Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop running very slow

Started by busdriver12 , Mar 29 2025 08:34 PM

  • Please log in to reply

#1
busdriver12
Posted 29 March 2025 - 08:34 PM

busdriver12

    Member

  • Member
  • PipPip
  • 26 posts

As the title says, I have a laptop that has been progressively running slower as time goes on. As I have a PC running Linux, I mostly use this laptop for those Microsoft applications (Word Excel etc) I cannot run on my PC. I first noticed it when applications that access the internet where slow to run, but the whole system now runs like a slug. Once the applications are loaded, they (mostly) run OK unless they have to do something online i.e. in the background.

 

I've attached a screenshot of my system info for context, and have run FRST as instructed in the self help forum. Below are the two requested files to post.

 

I am seeing if I can solve the problem here without having to completely reinstall the OS. Thanks in advance for any help/advice.

 

------

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-03-2025
Ran by Phil (administrator) on PHIL-LAPTOP (Acer Aspire A315-22) (30-03-2025 10:04:07)
Running from C:\Users\vk6ks\OneDrive - Transit Systems Pty Ltd\Desktop\FRST64.exe
Loaded Profiles: Phil
Platform: Microsoft Windows 10 Home Version 22H2 19045.5608 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.983.1\DropboxCrashHandler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Users\vk6ks\AppData\Local\MEGAsync\MEGAsync.exe ->) (Mega Limited -> ) C:\Users\vk6ks\AppData\Local\MEGAsync\mega-desktop-app-gfxworker.exe
(DriverStore\FileRepository\u0356066.inf_amd64_34f4a2d296a65834\B356137\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0356066.inf_amd64_34f4a2d296a65834\B356137\atieclxx.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(explorer.exe ->) (Mega Limited -> Mega Limited) C:\Users\vk6ks\AppData\Local\MEGAsync\MEGAsync.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\vk6ks\AppData\Local\Microsoft\OneDrive\25.035.0223.0003\Microsoft.SharePoint.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0356066.inf_amd64_34f4a2d296a65834\B356137\atiesrxx.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\vk6ks\AppData\Local\Microsoft\OneDrive\25.035.0223.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.5547_none_7e02b5467c95ffef\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [868128 2019-04-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9238408 2025-03-18] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [279240 2016-12-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4374888 2023-09-11] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\Run: [Microsoft.Lists] => C:\Users\vk6ks\AppData\Local\Microsoft\OneDrive\25.035.0223.0003\Microsoft.SharePoint.exe [1029456 2025-03-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31321880 2024-08-13] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Windows x64\Print Processors\Canon TS5100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDQ.DLL [482816 2017-03-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3600 series: CNMLMCT.DLL (No File)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS5100 series: C:\WINDOWS\system32\CNMLMDQ.DLL [1302016 2017-03-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\134.0.6998.178\Installer\chrmstp.exe [2025-03-29] (Google LLC -> Google LLC)
Startup: C:\Users\vk6ks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2022-09-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\vk6ks\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AF51FC75-F1CB-447A-9FA0-247C6CA6D715} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {960E548B-FC25-4381-94A1-1FDFA61E3C04} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {096313F0-5A9E-45F4-B89D-6424102333B6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {47EEC4F2-E1BD-4835-B955-B71DCEA691A6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [31000 2024-08-13] (Garmin International, Inc. -> )
Task: {53CDC0ED-340D-42D9-9A52-0BFC0908762D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem136.0.7079.0{ABB7E5B0-C7C5-4F1F-A67B-5272ECA1E61A} => C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\updater.exe [7017568 2025-03-20] (Google LLC -> Google LLC)
Task: {F7FF93D6-E359-46A6-90A5-B7C5C975702F} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-743475133-414505712-2234717557-1001 => C:\Users\vk6ks\AppData\Local\MEGAsync\MEGAupdater.exe [1949960 2025-03-20] (Mega Limited -> )
Task: {90AFC379-D165-411A-A5A2-DF7FA9B5B160} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-743475133-414505712-2234717557-1001 => MessengerHelper.exe  --lassie (No File)
Task: {3773F678-2083-428C-8FE4-E1009101E136} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [314512 2025-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {B254619C-35EB-47F2-BDCC-E7911564C433} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [314512 2025-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED986AA8-C844-4D03-A6D2-CD3AF4BA0C40} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28895464 2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CBCA2FA-83CE-4261-AC3C-BDF36CF5E6DF} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [67256 2025-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {638BF27F-7566-47F5-9FF6-3469301A0690} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28895464 2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {72140B64-9B8A-43D8-B694-6F403354651B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [314512 2025-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {39E75A1C-2688-4E56-8BB2-7D52B96404B1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [314512 2025-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {F8C52283-9A97-40BC-9183-03D78EDE1950} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [197256 2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B05128E7-B10E-4136-ABED-F1E2E4F4FE47} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4488544 2025-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {149BA801-2EFE-474F-96DC-4DE514ED1F73} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [90256 2025-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {CAA4C563-9173-493D-91A1-6E10B56B0192} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37E1308D-FA5B-4D62-BD21-DAC33AAAA374} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8A6706E4-4179-426B-80F7-79430D0386F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C0ECACF-1FFC-494E-83A0-B511D6958303} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1814F103-AB95-409F-A840-54ADBF0334BE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {69F11BA0-DC97-40D4-84E3-357AC76D7060} - System32\Tasks\OneDrive Startup Task-S-1-5-21-743475133-414505712-2234717557-1001 => C:\Users\vk6ks\AppData\Local\Microsoft\OneDrive\25.035.0223.0003\OneDriveLauncher.exe [670528 2025-03-25] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}: [DhcpDomain] PDHome
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\051676F6461674F6F64625F6F6D637: [DhcpNameServer] 192.168.102.254
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\051676F6461674F6F64625F6F6D637: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\155756374702B496E6763702051627B6027596D26496: [DhcpNameServer] 10.5.50.1 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\3427F677E65605C616A71602642756560275966496: [DhcpNameServer] 9.9.9.9 149.112.112.112
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\35561646275616D6023547574696F63702642756560275966496: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\35561646275616D6023547574696F63702642756560275966496: [DhcpDomain] lan
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\35B697C69676864725564727561647: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\35B697C69676864725564727561647: [DhcpDomain] home
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\44F6C6078696E602155716970274575637470275966496: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\44F6C6078696E602155716970274575637470275966496: [DhcpDomain] DolphinQuay
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\4527962656: [DhcpNameServer] 172.20.0.1
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\458454020554E494E43555C414: [DhcpNameServer] 1.1.1.1 9.9.9.9
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\458656020556E696E63757C6160274575637470275966696: [DhcpNameServer] 1.1.1.1 9.9.9.9
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\55E69647D26373D27596D26496: [DhcpNameServer] 10.0.67.1
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\6596C6C61675966496D223E2437484A7: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\751465C494E4B4F564836333: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\751465C494E4B4F564836333: [DhcpDomain] PDHome
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\75966496D233632333: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\75966496D233632333D25374: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\75966496D243542434D25374: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\D416272796F6474724F6E667F697: [DhcpNameServer] 172.17.137.254
Tcpip\..\Interfaces\{134e40d5-1dd3-4e5a-acc5-582dc4fd3ada}\D456279647F6E6027457563747027596D26496E2: [DhcpNameServer] 1.1.1.1 8.8.8.8
Tcpip\..\Interfaces\{6214d81a-97a9-4269-b7b1-ddf4d8e42c5b}: [DhcpNameServer] 192.168.20.1 0.0.0.0
Tcpip\..\Interfaces\{6214d81a-97a9-4269-b7b1-ddf4d8e42c5b}: [DhcpDomain] PDHome

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\vk6ks\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-15]
Edge Notifications: Default -> hxxps://teams.microsoft.com; hxxps://to-do.office.com
Edge Extension: (Google Docs Offline) - C:\Users\vk6ks\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-19]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\vk6ks\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Bitwarden Password Manager) - C:\Users\vk6ks\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-06-19]hxxps://clients2.google.com/service/update2/crx

FireFox:
========
FF DefaultProfile: tzam526z.default
FF ProfilePath: C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default [2025-03-30]
FF Homepage: Mozilla\Firefox\Profiles\tzam526z.default -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\tzam526z.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\tzam526z.default -> hxxps://www.tomshardware.com; hxxps://discourse.destinationlinux.network; hxxps://mail.protonmail.com
FF Extension: (Facebook Container) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\@contain-facebook.xpi [2025-03-27]
FF Extension: (Firefox Multi-Account Containers) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\@testpilot-containers.xpi [2024-09-25]
FF Extension: (All Downloader Professional) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\[email protected] [2024-04-26]
FF Extension: (Exif Viewer) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\[email protected] [2024-04-26]
FF Extension: (PDF Mage) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\[email protected] [2025-02-11]
FF Extension: (Privacy Badger) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\[email protected] [2025-03-13]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\[email protected] [2025-03-08]
FF Extension: (Language: English (US)) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\[email protected] [2025-03-30]
FF Extension: (Firefox Relay) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\[email protected] [2023-12-10]
FF Extension: (uBlock Origin) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\[email protected] [2025-03-30]
FF Extension: (Startpage — Private Search Engine) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2025-01-21]
FF Extension: (Bitwarden Password Manager) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2025-03-01]
FF Extension: (404 Bookmarks) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{5f8d31ba-47fb-4b70-bf8d-d2113f6da22f}.xpi [2024-04-26]
FF Extension: (NoScript) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2025-01-06]
FF Extension: (ANIMATED - Snoopy Nap) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{88037e97-cec9-411b-b404-69f171497c13}.xpi [2019-12-24]
FF Extension: (Bookmarks clean up) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{a1087d5d-d793-445a-b988-088b1d86f2a6}.xpi [2024-08-07]
FF Extension: (Bookmarks Commander) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{b03f9081-3859-4c8c-b964-6801d29b7271}.xpi [2021-12-02]
FF Extension: (Video DownloadHelper) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2025-02-04]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-03-30]
FF Extension: (FoxClocks) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}.xpi [2020-11-02]
FF Extension: (Fix add-ons signed before 2018 (Bug 1954818)) - C:\Users\vk6ks\AppData\Roaming\Mozilla\Firefox\Profiles\tzam526z.default\features\{08c640f8-e5bb-4b2a-8e7d-dfcd4ec8a5b4}\[email protected] [2025-03-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-11-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-11-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.20 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\vk6ks\AppData\Local\Google\Chrome\User Data\Default [2025-03-29]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\vk6ks\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-20]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Docs Offline) - C:\Users\vk6ks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-26]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Web Store Payments) - C:\Users\vk6ks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-07]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Bitwarden Password Manager) - C:\Users\vk6ks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2025-03-29]hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-743475133-414505712-2234717557-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13768912 2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48528 2025-03-18] (Dropbox, Inc -> Dropbox, Inc.)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\220.4.4126\DropboxElevationService.exe [1659280 2025-03-18] (Dropbox, Inc -> Dropbox, Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-09-03] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe [1926976 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe [4352456 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe [270056 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [181152 2019-04-10] (BayHub Technology Inc. -> BayHubTech/O2Micro)
S3 cpuz143; C:\Users\vk6ks\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2024-12-22] (CPUID -> CPUID) <==== ATTENTION
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-29] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [278944 2025-03-07] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2025-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-09-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-29] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-29] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-03-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601520 2025-03-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100768 2025-03-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-30 10:04 - 2025-03-30 10:05 - 000028978 _____ C:\Users\vk6ks\OneDrive - Transit Systems Pty Ltd\Desktop\FRST.txt
2025-03-30 10:03 - 2025-03-30 10:05 - 000000000 ____D C:\FRST
2025-03-30 10:00 - 2025-03-30 10:00 - 002404352 _____ (Farbar) C:\Users\vk6ks\OneDrive - Transit Systems Pty Ltd\Desktop\FRST64.exe
2025-03-27 17:51 - 2025-03-27 17:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-03-20 18:22 - 2025-03-20 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-03-18 19:02 - 2025-03-18 19:02 - 000048528 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2025-03-16 18:45 - 2025-03-16 18:45 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-03-12 20:25 - 2025-03-12 20:25 - 000000000 ___HD C:\$WinREAgent
2025-03-09 15:22 - 2025-03-10 14:37 - 000000000 ____D C:\Users\vk6ks\OneDrive - Transit Systems Pty Ltd\Desktop\Denise Docs
2025-03-09 15:18 - 2025-03-09 15:18 - 000179330 _____ C:\Users\vk6ks\Downloads\Completed_Form.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-30 09:55 - 2022-02-11 22:27 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-03-30 09:15 - 2023-09-03 17:08 - 000000000 ____D C:\Users\vk6ks\AppData\Local\Malwarebytes
2025-03-30 09:09 - 2019-09-05 10:32 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-03-30 07:50 - 2023-06-07 19:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-29 20:27 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-29 17:35 - 2019-12-26 17:34 - 000000000 ____D C:\Users\vk6ks\AppData\Roaming\Microsoft\Office
2025-03-29 17:34 - 2020-01-01 19:03 - 000000000 ____D C:\Users\vk6ks\AppData\Roaming\Microsoft\Word
2025-03-29 17:14 - 2019-12-24 21:21 - 000000000 ____D C:\Users\vk6ks\AppData\Local\Packages
2025-03-29 15:35 - 2019-12-26 17:34 - 000000000 ____D C:\Users\vk6ks\AppData\Roaming\Microsoft\Excel
2025-03-29 10:36 - 2019-12-24 21:22 - 000000000 ____D C:\Users\vk6ks\AppData\Local\D3DSCache
2025-03-29 08:49 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-29 08:49 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-29 08:42 - 2019-12-31 05:56 - 000000000 ____D C:\Users\vk6ks\AppData\Roaming\Dropbox
2025-03-29 08:42 - 2019-12-31 05:55 - 000000000 ____D C:\Users\vk6ks\AppData\Local\Dropbox
2025-03-29 08:40 - 2023-05-05 20:31 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-29 08:40 - 2020-06-21 08:02 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-29 08:39 - 2022-09-07 18:38 - 000002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-25 19:03 - 2025-02-06 11:30 - 000003564 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-743475133-414505712-2234717557-1001
2025-03-25 19:03 - 2023-06-13 18:32 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-743475133-414505712-2234717557-1001
2025-03-25 19:03 - 2023-06-13 18:32 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-743475133-414505712-2234717557-1001
2025-03-25 19:03 - 2023-06-13 18:32 - 000002432 _____ C:\Users\vk6ks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-03-25 17:01 - 2020-09-21 12:10 - 000000000 ____D C:\Users\vk6ks\Documents\Scanned Documents
2025-03-24 17:18 - 2019-12-25 09:10 - 000000000 ____D C:\Users\vk6ks\AppData\Local\GHISLER
2025-03-22 17:32 - 2023-06-07 20:07 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-22 17:32 - 2022-10-12 08:05 - 000002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-20 18:22 - 2019-12-31 05:55 - 000000000 ____D C:\Program Files (x86)\Dropbox
2025-03-20 18:13 - 2022-09-20 08:42 - 000000000 ____D C:\Users\vk6ks\AppData\Local\MEGAsync
2025-03-16 18:44 - 2019-12-26 17:19 - 000000000 ____D C:\Program Files\Microsoft Office
2025-03-13 14:40 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-13 14:36 - 2023-06-07 20:05 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-13 14:31 - 2019-09-05 10:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-03-13 14:26 - 2023-06-07 20:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-13 14:26 - 2020-08-16 18:42 - 000008192 ___SH C:\DumpStack.log.tmp
2025-03-13 14:26 - 2019-12-24 21:05 - 000073232 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2025-03-13 14:26 - 2019-09-05 09:30 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2025-03-13 04:05 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-03-13 04:05 - 2019-09-05 09:52 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2025-03-13 04:04 - 2023-06-07 19:57 - 000436312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-03-13 04:03 - 2019-12-07 22:46 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-03-13 04:03 - 2019-12-07 22:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2025-03-13 04:03 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-03-13 04:03 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-03-13 04:03 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-03-13 04:03 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-03-13 04:03 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-03-13 04:03 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-03-13 04:03 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-03-13 04:03 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
2025-03-12 20:50 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-12 20:43 - 2023-06-07 19:58 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-03-09 16:00 - 2019-12-25 19:50 - 000000000 ____D C:\Users\vk6ks\AppData\Roaming\vlc
2025-03-08 08:03 - 2023-06-07 20:07 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-08 08:03 - 2023-06-07 20:07 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-07 12:04 - 2019-09-05 09:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-03-05 05:35 - 2021-08-04 15:04 - 000000000 ___RD C:\Users\vk6ks\Documents\Training (Non Dropbox)

==================== Files in the root of some directories ========

2024-01-12 14:59 - 2024-01-12 15:00 - 000003584 _____ () C:\Users\vk6ks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-12-27 10:14 - 2023-10-29 07:20 - 000007605 _____ () C:\Users\vk6ks\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-03-2025
Ran by Phil (30-03-2025 10:08:47)
Running from C:\Users\vk6ks\OneDrive - Transit Systems Pty Ltd\Desktop
Microsoft Windows 10 Home Version 22H2 19045.5608 (X64) (2023-06-07 12:07:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-743475133-414505712-2234717557-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-743475133-414505712-2234717557-503 - Limited - Disabled)
Guest (S-1-5-21-743475133-414505712-2234717557-501 - Limited - Disabled)
Phil (S-1-5-21-743475133-414505712-2234717557-1001 - Administrator - Enabled) => C:\Users\vk6ks
WDAGUtilityAccount (S-1-5-21-743475133-414505712-2234717557-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20435 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced Diary v2.1 (HKLM-x32\...\Advanced Diary_is1) (Version:  - CSoftLab)
Amazon Kindle (HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\Amazon Kindle) (Version: 1.33.0.62002 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{0E58844F-7FF7-4CD2-AAE2-CE703BC68F52}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
BlackVue 3.13 (HKLM-x32\...\BlackVue) (Version: 3.13 - PittaSoft, Inc.)
Branding64 (HKLM\...\{FFF5E5C1-7884-49BE-BB04-36B99C1522E6}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.5.3 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.00.1.51 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.4.0.16 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon TS5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5100_series) (Version: 1.01 - Canon Inc.)
Canon TS5100 series On-screen Manual (HKLM-x32\...\Canon TS5100 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 220.4.4126 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.983.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{7E7A6576-011C-4CF5-A5CA-AA144A725DBF}) (Version: 7.23.0.0 - Garmin Ltd or its subsidiaries) Hidden
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.2.19325.10 - Acer)
Garmin Express (HKLM-x32\...\{135ceafa-3701-43b0-84bf-870018df80ee}) (Version: 7.23.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{FCD51A02-BD93-475D-902D-49FD51F2F6B8}) (Version: 7.23.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 134.0.6998.178 - Google LLC)
IrfanView 4.70 (64-bit) (HKLM\...\IrfanView64) (Version: 4.70 - Irfan Skiljan)
Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18526.20168 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 134.0.3124.93 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 134.0.3124.93 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\OneDriveSetup.exe) (Version: 25.035.0223.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\Teams) (Version: 1.4.00.16575 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 136.0.3 (x64 en-US)) (Version: 136.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.10.1 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 128.6.0 (x64 en-US)) (Version: 128.6.0 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18526.20168 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18526.20168 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tag&Rename 3.9.15 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.9.15 - Softpointer Inc)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 11.50 - Ghisler Software GmbH)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========
Acer Collection S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4 [2019-09-05] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 [2023-06-02] (Acer Incorporated)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-11] ()
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-09-10] (Canon Inc.)
Copilot -> C:\Program Files\WindowsApps\Microsoft.Copilot_1.25031.112.0_x64__8wekyb3d8bbwe [2025-03-29] (Microsoft Corporation) [Startup Task]
Cribbage Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.CribbageDeluxe_2.12.160.0_x64__kx24dqmazqk8j [2025-01-22] (Random Salad Games LLC)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2025-03-20] (Dropbox Inc.)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2024-01-23] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.124.0_x64__kx24dqmazqk8j [2025-01-30] (Random Salad Games LLC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.42.0_x64__w1wdnht996qgy [2025-02-22] (LinkedIn) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2250.1.0.0_x64__8xx8rvfyw5nnt [2025-03-12] (Meta)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2503.14001.0_x64__8wekyb3d8bbwe [2025-03-29] (Microsoft Corporation) [Startup Task]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_4.6.3071.0_x64__8wekyb3d8bbwe [2025-03-29] (Microsoft Studios)
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.4008.0_x64__8wekyb3d8bbwe [2025-02-26] (Microsoft Corporation)
Movie & Audio Studio -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieAudioStudio_1.1.4.0_x64__awcgk3qbzve1y [2019-09-05] (MAGIX Software GmbH)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-03-16] ()
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2019-12-24] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2019-09-05] (CYBERLINK COM CORP)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.177.0_x64__dt26b99r8h8gj [2019-09-05] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.5.35.0_x64__kx24dqmazqk8j [2025-03-20] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.5.25.0_x64__kx24dqmazqk8j [2025-02-26] (Random Salad Games LLC)
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_6.1.137.0_x64__kx24dqmazqk8j [2024-07-22] (Random Salad Games LLC)
Spotify - Music and Podcasts -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0 [2025-03-27] (Spotify AB) [Startup Task]
Stagelight -> C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778 [2019-12-24] (Open Labs LLC)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-01-23] (Microsoft Corporation)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2512.2.0_x64__cv1g1gvanyjgm [2025-03-29] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.2 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2024-03-22] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_6000.424.1611.0_x64__8wekyb3d8bbwe [2025-03-19] (Microsoft Corp.)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-05-01] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\vk6ks\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{1BE1A13B-27D1-4AFA-A93D-635287066AD6} -> [Transperth] => C:\Transperth [2020-09-29 03:39]
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{26993e44-610b-4d0c-b4e3-48ecbb89f65a}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{881C032C-F8FE-40C2-8C48-2305AB5E425F} -> [Training (Non Dropbox)] => C:\Users\vk6ks\Documents\Training (Non Dropbox) [2021-08-04 15:04]
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{9A401A24-E5C7-4AAF-9224-BFEB93698594}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{BF553571-B433-459E-8083-FB0C5B187E4A} -> [Magazines] => C:\Users\vk6ks\Documents\Magazines [2021-06-12 11:55]
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{C08301DE-2ABB-474C-A159-370103315D38} -> [Garmin] => C:\Users\vk6ks\Documents\Garmin [2021-01-21 15:32]
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\ProgramData\Phil\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-743475133-414505712-2234717557-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\vk6ks\Dropbox [2019-12-31 12:09]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\vk6ks\AppData\Local\MEGAsync\ShellExtX64.dll [2025-03-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\vk6ks\AppData\Local\MEGAsync\ShellExtX64.dll [2025-03-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\vk6ks\AppData\Local\MEGAsync\ShellExtX64.dll [2025-03-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\contextMenu\NppShell.dll [2024-12-21] (Notepad++ -> Bjarke I. Pedersen [email protected])
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vk6ks\AppData\Local\MEGAsync\ShellExtX64.dll [2025-03-20] (Mega Limited -> )
ContextMenuHandlers1: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files (x86)\TagRename\TRShell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vk6ks\AppData\Local\MEGAsync\ShellExtX64.dll [2025-03-20] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-09-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vk6ks\AppData\Local\MEGAsync\ShellExtX64.dll [2025-03-20] (Mega Limited -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\vk6ks\AppData\Local\MEGAsync\ShellExtX64.dll [2025-03-20] (Mega Limited -> )
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-11-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-09-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files (x86)\TagRename\TRShell64.dll [2015-05-12] (Softpointer Inc -> Sofpointer Inc)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2019-12-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\vk6ks\Downloads\20201205_065307.jpg:com.dropbox.attrs [54]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-743475133-414505712-2234717557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-743475133-414505712-2234717557-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-11-13] (Microsoft Corporation -> Microsoft Corporation)
IE Session Restore: HKU\S-1-5-21-743475133-414505712-2234717557-1001 -> is enabled.
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\sharepoint.com -> hxxps://transitsystemsaustralia-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 15:31 - 2020-12-15 00:32 - 000337823 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 ad2games.com
0.0.0.0 adadvisor.net
0.0.0.0 www.adchimp.com
0.0.0.0 pixel.adcrowd.com
0.0.0.0 ct1.addthis.com
0.0.0.0 static.uk.addynamo.com
0.0.0.0 adexc.net
0.0.0.0 static.adfclick1.com
0.0.0.0 server.adformdsp.net
0.0.0.0 s.adframesrc.com
0.0.0.0 media.adfrontiers.com
0.0.0.0 www.adgitize.com
0.0.0.0 www.ad-groups.com #[Ban Man Pro Banner Code]
0.0.0.0 adgrx.com
0.0.0.0 adhall.com
0.0.0.0 adhitzads.com
0.0.0.0 aj.adjungle.com
0.0.0.0 adserver-e7.com
0.0.0.0 n.admagnet.net

There are 8787 more lines.


2019-12-31 19:16 - 2019-12-31 19:19 - 000000516 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ffmpeg\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Users\vk6ks\AppData\Local\Microsoft\WindowsApps;C:\Users\vk6ks\Dropbox\Documents;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-743475133-414505712-2234717557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vk6ks\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.20.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
WiFi: Qualcomm Atheros QCA9377 Wireless Network Adapter -> Qcamain10x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX2"
HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-743475133-414505712-2234717557-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_1609F76A54710FFEA712C9F97ACB57F0"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FF9E5972-2B51-4997-BC38-C1A0BDFDCAE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surviving Mars\MarsSteam.exe (Haemimont Games) [File not signed]
FirewallRules: [{8ACF36AA-7EF9-4ECE-BAE8-42CF01ED1A7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surviving Mars\MarsSteam.exe (Haemimont Games) [File not signed]
FirewallRules: [{3E832A53-90DE-4F49-8B5F-6964B7B4D36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Killer Sudoku\Killer Sudoku.exe () [File not signed]
FirewallRules: [{7105AB48-64B7-4114-BDF3-703CEBA430D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Killer Sudoku\Killer Sudoku.exe () [File not signed]
FirewallRules: [{61C08C2F-EBA4-4D88-A263-517013BAA8AA}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{8168BF53-9B6C-4889-A7B0-3518DCABFF15}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{C0ECD94C-D602-421A-AA36-CB6F319FD80D}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{D71F4EB5-F64E-4B53-AEE6-F9496BAAFB80}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{4FC55D19-6B60-4E24-A2EA-A40957AB0587}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{891B47A6-B274-4028-938B-3A1487A4F617}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{13D66C27-8BBF-4FDA-8355-45847908DCA9}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{BE3BD858-3A4F-430A-B380-3A88DF766C95}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{639B9E65-0449-4A01-9814-C4B4AA0F6D6C}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{87234814-5354-4BF4-892F-9DE8339CCEFE}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{060CDFAC-C756-45CF-906A-3DBF0F6C39F2}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{4E4B6757-50D2-4120-87F4-60E4DBC9CC9E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )
FirewallRules: [{590DA189-692D-4BFB-8EDD-332FF811E672}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CAE2274E-9FC4-4337-90EC-7F47A15F86A1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{78579B7E-0B8A-4438-B55E-2D256F840BDE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3F36077F-7DCC-416D-ACD0-380F2892B2AF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{86A674E2-AAAB-409B-86EA-6803B815B009}C:\program files\lbry\resources\static\daemon\lbrynet.exe] => (Allow) C:\program files\lbry\resources\static\daemon\lbrynet.exe => No File
FirewallRules: [UDP Query User{B16F8739-725D-4780-B5C5-5F5991141DFA}C:\program files\lbry\resources\static\daemon\lbrynet.exe] => (Allow) C:\program files\lbry\resources\static\daemon\lbrynet.exe => No File
FirewallRules: [{41E2BE13-EEE1-465E-AE11-1ED160656377}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4B1D0B68-E2AB-41B8-8EE9-56DF9B391E57}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EBEB41AD-DC4B-4CF5-A9E6-46135B755A19}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5D694730-2C92-4316-A4D6-8D31A946421A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{59AFC5D9-5D32-4B21-9B18-12E4AAC773A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Classic Sudoku\Classic Sudoku.exe () [File not signed]
FirewallRules: [{D830C34D-7848-4AB5-B890-F11B3AF625B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Classic Sudoku\Classic Sudoku.exe () [File not signed]
FirewallRules: [{0B060D48-7161-4BFF-AE77-74B2B0C9C13F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8E37F222-30B5-4C6C-81A3-0A7BECA5B0D9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{4D33F995-2AAF-4512-BC27-05C1372F1E09}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{AAA11E7E-8DF3-45AC-99F2-76A3A3AB0AD6}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{383E959A-F951-42A8-A37E-9C4B6EC55B50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe () [File not signed]
FirewallRules: [{5B9756CD-E039-4C26-8648-53BE55FD0366}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe () [File not signed]
FirewallRules: [{AEDD29A2-A421-4753-A9BD-F149034FA041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe () [File not signed]
FirewallRules: [{25B9C1CA-0C7E-4C2D-853E-5195ECE17A65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe () [File not signed]
FirewallRules: [{674272F2-781A-4E1B-9485-C8632172EE51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorksDX12_64.exe () [File not signed]
FirewallRules: [{FCE298DB-5FD9-4235-8769-2340DCEB076B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorksDX12_64.exe () [File not signed]
FirewallRules: [TCP Query User{49E57484-0BDE-4FBC-8E45-B0D8FAB3E1E7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{E9A230B2-FF0F-47FB-B836-8F761113AD0B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{6240DD3F-27F1-4D50-A69C-EEEC9AD51E58}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB25B0E6-05D8-42D5-86F0-B975F00439B5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{B24DDAA7-E674-4C41-9181-766A052F66B7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{43E2F75E-0FDD-4752-999A-5BDBBA5F57C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FD1F4840-ADBA-4903-8188-270CF028FA71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{17D2F49A-9828-4C6E-A53D-F2F837A618B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D8F401E8-A7B2-4698-91BD-4F337E6E33F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{33452B71-1B77-442C-83D2-6234786D9DF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E5E72639-55F8-4CAF-AF5F-6EEE57FD017F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E841335D-04BF-4858-9252-6536E8D09E82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{88F7342D-1865-4D0C-9FF6-6C88F2B94524}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A33AECB-6284-4DFE-BE09-CF82674F34AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A1163A6D-126B-444B-960F-16B8295A09AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0B72157C-A9B4-4C7E-8A9D-62462DF14C70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EBAD4DF3-6EC1-4309-BE44-30FB02A4709D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.93\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C34223F-D51B-4302-8F4F-6FEF1BA4BA78}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D8458A25-7CA2-4D12-B286-F4E99D89ED84}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{97A177EC-EC3C-4DE4-8862-9F33CBAFE6B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C9056EEB-9F67-446D-AA28-AF93C94D6E71}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

21-03-2025 20:27:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/30/2025 09:09:56 AM) (Source: Firefox Default Browser Agent) (EventID: 1140) (User: )
Description: Event-ID 1140

Error: (03/30/2025 09:09:56 AM) (Source: Firefox Default Browser Agent) (EventID: 1140) (User: )
Description: Event-ID 1140

Error: (03/29/2025 08:42:55 AM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) The handle is invalid.

Error: (03/27/2025 08:55:30 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimiser couldn't complete re-trim on Seagate Basic (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (03/27/2025 05:49:47 PM) (Source: Firefox Default Browser Agent) (EventID: 1140) (User: )
Description: Event-ID 1140

Error: (03/27/2025 05:49:47 PM) (Source: Firefox Default Browser Agent) (EventID: 1140) (User: )
Description: Event-ID 1140

Error: (03/27/2025 05:46:40 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) The handle is invalid.

Error: (03/26/2025 04:36:53 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) The handle is invalid.


System errors:
=============
Error: (03/28/2025 05:57:40 AM) (Source: DCOM) (EventID: 10010) (User: PHIL-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/28/2025 05:57:40 AM) (Source: DCOM) (EventID: 10010) (User: PHIL-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/28/2025 05:57:39 AM) (Source: DCOM) (EventID: 10010) (User: PHIL-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/28/2025 05:57:39 AM) (Source: DCOM) (EventID: 10010) (User: PHIL-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/28/2025 05:57:39 AM) (Source: DCOM) (EventID: 10010) (User: PHIL-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/28/2025 05:57:39 AM) (Source: DCOM) (EventID: 10010) (User: PHIL-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/28/2025 05:57:38 AM) (Source: DCOM) (EventID: 10010) (User: PHIL-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/28/2025 05:57:38 AM) (Source: DCOM) (EventID: 10010) (User: PHIL-LAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2025-03-29 12:16:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-29 09:01:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-27 18:48:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-26 16:56:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-25 16:33:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2024-03-29 17:05:48
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.779.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80072f8f
Error description: A security error occurred

CodeIntegrity:
===============
Date: 2025-03-29 08:42:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\Dropbox.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\220.4.4126\vulkan-1.dll that did not meet the Microsoft signing level requirements.

Date: 2025-03-20 18:10:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\Dropbox.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\219.4.4463\vulkan-1.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Phoenix Technologies Ltd. V1.09 05/15/2020
Motherboard: SR Rose_SR
Processor: AMD A9-9420e RADEON R5, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 68%
Total physical RAM: 7582.48 MB
Available physical RAM: 2366.46 MB
Total Virtual: 8798.48 MB
Available Virtual: 2449.59 MB

==================== Drives ================================

Drive c: (Phil-Laptop) (Fixed) (Total:237.36 GB) (Free:89.63 GB) (Model: KINGSTON RBUSNS8154P3256GJ1) NTFS
Drive e: (Seagate Basic) (Fixed) (Total:1863.01 GB) (Free:1564.29 GB) (Model: Seagate Basic SCSI Disk Device) NTFS

\\?\Volume{c920165d-f9d7-4f2b-aa5a-d38e66c2ecf7}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.43 GB) NTFS
\\?\Volume{2cd1dc0d-40c5-4808-9ab0-87c1a9ce1830}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B137252F)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 59E9F319)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Attached Thumbnails

  • Screenshot 2025-03-30 10.25.25.png

  • 0

Advertisements

#2
RKinner
Posted 31 March 2025 - 09:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP
Multiple replies are OK.  Best to post a log as you get it.
 
Get Process Explorer
 
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
View and check Show Processes From All Users 
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
I see you have Speccy already so:
Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 
Latency Monitor:
 
Go to
 
 
Scroll down to
 
System Monitoring Tools
 
and then find
 
LatencyMon 7.0 (or it may be a higher number if they update)
 
Click on Download free home edition
 
Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it. 
 
Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  
 
 
Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it. 
 
To attach a file:
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
Only files with .txt, .jpg or .zip are allowed.
 
If you don't know how to take a screenshot:
Remember to save the file as jpg.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP