E94-F7BF-4201-BEFB-FF51E92CB5BE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8B151025-97E3-4660-8DD9-CDF7BC5EB8C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F107FCF7-30EF-468F-B1A3-46C59815C3D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {738017E9-EC66-4F47-A7F3-9C496A8C5ACA} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-08] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump :5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundup date.moz_log --backgroundtask backgroundupdate Task: {35954901-EE89-4316-BFA3-AC2037A3B067} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-08] (Mozilla Corporation -> Mozilla Foundation) Task: {0165BDAC-8546-4B68-8EB1-3ED199EDACA3} - System32\Tasks\Opera scheduled Autoupdate 1687101525 => C:\Users\gaele.000\AppData\Local\Programs\Opera\la uncher.exe [2730912 2023-08-02] (Opera Norway AS -> Opera Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{5d3dae05-7f58-4b59-a82b-1eff2018dd0f}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{b90108dc-e04b-433c-845e-39cb3cf7d5d9}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default [2023-08-14] Edge HomePage: Default -> hxxps://www.ighome.com/ Edge StartupUrls: Default -> "hxxp://www.ighome.com/" Edge NewTab: Default -> Not-active:"chrome-extension://fbnocjfjcbbminbfklpioinjjofkobom/newtab.html" Edge DefaultSearchURL: Default -> hxxps://www.searchwithouthistorysearch.com/search/?category=web&s=eepr&vert=private&q={searchTerms} Edge DefaultSearchKeyword: Default -> Search With Incognito Edge DefaultSuggestURL: Default -> hxxps://sug.searchwithouthistorysearch.com/v1/sug/?yid=eepr&vert=private&q={searchTerms} Edge Extension: (Google Translate) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb [2023-06-18] Edge Extension: (Old Layout for Facebook) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\abmkkackbbimmdbfjdilpnfaeg aeagge [2023-06-18] Edge Extension: (Search With Incognito) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\aegpbigghghmkomaolphakjjpp nebdhb [2023-06-18] Edge Extension: (PDF to JPG ) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ahhondajieaabnhicjkpnhdmdj jdinhe [2023-06-18] Edge Extension: (GIPHY for Gmail) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\andgibkjiikabclfdkecpmdkfa npdapf [2023-06-18] Edge Extension: (LastPass: Free Password Manager) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmm ooekmp [2023-07-18] Edge Extension: (Pinterest Save Button) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\bkgoflemacdadndiohhdnphcmd hacabg [2023-06-18] Edge Extension: (Gmail Screenshot by cloudHQ) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\boepdnhlmfleonjnaoaemgcggp poikog [2023-06-18] Edge Extension: (EnoŽ from Capital OneŽ) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\clmkdohmabikagpnhjmgacbcli hgmdje [2023-08-10] Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeac pdfbkd [2023-07-26] Edge Extension: (YT-Nonstop) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ddobgngkifgapahlheghhckckk cgpikf [2023-06-18] Edge Extension: (PDF to JPG Converter) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\dkmiiopgdgoencflajlbmplble oafdmd [2023-07-11] Edge Extension: (New Tab for Google Workspace™) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ehpgcagmhpndkmglombjndkdmg gkgnge [2023-06-18] Edge Extension: (Keepa - Amazon Price Tracker) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ejefaeioamebhekmfaclajddbp nnobje [2023-06-18] Edge Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\elhekieabhbkpmcefcoobjddig jcaadp [2023-07-26] Edge Extension: (Online Manuals App) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\fbnocjfjcbbminbfklpioinjjo fkobom [2023-06-18] Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\fdpohaocaechififmbbbbbknoa lclacl [2023-07-15] Edge Extension: (Google Docs Offline) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2023-07-19] Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\gmmlpenookphoknnpfilofakgh emolmg [2023-07-26] Edge Extension: (Mileage Calculator by wheretocredit.com) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\gomddcmabinakjildbgfoabbia kfkkfk [2023-06-18] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2023-08-01] Edge Extension: (Organize Downloads by Date) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ipjljbilkibpncgnagphiamkkd ilbbki [2023-06-18] Edge Extension: (Routora - Google Maps Route Optimization) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jdddfnfohdeaklgkpglonlofga pjgfbp [2023-06-18] Edge Extension: (RetailMeNot Deal Finder™️) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jjfblogammkiefalfpafidabbn amoknm [2023-06-18] Edge Extension: (SwagButton) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jkdkbjmbppokkkjhedmhpmdjbc kelnen [2023-07-22] Edge Extension: (Edge relevant text changes) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkg hcpiha [2023-08-08] Edge Extension: (Startpage - English) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\jogphcaagccljpbnoddeknjjng efidmm [2023-06-18] Edge Extension: (ShopSavvy) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\kfgplddboijhggifoobffajcpk mhalaa [2023-06-18] Edge Extension: (Capital One Shopping: Add to Edge for Free) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikf cefljn [2023-07-31] Edge Extension: (Fuel Cost for Google Maps™) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\kjeednpebhfpkojegkfmdlgkok kafocd [2023-06-18] Edge Extension: (Weather Forecast powered by AccuWeather) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\lcpfjmblaenhkgmejbafmemkge cheono [2023-06-18] Edge Extension: (RocketReach Edge Extension - Find any Email) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\ldjlhlheoidifojmfkjfijmdhl agakni [2023-06-18] Edge Extension: (Copy me that!) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\lkmcogbnaohagegccoghdcjmgd ibjfig [2023-06-18] Edge Extension: (Social tools) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\llbdoljkknpjgfcnbnoiehjcga ncpjmd [2023-06-18] Edge Extension: (RSS Subscription Extension (by Google)) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmm mcbfjd [2023-06-18] Edge Extension: (Click to start / stop recording) - C:\Users\gaele.000\AppData\Local\Microsoft\Edge\Us er Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2023-08-04]
|
|
#15
August 14th, 2023, 02:01 PM
|
||||
|
||||
|
Part 2 of 1st Txt
FireFox: ======== FF DefaultProfile: lj4dlij7.default FF ProfilePath: C:\Users\gaele.000\AppData\Roaming\Mozilla\Firefox \Profiles\lj4dlij7.default [2023-06-18] FF ProfilePath: C:\Users\gaele.000\AppData\Roaming\Mozilla\Firefox \Profiles\0o7zajg2.default-release-1689431361204 [2023-08-14] FF Notifications: Mozilla\Firefox\Profiles\0o7zajg2.default-release-1689431361204 -> hxxps://calendar.google.com FF Extension: (LastPass: Free Password Manager) - C:\Users\gaele.000\AppData\Roaming\Mozilla\Firefox \Profiles\0o7zajg2.default-release-1689431361204\Extensions\support@lastpass.com.xpi [2023-07-26] FF Extension: (EnoŽ from Capital OneŽ) - C:\Users\gaele.000\AppData\Roaming\Mozilla\Firefox \Profiles\0o7zajg2.default-release-1689431361204\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2023-08-05] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default [2023-08-14] CHR HomePage: Default -> hxxp://www.ighome.com/ CHR StartupUrls: Default -> "hxxp://www.ighome.com/" CHR Extension: (Google Translate) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb [2023-06-24] CHR Extension: (Old Layout for Facebook) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\abmkkackbbimmdbfjdilpnfaeg aeagge [2023-06-24] CHR Extension: (Search With Incognito) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\aegpbigghghmkomaolphakjjpp nebdhb [2023-06-24] CHR Extension: (GIPHY for Gmail) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\andgibkjiikabclfdkecpmdkfa npdapf [2023-06-24] CHR Extension: (PDF to JPG ) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bemoeohlphdgcjkaihajafjokc dcaipd [2023-06-24] CHR Extension: (Earth View from Google Earth) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bhloflhklmhfpedakmangadcdo fhnnoh [2023-06-24] CHR Extension: (DuckDuckGo) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggd iikppg [2023-07-14] CHR Extension: (Gmail Screenshot by cloudHQ) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\boepdnhlmfleonjnaoaemgcggp poikog [2023-06-24] CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\chhjbpecpncaggjpdakmflnfco pglcmi [2023-07-25] CHR Extension: (EnoŽ from Capital OneŽ) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\clmkdohmabikagpnhjmgacbcli hgmdje [2023-07-12] CHR Extension: (Weather Forecast powered by AccuWeather) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\conoiojhfhpoboccndegeemkpg kcnkoe [2023-06-18] CHR Extension: (PDF to JPG Converter) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\dkmiiopgdgoencflajlbmplble oafdmd [2023-07-12] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2023-06-18] CHR Extension: (New Tab for Google Workspace™) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ehpgcagmhpndkmglombjndkdmg gkgnge [2023-06-24] CHR Extension: (Online Manuals App) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\fbnocjfjcbbminbfklpioinjjo fkobom [2023-06-24] CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\fdpohaocaechififmbbbbbknoa lclacl [2023-07-15] CHR Extension: (Startpage - English) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\fgmjlmbojbkmdpofahffgcpkhk ngfpef [2023-06-24] CHR Extension: (Total Adblock - Ad Blocker) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\gekdekpbfehejjiecgonmgmepb dnaggp [2023-07-21] CHR Extension: (The Camelizer) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ghnomdcacenbmilgjigehppbam fndblo [2023-06-18] CHR Extension: (SwagButton) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjl fgdemm [2023-07-21] CHR Extension: (Pinterest Save Button) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmk opogic [2023-06-24] CHR Extension: (LastPass: Free Password Manager) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\hdokiejnpimakedhajhdlcegep lioahd [2023-07-19] CHR Extension: (mysms - SMS from Computer) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnoko lhblgb [2023-06-24] CHR Extension: (Kindle Cloud Reader) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjj eneebd [2023-06-24] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2023-07-19] CHR Extension: (Organize Downloads by Date) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ipjljbilkibpncgnagphiamkkd ilbbki [2023-06-24] CHR Extension: (Routora - Google Maps Route Optimization) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\jdddfnfohdeaklgkpglonlofga pjgfbp [2023-06-24] CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobk ghlhen [2023-07-25] CHR Extension: (Fuel Cost for Google Maps™) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\kjeednpebhfpkojegkfmdlgkok kafocd [2023-06-24] CHR Extension: (Copy me that!) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\lgjinjcobiflbbnhenlfkcjpee acklfl [2023-06-24] CHR Extension: (Social tools) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\llbdoljkknpjgfcnbnoiehjcga ncpjmd [2023-06-24] CHR Extension: (Classic Blue Theme) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\maejegjiekmgjakcgkdkjgjoif hihekp [2023-07-12] CHR Extension: (ShopSavvy) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\megchchilhekbbnfcklodmndef bhkbco [2023-06-24] CHR Extension: (ZIP Extractor) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\mmfcakoljjhncfphlflcedhgog fhpbcd [2023-06-24] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\neebplgakaahbhdphmkckjjceg oiijjo [2023-06-24] CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nenlahapcbofgnanklpelkaejc ehkggg [2023-07-22] CHR Extension: (YouTube NonStop) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nlkaejimjacpillmajjnopmpbk bnocid [2023-06-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2023-06-18] CHR Extension: (Password Alert) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\noondiphcddnnabmjcihcjfbhf klnnep [2023-06-24] CHR Extension: (Switch to Classic design on Facebook™) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\oancckmjgaoejmbedngcoiakbl hacbog [2023-06-18] CHR Extension: (RocketReach Chrome Extension) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\oiecklaabeielolbliiddlbokp fnmhba [2023-06-24] CHR Extension: (Privacy Test) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pdabfienifkbhoihedcgeogidf mibmhp [2023-06-24] CHR Extension: (Click to start / stop recording) - C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2023-07-25] CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\Guest Profile [2023-08-14] CHR Profile: C:\Users\gaele.000\AppData\Local\Google\Chrome\Use r Data\System Profile [2023-08-14] Opera: ======= OPR Profile: C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable [2023-08-14] OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera &ie={inputEncoding}&oe={outputEncoding} OPR DefaultSearchKeyword: Opera Stable -> g OPR Extension: (Rich Hints Agent) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-09] OPR Extension: (Opera Wallet) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-02] OPR Extension: (Aria) - C:\Users\gaele.000\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-31] OPR Extension: (opera-intro) - C:\Users\gaele.000\AppData\Local\Programs\Opera\10 1.0.4843.33\resources\opera_intro_extension [2023-08-08] StartMenuInternet: (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000) OperaStable - "C:\Users\gaele.000\AppData\Local\Programs\Opera\L auncher.exe" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-01] (Microsoft Corporation -> Microsoft Corporation) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe [22224 2023-04-11] (Dell Inc -> Dell INC.) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-05-08] (Dell Inc -> ) R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell) R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\int coed.inf_amd64_5a9d4e2af428d38d\\AS\\IAS\\IntelAud ioService.exe [412160 ] (Intel Corporation -> Intel) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-01] (Malwarebytes Inc. -> Malwarebytes) R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R2 SupportAssistAgent; c:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [48464 2023-04-11] (Dell Inc. -> Dell Inc.) R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sy s [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKsl2bc3e408; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA20B44C-2F92-4DDB-9D98-F83F9F9C326B}\MpKslDrv.sys [222464 2023-08-14] (Microsoft Windows -> Microsoft Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2023-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55704 2023-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572656 2023-08-09] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-09] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-14 07:47 - 2023-08-14 07:47 - 002385408 _____ (Farbar) C:\Users\gaele.000\Desktop\FRST64(1).exe 2023-08-10 15:30 - 2023-08-10 15:42 - 000152964 _____ C:\Users\gaele.000\Downloads\lastpass_export.csv 2023-08-09 15:49 - 2023-08-09 15:49 - 017220199 _____ C:\Users\gaele.000\Downloads\Insanity at its finest.mp4 2023-08-09 13:16 - 2023-08-09 13:16 - 000009971 _____ C:\Users\gaele.000\Downloads\claims(1).csv 2023-08-08 20:56 - 2023-08-08 20:56 - 001295802 _____ C:\Users\gaele.000\Downloads\Brenda and Gary (1)(2).mp4 2023-08-08 20:56 - 2023-08-08 20:56 - 001295802 _____ C:\Users\gaele.000\Downloads\Brenda and Gary (1)(1).mp4 2023-08-08 20:26 - 2023-08-08 20:26 - 006393006 _____ C:\Users\gaele.000\Downloads\Les plaisirs de la technologie(1).mp4 2023-08-08 18:18 - 2023-08-08 18:18 - 000000000 ___HD C:\$WinREAgent 2023-08-08 13:18 - 2023-08-14 07:57 - 000035618 _____ C:\Users\gaele.000\Desktop\Addition.txt 2023-08-08 13:15 - 2023-08-08 13:15 - 002384896 _____ (Farbar) C:\Users\gaele.000\Downloads\FRST64.exe 2023-08-08 13:08 - 2023-08-08 13:08 - 000002084 _____ C:\Users\gaele.000\Documents\cc_20230808_130852.re g 2023-08-08 01:29 - 2023-08-10 15:44 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-08-07 11:34 - 2023-08-14 08:30 - 000041685 _____ C:\Users\gaele.000\Desktop\FRST.txt 2023-08-07 11:33 - 2023-08-14 08:30 - 000000000 ____D C:\FRST 2023-08-04 04:19 - 2023-08-04 04:19 - 000000000 ____D C:\Windows\Firmware 2023-08-02 14:51 - 2023-08-02 14:51 - 000000000 _____ C:\Users\gaele.000\FLUSHDNA 2023-07-31 18:41 - 2023-07-31 18:41 - 000000000 _____ C:\Users\gaele.000\flushdna' 2023-07-31 16:39 - 2023-07-31 16:39 - 000000000 ____D C:\Users\gaele.000\AppData\Local\ToastNotification ManagerCompat 2023-07-31 16:38 - 2023-07-31 16:38 - 003145080 ____N (OneLaunch ) C:\Users\gaele.000\Downloads\OneLaunch - Manuals_ln2to.exe 2023-07-31 16:33 - 2023-07-31 16:33 - 000393875 _____ C:\Users\gaele.000\Downloads\Oregon Scientific Clock RM308PA User Guide ManualsOnline.com.htm 2023-07-31 16:33 - 2023-07-31 16:33 - 000000000 ____D C:\Users\gaele.000\Downloads\Oregon Scientific Clock RM308PA User Guide ManualsOnline.com_files 2023-07-31 16:31 - 2023-07-31 16:31 - 001084872 _____ () C:\Users\gaele.000\Downloads\mypdfmanager.exe 2023-07-31 15:20 - 2023-07-31 15:20 - 000000306 _____ C:\Users\gaele.000\Downloads\Untitled attachment 00005.htm 2023-07-31 15:20 - 2023-07-31 15:20 - 000000306 _____ C:\Users\gaele.000\Downloads\Untitled attachment 00005(1).htm 2023-07-31 15:16 - 2023-07-31 15:16 - 011866734 _____ C:\Users\gaele.000\Downloads\Chinese Ikea.mp4 2023-07-31 15:16 - 2023-07-31 15:16 - 011866734 _____ C:\Users\gaele.000\Downloads\Chinese Ikea(1).mp4 2023-07-31 14:47 - 2023-07-31 14:47 - 000003568 _____ C:\Users\gaele.000\Documents\cc_20230731_144734.re g 2023-07-15 11:31 - 2023-07-15 11:31 - 001352702 _____ C:\Users\gaele.000\Documents\How To Make A Snuffle Mat - 3 Ways To Make A DIY Snuffle Mat ⋆ Hello Sewing.pdf 2023-07-15 10:29 - 2023-08-14 08:28 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-07-15 10:29 - 2023-08-10 15:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-07-15 10:29 - 2023-08-08 08:29 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-07-15 10:29 - 2023-07-15 10:29 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk 2023-07-15 10:29 - 2023-07-15 10:29 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk 2023-07-15 10:29 - 2023-07-15 10:29 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-07-15 10:29 - 2023-07-15 10:29 - 000000000 ____D C:\Users\gaele.000\Desktop\Old Firefox Data ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-08-14 08:18 - 2023-06-18 00:03 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Packages 2023-08-14 08:18 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-14 08:18 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\AppReadiness 2023-08-14 08:16 - 2023-06-18 13:53 - 000000000 ____D C:\Program Files\CCleaner 2023-08-14 08:16 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-14 08:07 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-08-14 08:03 - 2023-06-18 11:09 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Malwarebytes 2023-08-14 07:50 - 2023-06-18 02:22 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI 2023-08-14 07:50 - 2019-12-07 05:13 - 000000000 ____D C:\Windows\INF 2023-08-14 07:46 - 2023-06-26 05:32 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Apps\2.0 2023-08-14 07:46 - 2023-06-18 04:46 - 000000000 ___RD C:\Users\gaele.000\OneDrive 2023-08-14 07:46 - 2023-06-18 02:12 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-14 07:46 - 2023-06-18 02:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-08-14 07:46 - 2023-06-18 02:12 - 000000000 ____D C:\Intel 2023-08-14 07:46 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\ServiceState 2023-08-14 07:45 - 2019-12-07 05:03 - 000786432 _____ C:\Windows\system32\config\BBI 2023-08-14 07:14 - 2023-06-18 02:12 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-08-14 05:25 - 2023-06-18 11:36 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronizatio n-{0416AA07-CBB7-4DFF-9D12-5ABBBA2D12A0} 2023-08-13 23:12 - 2023-06-18 11:30 - 000007909 _____ C:\Windows\BRRBCOM.INI 2023-08-11 12:24 - 2023-06-18 02:12 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-08-11 12:24 - 2023-06-18 02:12 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-08-11 10:04 - 2023-06-24 12:47 - 000000000 ____D C:\Users\gaele.000\Downloads\2023 2023-08-10 16:20 - 2023-06-18 04:47 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3036132105-1439115854-3050649200-1000 2023-08-10 16:20 - 2023-06-18 04:46 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3036132105-1439115854-3050649200-1000 2023-08-10 16:20 - 2023-06-18 02:16 - 000002397 _____ C:\Users\gaele.000\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\OneDrive.lnk 2023-08-10 15:53 - 2019-12-07 05:03 - 000000000 ____D C:\Windows\CbsTemp 2023-08-10 15:44 - 2023-06-18 02:12 - 000436232 _____ C:\Windows\system32\FNTCACHE.DAT 2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SystemResources 2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\setup 2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\bcastdvr 2023-08-10 15:43 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\appcompat 2023-08-10 15:42 - 2023-06-18 06:04 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Excel 2023-08-10 15:35 - 2023-06-18 06:07 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Word 2023-08-10 08:22 - 2023-06-18 11:09 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2023-08-09 18:28 - 2023-06-18 02:12 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-08-09 03:14 - 2023-06-18 04:52 - 000000000 ____D C:\Users\gaele.000\AppData\Local\D3DSCache 2023-08-08 18:22 - 2023-06-18 02:14 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-08-08 18:17 - 2023-06-18 02:09 - 000000000 ____D C:\Windows\system32\MRT 2023-08-08 18:05 - 2023-06-18 02:09 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-08-08 13:07 - 2023-07-12 13:57 - 000000000 ____D C:\Program Files (x86)\Google 2023-08-08 13:07 - 2022-01-18 12:59 - 000000000 ____D C:\Windows\SystemTemp 2023-08-08 11:20 - 2023-06-18 11:18 - 000004214 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1687101525 2023-08-08 11:20 - 2023-06-13 09:05 - 000001423 _____ C:\Users\gaele.000\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Opera Browser.lnk 2023-08-02 14:51 - 2023-06-18 02:16 - 000000000 ____D C:\Users\gaele.000 2023-08-01 15:33 - 2023-06-26 06:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2023-07-31 16:51 - 2023-06-18 11:31 - 000000000 ____D C:\Users\gaele.000\AppData\Local\CrashDumps 2023-07-31 16:44 - 2020-04-14 14:19 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Microsoft\Offic e 2023-07-31 13:57 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\registration 2023-07-31 13:19 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\NDF 2023-07-27 18:17 - 2023-06-18 02:05 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2023-07-21 10:59 - 2023-07-12 17:04 - 000004752 _____ C:\Users\gaele.000\Documents\2022 and up thru 7-12-23claims .csv 2023-07-21 10:59 - 2023-06-16 16:08 - 000001269 _____ C:\Users\gaele.000\Documents\presciption claims 2023.csv 2023-07-21 10:59 - 2023-01-18 16:39 - 000003068 _____ C:\Users\gaele.000\Downloads\2022 Prescriptionsummary .CSV 2023-07-19 17:56 - 2023-06-18 13:53 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-07-19 10:32 - 2023-06-18 13:53 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-07-19 10:32 - 2023-06-18 13:53 - 000003476 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-07-18 18:13 - 2019-12-07 05:14 - 000000000 ____D C:\Windows\system32\oobe 2023-07-16 10:24 - 2023-06-18 04:48 - 000000000 ____D C:\Users\gaele.000\AppData\Local\Comms 2023-07-16 09:18 - 2022-11-23 11:43 - 000010601 _____ C:\Users\gaele.000\Documents\Fidelity.xlsx 2023-07-15 10:29 - 2023-06-18 02:23 - 000000000 ____D C:\Users\gaele.000\AppData\Roaming\Mozilla ==================== Files in the root of some directories ======== 2023-06-26 06:19 - 2023-06-26 06:19 - 000000373 _____ () C:\Users\gaele.000\AppData\Roaming\SaraBat.bat 2023-06-26 06:19 - 2023-06-26 06:19 - 000196984 _____ (Microsoft Corporation) C:\Users\gaele.000\AppData\Roaming\SetupProd_Act.e xe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 02:04 PM.