This topic is locked
Hello, I am in need of help. A few days ago I updated my xwidget software. A couple of days later I noticed a red x on the windows security icon on the taskbar. I clicked on it and it stated that action is needed. There was a threat with my xwidget program. So, removed the threat and not quarantined it. Now, I keep re scanning my system and it still tells me that action is needed. So, I deleted anything that has to do with xwidget. I still have a red x on the icon and still get the same message . I installed malware bytes and hoped that it would solve the problem but it found some pup files and did not solve my problem. Right now I’m taking advantage of their 14 days trial to keep my system safe and secured. I was going to try a kapersky removal tool but it recommended to use it with expert guidance. I am here because you guys helped me when I had a similar problem with my windows 8.1 system, few years ago. I ran the FRST64 scanner, hopefully correctly, and results are below. I’m disabled and it may take me some time to reply…….
My system is a Dell Inspiron 3910 Windows 11 64 Bit
Thank You in advance
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2023
Ran by rigoj (administrator) on DESKTOP-2EMPE5I (Dell Inc. Inspiron 3910) (18-07-2023 09:52:28)
Running from C:\Users\rigoj\OneDrive\Desktop\FRST64.exe
Loaded Profiles: rigoj
Platform: Microsoft Windows 11 Home Version 22H2 22621.1992 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\LibreOffice\program\soffice.exe ->) (The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.bin
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe ->) (Rivet Networks LLC) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPS.exe
(C:\Program Files\Softdeluxe\Free Download Manager\wenativehost.exe ->) (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe <6>
(C:\Users\rigoj\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\rigoj\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(cmd.exe ->) (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\wenativehost.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_helper.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <20>
(explorer.exe ->) (E96FA30E-7CF5-4C27-B4D8-959575FD2E0C -> BlueMail) C:\Program Files\WindowsApps\BlueMail.BlueMailEmail_1.137.2.0_x64__t08282y3j4hc4\app\BlueMail.exe <5>
(explorer.exe ->) (Fabio Martin) [File not signed] C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe
(explorer.exe ->) (FxSound, LLC -> FxSound LLC) C:\Program Files\FxSound LLC\FxSound\FxSound.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\osk.exe
(explorer.exe ->) (My Portable Software) [File not signed] C:\Users\rigoj\Downloads\my_daily_wallpaper (2)\My_Daily_Wallpaper.exe
(explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(explorer.exe ->) (The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_74e28d819fb21cc3\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_f94b71985382657d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d9519ae046ebf398\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_670360bdb5a40a0d\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe
(services.exe ->) (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(services.exe ->) (Rivet Networks, LLC.) [File not signed] C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSysSvc64.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\rigoj\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(sihost.exe ->) (6099D0EF-9374-47ED-BDFE-A82136831235 -> File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.2.2.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(sihost.exe ->) (61773884-FD83-4DAD-91D2-1ECD4DCEF5D4 -> ) C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng\WindowsWidgets.WPF.Core.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2327.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [226816 2022-05-12] (Open-Shell) [File not signed]
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe [5083776 2023-02-15] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [738936 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\Run: [My Daily Wallpaper] => C:\Users\rigoj\Downloads\my_daily_wallpaper (2)\My_Daily_Wallpaper.exe [536576 2022-10-17] (My Portable Software) [File not signed]
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\Run: [247b6221a26d5c5da9074c127870d49f] => C:\Program Files\StreamFab\StreamFab\StreamUpdate.exe [7452688 2023-07-13] (StreamFab Technology -> )
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\Run: [BlueMail] => C:\WINDOWS\explorer.exe me.blueone.win:noopt (No File) <==== ATTENTION
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\rigoj\Downloads\Aerial (1)\Aerial.scr [537088 2017-02-04] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\Installer\chrmstp.exe [2023-06-28] (Avast Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2023-06-07]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan -> EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FxSound.lnk [2023-06-29]
ShortcutTarget: FxSound.lnk -> C:\Program Files\FxSound LLC\FxSound\FxSound.exe (FxSound, LLC -> FxSound LLC)
Startup: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk [2023-05-14]
ShortcutTarget: 7 Sticky Notes.lnk -> C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe (Fabio Martin) [File not signed]
Startup: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BlueMail Email - Shortcut.lnk [2023-07-17]
ShortcutTarget: BlueMail Email - Shortcut.lnk -> (No File)
Startup: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thunderbird.lnk [2023-07-17]
ShortcutTarget: Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
GroupPolicyScripts\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {30A55B3D-F224-4B6C-8C49-AB2FD14A2E8F} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [3364752 2023-06-27] (Avast Software s.r.o. -> AVAST Software)
Task: {29679065-D358-4452-B032-E5CBD2FC97BA} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [3364752 2023-06-27] (Avast Software s.r.o. -> AVAST Software)
Task: {E842F7CB-66D2-401C-88F3-BC8598348210} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-04-19] (Avast Software s.r.o. -> AVAST Software)
Task: {9DCE5912-9C28-44F1-9AA1-0D6484D25C15} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-04-19] (Avast Software s.r.o. -> AVAST Software)
Task: {30ED1D0A-AFAE-4749-8BEE-4DD62595D2CC} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2022-10-13] (CyberLink Corp. -> )
Task: {220A5B2F-3561-41B1-9DF9-AAB307806742} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2322472 2022-10-13] (CyberLink Corp. -> )
Task: {95DC91EA-D596-4E70-8186-B887B0172DDC} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.)
Task: {53CF4FE6-9098-4702-881C-4C28C74760C1} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\10.5.0\Scheduler.exe [159208 2023-05-08] (IObit CO., LTD -> IObit)
Task: {27637C4E-790E-46E0-BF57-37830726B544} - System32\Tasks\Driver Booster SkipUAC (rigoj) => C:\Program Files (x86)\IObit\Driver Booster\10.5.0\DriverBooster.exe [8966120 2023-06-08] (IObit CO., LTD -> IObit)
Task: {E529BE50-AD6E-4BEF-9F61-94254FBEA3B3} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.5.0\AutoUpdate.exe [2516968 2023-05-08] (IObit CO., LTD -> IObit)
Task: {259D7E66-247B-4373-BBDA-8F471A400BDF} - System32\Tasks\FreeDownloadManagerHelperService => C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe [129536 2023-05-19] (Softdeluxe) [File not signed]
Task: {86BC2815-60D2-4D69-BB5A-ED19C0447A9D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [57808 2023-07-14] (HP Inc. -> HP Inc.)
Task: {F70DC1A8-8335-46ED-B4BB-514B9F13910C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4564016 2023-01-16] (McAfee, LLC -> McAfee, LLC)
Task: {66EF9237-5778-454B-A9F9-E6F62584734B} - System32\Tasks\Microsoft\Windows\Setup\EM => %windir%\system32\EM.exe (No File) <==== ATTENTION
Task: {22C4E3FD-9EC2-4216-AD54-E03EE13A82E7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {BB849F6B-DA2D-4492-B068-DF2E08DCEBC1} - System32\Tasks\NCH Software\WavePadSevenDays => C:\Program Files (x86)\NCH Software\WavePad\WavePad.exe [7028904 2023-07-01] (NCH Software, Inc. -> NCH Software)
Task: {D4605BF6-C7EF-48FC-A615-107A3F7FF143} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [102952 2022-10-13] (CyberLink Corp. -> CyberLink Corp.)
Task: {FAF9F731-0C1E-40CC-8E45-EC111DB29EED} - System32\Tasks\PrivaZer_cleanup => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [21909472 2023-07-02] (Goversoft LLC -> Goversoft LLC)
Task: {376CC79E-521B-446F-8E14-776E868882C6} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [21909472 2023-07-02] (Goversoft LLC -> Goversoft LLC)
Task: {52602FDB-5B47-44AA-917C-76F0A134E5E4} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [87040 2022-07-28] (DELL) [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{de8bda44-40e5-49f1-8779-a72e205f0cbe}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{fb707705-6223-44b8-91f8-9148ef6b283b}: [DhcpNameServer] 192.168.1.254
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-18]
Edge StartupUrls: Default -> "hxxps://www.huffpost.com/"
Edge NewTab: Default -> Active:"chrome-extension://cmhgbbhefpibjinpbhlfmopkggcgicoh/newtab.html"
Edge DefaultSearchURL: Default -> hxxps://www.bing.com/search?PC=U523&q={searchTerms}
Edge Extension: (Web Boost - Wait Less, Browse Faster!) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahbkhnpmoamidjgbneafjipbmdfpefad [2023-07-16]
Edge Extension: (Free Download Manager) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2023-04-17]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2023-07-18]
Edge Extension: (Microsoft Rewards) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2023-04-17]
Edge Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmhgbbhefpibjinpbhlfmopkggcgicoh [2023-04-16]
Edge Extension: (FVP Free Vpn Proxy) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ebldcmdjfokdlhlldbfgljogkjkadoag [2023-04-17]
Edge Extension: (WorkingVPN - A Free VPN that just works) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fodhjdclionkbgbpjhoibehdjioihcnd [2023-04-17]
Edge Extension: (Bideo Max: Auto 8K/4K/HD for YouTube & More) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmbibdjnoggepmihhomcldjdocgmecgi [2023-07-14]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2023-07-14]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2023-07-14]
Edge Extension: (Speed-Up Browsing) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkhnldpdljhiooeallkmlajnogjghdfb [2023-04-17]
Edge Extension: (TubeHD Auto HD) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ijdigbkmafmcdhiifocfmlbigckfnfgc [2023-04-17]
Edge Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2023-07-14]
Edge Extension: (Bitwarden - Free Password Manager) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2023-07-14]
Edge Extension: (Edge relevant text changes) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-27]
Edge Extension: (yet another speed dial) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kachajgmekhiajhbbfpfhbmonmpnpiee [2023-04-17]
Edge Extension: (Microsoft Power Automate) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kagpabjoboikccfdghpdlaaopmgpgfdc [2023-07-14]
Edge Extension: (History On/Off) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lahcnhkiaakhfmfldmemfebadcbiblpl [2023-04-17]
Edge Extension: (uBlock Origin) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-07-14]
Edge Extension: (WebRTC Leak Shield) - C:\Users\rigoj\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pblfgfehcokbglafpcldgjpmknildihk [2023-04-17]
Edge HKU\S-1-5-21-1626067706-482745893-4017202076-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.371.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2023-04-19] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2023-04-19] (Avast Software s.r.o. -> AVAST Software)
Chrome:
=======
CHR HKU\S-1-5-21-1626067706-482745893-4017202076-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
Opera:
=======
OPR Profile: C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable [2023-07-09]
OPR DefaultSuggestURL: Opera Stable -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list&t={opera:vpnClient}
OPR Extension: (WebRTC Control) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\abbdelbgkogfgjkjflgmhebbfjahgalo [2023-05-26]
OPR Extension: (HideAll VPN - Fast & Unlimited VPN) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\amnoibeflfphhplmckdbiajkjaoomgnj [2023-06-15]
OPR Extension: (Browsec VPN - Free VPN for Opera) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\dknfpcdpbkjijldegonllfnnfhabjpde [2023-06-28]
OPR Extension: (Free VPN Proxy and ad blocker - Planet VPN) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\efmeiipgodbfbbloibdecgnhnjjdenek [2023-05-26]
OPR Extension: (Rich Hints Agent) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-05-26]
OPR Extension: (PaladinVPN - 100% Unlimited Free VPN Proxy) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\fmfjhpifmnfhaifhdenjjpdpmfpodlce [2023-06-06]
OPR Extension: (Opera Wallet) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-06-30]
OPR Extension: (WebRTC Protect - Protect IP Leak) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\hjfjenclboabpdpgmnmchdojchmfbola [2023-05-26]
OPR Extension: (Aria) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-06-30]
OPR Extension: (ZoogVPN - Free VPN for Chrome & Proxy) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\immngomjofcbflgcckkfddnbpmjokbjh [2023-06-20]
OPR Extension: (Space VPN - Free & Secure proxy) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\ippnncolkjbedlgpnlhdgblhbjobpklh [2023-06-06]
OPR Extension: (Free VPN) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\jcbiifklmgnkppebelchllpdbnibihel [2023-06-27]
OPR Extension: (uBlock Origin) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2023-05-26]
OPR Extension: (History On/Off) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljbpakpmiimdmblcjjhhbfabbkmcgmdp [2023-05-26]
OPR Extension: (VPN Free Unlimited - VPNLY) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\lneaocagcijjdpkcabeanfpdbmapcjjg [2023-05-26]
OPR Extension: (Free VPN for Chrome - VPN Proxy VeePN) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\majdfhpaihoncoakbjgbdhglocklcgno [2023-05-26]
OPR Extension: (WorkingVPN - A VPN that just works) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhngpdlhojliikfknhfaglpnddniijfh [2023-05-26]
OPR Extension: (UltraSurf Security, Privacy & Unblock VPN) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2023-05-26]
OPR Extension: (VPN unlimited, free VPN with private browsing) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\nagcmbgoldfkmkiennnjpmfkfcpdgmbk [2023-06-06]
OPR Extension: (Snap VPN) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkklhdhlfknnhmmldffbofbbomlicpig [2023-06-14]
OPR Extension: (Privacia Search) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofbgjmmbmmdehioamfhccohdgiajbajj [2023-06-06]
OPR Extension: (Stark VPN - Unlimited VPN Proxy) - C:\Users\rigoj\AppData\Roaming\Opera Software\Opera Stable\Extensions\onfbdcochddeofkfdjahmpmefpilbjpb [2023-06-06]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-04-19] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-04-19] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\114.0.21608.199\elevation_service.exe [2035232 2023-06-27] (Avast Software s.r.o. -> AVAST Software)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2023-05-15] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2023-06-07] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-05-08] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-19] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [26792 2023-02-13] (Dell Inc -> Dell Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-07-14] (HP Inc. -> HP Inc.)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe [2781336 2023-05-31] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9267376 2023-07-16] (Malwarebytes Inc. -> Malwarebytes)
R2 NativePushService; C:\Users\rigoj\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [755600 2022-09-17] (Wondershare Technology Group Co.,Ltd -> Wondershare)
R2 RAPSService; C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [631336 2022-10-13] (CyberLink Corp. -> CyberLink)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [56832 2022-07-28] (Rivet Networks, LLC.) [File not signed]
R2 SmartByte Analytics Service; C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe [1623552 2022-07-28] (Rivet Networks) [File not signed]
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2381824 2022-07-28] (Rivet Networks) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R2 WavesAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesAudioService.exe [160896 2023-02-15] (Waves Inc -> Waves Audio Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe [3232576 2023-06-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe [133592 2023-06-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 CirrusLFD; C:\WINDOWS\System32\DriverStore\FileRepository\cshda.inf_amd64_eb81e1df2664cf53\CSLFD.sys [202448 2023-02-20] (Cirrus Logic, Inc -> Cirrus Logic, Inc.)
R3 CirrusUFD; C:\WINDOWS\System32\DriverStore\FileRepository\cshda.inf_amd64_eb81e1df2664cf53\CSUFD.sys [91448 2023-02-20] (WDKTestCert driver dev,131877739977077075 -> Cirrus Logic, Inc.)
R3 cshsbc; C:\WINDOWS\System32\drivers\cshsbc.sys [224616 2022-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Cirrus Logic Inc.)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218464 2023-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 FXVAD; C:\WINDOWS\system32\drivers\fxvad.sys [326656 2022-01-14] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1605320 2023-05-31] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_7d9abd38830a6e00\ipf_acpi.sys [87144 2023-05-31] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_cpu.sys [80536 2023-05-31] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_lf.sys [444568 2023-05-31] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233216 2023-07-18] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-07-18] (Malwarebytes Inc. -> Malwarebytes)
S3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [714600 2022-11-15] (Musarubra US LLC -> Trellix US LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [135024 2022-11-15] (Musarubra US LLC -> Trellix US LLC.)
S3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_0f3a2b5f72186666\rt68cx21x64.sys [717160 2023-05-31] (Realtek Semiconductor Corp. -> Realtek)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [167080 2022-07-28] (Intel Corporation -> Rivet Networks, LLC.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tap0901cn; C:\WINDOWS\System32\drivers\tap0901cn.sys [47448 2023-03-22] (Connectify (Connectify, Inc.) -> The OpenVPN Project)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2022-05-07] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2023-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-06-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99568 2023-06-08] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38704 2023-05-25] (WireGuard LLC -> WireGuard LLC)
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-07-18 08:42 - 2023-07-18 08:42 - 000000109 ____H C:\Users\rigoj\OneDrive\Documents\.~lock.virus.odt#
2023-07-18 07:13 - 2023-07-18 09:53 - 000000000 ____D C:\FRST
2023-07-18 06:59 - 2023-07-18 06:59 - 000233216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2023-07-18 06:59 - 2023-07-18 06:59 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-07-17 20:31 - 2023-07-18 08:42 - 000037868 _____ C:\Users\rigoj\OneDrive\Documents\virus.odt
2023-07-17 18:38 - 2023-07-17 18:38 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\UlaaUpdateAssistant.exe
2023-07-16 20:46 - 2023-07-16 20:46 - 000003796 _____ C:\WINDOWS\system32\Tasks\PrivaZer_cleanup
2023-07-16 19:34 - 2023-07-16 19:34 - 000000000 ____D C:\Users\rigoj\AppData\Local\mbam
2023-07-16 17:12 - 2023-07-18 06:53 - 000000000 ____D C:\Users\rigoj\AppData\Local\Malwarebytes
2023-07-16 17:12 - 2023-07-16 17:12 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-07-16 17:12 - 2023-07-16 17:12 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-07-16 17:11 - 2023-07-16 17:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-07-16 17:11 - 2023-07-16 17:11 - 000000000 ____D C:\Program Files\Malwarebytes
2023-07-15 23:39 - 2023-07-15 23:39 - 000002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2023-07-15 23:39 - 2023-07-15 23:39 - 000001331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2023-07-15 23:39 - 2023-07-15 23:39 - 000001319 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2023-07-15 23:39 - 2023-07-15 23:39 - 000000000 ____D C:\Users\rigoj\NCH Software Suite
2023-07-15 23:39 - 2023-07-15 23:39 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\NCH Software
2023-07-15 23:39 - 2023-07-15 23:39 - 000000000 ____D C:\ProgramData\NCH Software
2023-07-15 23:39 - 2023-07-15 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2023-07-15 23:39 - 2023-07-15 23:39 - 000000000 ____D C:\Program Files (x86)\NCH Software
2023-07-15 23:05 - 2023-07-15 23:05 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Renee
2023-07-15 21:47 - 2023-07-15 21:47 - 000000000 ____D C:\Recording Music
2023-07-15 21:46 - 2023-07-15 23:02 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\GiliSoft
2023-07-15 21:46 - 2023-07-15 21:46 - 000000000 ____D C:\ProgramData\Renee
2023-07-15 20:48 - 2023-07-15 20:48 - 000002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials One 2023 SE.lnk
2023-07-15 20:48 - 2023-07-15 20:48 - 000002186 _____ C:\Users\Public\Desktop\Audials One 2023 SE.lnk
2023-07-15 20:47 - 2023-07-15 20:47 - 000000000 ____D C:\ProgramData\Audials
2023-07-15 20:47 - 2023-07-15 20:47 - 000000000 ____D C:\Program Files\Audials
2023-07-15 20:44 - 2023-07-15 20:50 - 000000000 ____D C:\Users\rigoj\AppData\Local\Audials
2023-07-15 20:42 - 2023-07-15 20:42 - 000001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-07-15 20:42 - 2023-07-15 20:42 - 000001057 _____ C:\Users\Public\Desktop\Thunderbird.lnk
2023-07-15 20:42 - 2023-07-15 20:42 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-07-15 20:42 - 2023-07-15 20:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-07-15 20:40 - 2023-07-15 20:40 - 000000000 ____D C:\Users\rigoj\Downloads\Audials One 2023 Special Edition_DigitalPHTO.exe
2023-07-15 20:39 - 2023-07-15 20:39 - 000001868 _____ C:\ProgramData\WindowsHardwareTelemetry.ini
2023-07-14 08:25 - 2023-07-14 08:25 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamFab (x64)
2023-07-14 08:25 - 2023-07-14 08:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamFab (x64)
2023-07-13 23:26 - 2023-07-13 23:31 - 000000000 ____D C:\Users\rigoj\AppData\LocalLow\Mozilla
2023-07-13 18:56 - 2023-07-13 18:56 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-07-13 14:01 - 2023-07-13 14:01 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Local\VirtualStore
2023-07-13 14:00 - 2023-07-13 14:01 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Local\Packages
2023-07-13 14:00 - 2023-07-13 14:00 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\LocalLow\Intel
2023-07-13 13:59 - 2023-07-13 13:59 - 000000000 ___SD C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Roaming\Microsoft\SystemCertificates
2023-07-13 13:59 - 2023-07-13 13:59 - 000000000 ___SD C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Roaming\Microsoft\Protect
2023-07-13 13:59 - 2023-07-13 13:59 - 000000000 ___SD C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Roaming\Microsoft\Crypto
2023-07-13 13:59 - 2023-07-13 13:59 - 000000000 ___SD C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Roaming\Microsoft\Credentials
2023-07-13 13:59 - 2023-07-13 13:59 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Roaming\Microsoft\Vault
2023-07-13 13:59 - 2023-07-13 13:59 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Local\ConnectedDevicesPlatform
2023-07-13 13:58 - 2023-07-13 14:01 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006
2023-07-13 13:58 - 2023-07-13 14:00 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Roaming\Microsoft\Windows
2023-07-13 13:58 - 2023-07-13 14:00 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Roaming\Microsoft\Spelling
2023-07-13 13:58 - 2023-07-13 13:58 - 000000020 ___SH C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\ntuser.ini
2023-07-13 13:58 - 2023-04-16 20:33 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-2EMPE5I.006\AppData\Roaming\Microsoft\Network
2023-07-13 13:41 - 2023-07-13 13:41 - 296437336 _____ (Malwarebytes) C:\Users\rigoj\Downloads\MBSetup.exe
2023-07-11 13:38 - 2023-07-11 13:38 - 000000000 ____D C:\Users\rigoj\AppData\Local\PinballFX
2023-07-11 13:38 - 2023-07-11 13:38 - 000000000 ____D C:\Intel
2023-07-11 06:42 - 2023-07-11 06:42 - 000802310 _____ C:\WINDOWS\system32\perfh00A.dat
2023-07-11 06:42 - 2023-07-11 06:42 - 000160214 _____ C:\WINDOWS\system32\perfc00A.dat
2023-07-10 11:01 - 2023-07-16 17:29 - 000000000 ____D C:\Users\rigoj\AppData\Local\Abelssoft
2023-07-10 11:01 - 2023-07-16 17:29 - 000000000 ____D C:\Program Files (x86)\PC Fresh
2023-07-10 11:01 - 2023-07-10 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fresh
2023-07-10 10:48 - 2023-07-10 10:48 - 003822536 _____ (WiseCleaner.com ) C:\Users\rigoj\Downloads\WGBSetup_1.5.7.81.exe
2023-07-09 23:04 - 2023-07-11 16:17 - 000647672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-08 23:11 - 2023-07-08 23:11 - 000000000 ____D C:\Users\rigoj\Downloads\ocenaudio_win10_portable_3.12.4
2023-07-08 23:10 - 2023-07-08 23:10 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Sun
2023-07-08 23:10 - 2023-07-08 23:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2023-07-08 23:10 - 2023-07-08 23:10 - 000000000 ____D C:\Program Files\Java
2023-07-08 23:10 - 2023-03-17 04:35 - 000200352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2023-07-08 15:17 - 2023-07-08 15:36 - 000000000 ____D C:\Users\rigoj\AppData\Local\Steam
2023-07-08 14:55 - 2023-07-15 06:10 - 000000000 ____D C:\Program Files (x86)\Steam
2023-07-08 14:55 - 2023-07-08 14:55 - 000001034 _____ C:\Users\Public\Desktop\Steam.lnk
2023-07-08 14:55 - 2023-07-08 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-07-07 17:09 - 2023-07-11 16:39 - 000002918 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1626067706-482745893-4017202076-1001
2023-07-07 17:09 - 2023-07-07 17:09 - 000002381 _____ C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-06 13:56 - 2023-07-06 13:56 - 000000000 ____D C:\Users\rigoj\AppData\Local\yop
2023-07-06 13:56 - 2023-07-06 13:56 - 000000000 ____D C:\Users\rigoj\AppData\Local\VTubeGo
2023-07-06 13:54 - 2023-07-06 13:54 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VTubeGo
2023-07-06 13:54 - 2023-07-06 13:54 - 000000000 ____D C:\Program Files (x86)\VTubeGo
2023-07-05 20:16 - 2023-07-17 23:03 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-07-05 20:16 - 2023-07-09 00:51 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Mozilla
2023-07-05 20:15 - 2023-07-15 20:43 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Thunderbird
2023-07-05 20:15 - 2023-07-15 20:43 - 000000000 ____D C:\Users\rigoj\AppData\Local\Thunderbird
2023-07-05 20:12 - 2023-07-05 20:15 - 000000000 ____D C:\Users\rigoj\Downloads\BetterbirdPortable-102.13.0-bb38.en-US.win64
2023-07-03 20:47 - 2023-07-03 20:47 - 000000000 ____D C:\Users\rigoj\OneDrive\Documents\Avalanche Studios
2023-07-03 19:17 - 2023-07-03 19:17 - 000000017 _____ C:\Users\rigoj\Downloads\Compact RAM Cleaner.ini
2023-07-03 18:43 - 2023-07-03 19:38 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Ashampoo Soundstage
2023-07-03 08:54 - 2023-07-03 08:54 - 000106496 _____ (qualcosa) C:\Users\rigoj\Downloads\Compact.RAM.Cleaner.exe
2023-07-02 18:04 - 2023-07-02 18:04 - 000000000 ____D C:\Users\rigoj\OneDrive\Documents\DVDFab
2023-07-02 17:26 - 2023-07-02 17:27 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2023-07-01 23:03 - 2023-07-01 23:04 - 000000000 ___HD C:\$SysReset
2023-07-01 16:02 - 2023-07-01 16:02 - 000000889 _____ C:\Users\rigoj\AppData\Local\recently-used.xbel
2023-07-01 13:25 - 2023-07-01 13:26 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-06-30 17:15 - 2023-07-10 14:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta
2023-06-29 17:54 - 2023-06-29 17:54 - 000005999 _____ C:\Users\rigoj\Downloads\installation_status.json
2023-06-29 17:54 - 2023-06-29 17:54 - 000000000 ____D C:\Users\rigoj\Downloads\old_status
2023-06-29 17:54 - 2023-06-29 17:50 - 000000057 _____ C:\Users\rigoj\Downloads\pref_default_overrides
2023-06-29 17:53 - 2023-04-27 02:09 - 000003072 _____ C:\Users\rigoj\Downloads\Resources.pri
2023-06-29 17:53 - 2023-04-27 02:09 - 000000317 _____ C:\Users\rigoj\Downloads\opera.visualelementsmanifest.xml
2023-06-29 17:53 - 2023-04-27 02:09 - 000000317 _____ C:\Users\rigoj\Downloads\launcher.visualelementsmanifest.xml
2023-06-29 11:39 - 2023-06-29 11:39 - 000002040 _____ C:\Users\Public\Desktop\FxSound.lnk
2023-06-29 11:39 - 2023-06-29 11:39 - 000000000 ____D C:\Program Files\FxSound LLC
2023-06-28 08:52 - 2023-06-28 08:52 - 107828609 _____ C:\Users\rigoj\Downloads\AudialsRadio2023SE-lg03bl.zip
2023-06-27 09:09 - 2023-06-27 09:09 - 005231888 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw12.sys
2023-06-27 09:09 - 2023-06-27 09:09 - 001474832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter12.dll
2023-06-22 13:43 - 2023-06-22 13:43 - 095986992 _____ C:\Users\rigoj\Downloads\torbrowser-install-win64-12.5_ALL.exe
2023-06-22 11:36 - 2023-06-22 11:37 - 035220912 _____ C:\Users\rigoj\Downloads\RogueKiller_portable64.exe
2023-06-20 20:22 - 2023-06-20 20:22 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nilesoft Shell.lnk
2023-06-20 20:21 - 2023-06-20 20:22 - 000000000 ____D C:\Program Files\Nilesoft Shell
2023-06-19 19:12 - 2023-06-19 19:12 - 133437096 _____ (PDFgear ) C:\Users\rigoj\Downloads\pdfgear_setup_v2.1.0.exe
2023-06-19 08:46 - 2023-06-19 08:46 - 101458232 _____ (GoTo Group, Inc.) C:\Users\rigoj\Downloads\LastPassInstaller.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-07-18 09:52 - 2023-04-16 23:34 - 000000000 ____D C:\Users\rigoj\AppData\Local\PrivaZer
2023-07-18 09:51 - 2023-04-16 22:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-18 09:44 - 2023-04-17 07:16 - 000000000 ____D C:\Users\rigoj\AppData\Local\OpenShell
2023-07-18 09:12 - 2023-05-24 19:57 - 000000000 ____D C:\Users\rigoj\AppData\Local\CrashDumps
2023-07-18 07:10 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-18 07:09 - 2022-05-26 12:43 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2023-07-18 07:00 - 2023-04-16 22:25 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-07-18 06:57 - 2023-05-08 20:06 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\7 Sticky Notes
2023-07-18 06:54 - 2022-10-17 19:19 - 000000000 ____D C:\Users\rigoj\Downloads\my_daily_wallpaper (2)
2023-07-18 06:49 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\ServiceState
2023-07-18 06:49 - 2023-04-16 20:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-18 06:49 - 2023-04-10 07:54 - 000012288 ___SH C:\DumpStack.log.tmp
2023-07-18 06:36 - 2023-04-16 22:25 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-07-18 06:29 - 2023-04-16 20:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-17 23:41 - 2023-04-16 22:39 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-17 23:41 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-17 21:15 - 2023-04-17 09:14 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\FxSound
2023-07-17 18:41 - 2023-04-16 21:27 - 000000000 ____D C:\Users\rigoj\AppData\Local\D3DSCache
2023-07-17 15:03 - 2023-04-16 22:38 - 000000000 ____D C:\WINDOWS\INF
2023-07-17 07:09 - 2023-04-16 22:58 - 000000000 ____D C:\ProgramData\ProductData
2023-07-17 06:55 - 2023-04-17 20:41 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-07-17 06:55 - 2023-04-16 20:27 - 000000000 ____D C:\Users\rigoj
2023-07-16 23:39 - 2023-04-29 23:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2023-07-16 19:05 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\SystemApps
2023-07-16 17:12 - 2023-04-16 22:39 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-07-15 23:12 - 2023-04-16 21:21 - 000000000 ____D C:\Users\rigoj\AppData\Local\Packages
2023-07-15 23:12 - 2022-05-26 12:47 - 000000000 ____D C:\ProgramData\Packages
2023-07-15 06:19 - 2023-04-17 00:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-15 06:18 - 2023-04-17 00:26 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-14 16:36 - 2023-06-09 09:46 - 000000000 ____D C:\Program Files (x86)\IObit
2023-07-14 16:32 - 2023-04-16 22:58 - 000000000 ____D C:\ProgramData\IObit
2023-07-14 16:32 - 2023-04-16 22:57 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\IObit
2023-07-14 15:47 - 2022-07-10 00:38 - 000000000 ____D C:\Users\rigoj\AppData\LocalLow\IObit
2023-07-14 08:25 - 2023-05-24 19:27 - 000000000 ____D C:\Users\rigoj\OneDrive\Documents\StreamFab
2023-07-14 08:21 - 2023-05-24 19:31 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-07-14 08:20 - 2023-06-17 16:56 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Bitwarden
2023-07-14 07:51 - 2023-04-17 00:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-07-14 07:51 - 2023-04-17 00:54 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-07-13 23:41 - 2022-05-26 12:43 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-13 21:43 - 2023-04-16 23:49 - 000914872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-12 22:59 - 2023-06-07 16:41 - 000000000 ____D C:\ProgramData\Ashampoo
2023-07-11 16:42 - 2023-05-24 23:29 - 000002712 _____ C:\WINDOWS\system32\Tasks\CLToast
2023-07-11 16:42 - 2023-05-24 23:29 - 000002538 _____ C:\WINDOWS\system32\Tasks\CLToastRun
2023-07-11 16:42 - 2023-04-17 20:32 - 000001976 _____ C:\WINDOWS\system32\Tasks\FreeDownloadManagerHelperService
2023-07-11 16:40 - 2023-04-17 08:21 - 000002318 _____ C:\WINDOWS\system32\Tasks\SmartByte Telemetry
2023-07-11 16:39 - 2023-05-24 23:29 - 000002656 _____ C:\WINDOWS\system32\Tasks\PowerDirectorStyleAgent
2023-07-11 16:39 - 2023-04-16 22:02 - 000003122 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1626067706-482745893-4017202076-1001
2023-07-11 16:13 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\UUS
2023-07-11 16:13 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-11 16:13 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-11 16:13 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-07-11 16:13 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-11 16:13 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-11 16:13 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-07-11 16:13 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-11 16:01 - 2023-04-16 22:28 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-11 15:15 - 2022-05-26 12:50 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-11 15:14 - 2023-04-16 21:03 - 000000000 ____D C:\Program Files\dotnet
2023-07-11 06:42 - 2023-04-16 20:37 - 001801904 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-10 20:50 - 2023-04-21 15:11 - 000000000 ____D C:\Program Files\Epic Games
2023-07-10 14:09 - 2023-04-17 09:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\FxSound
2023-07-10 06:36 - 2023-04-16 23:33 - 000001026 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2023-07-10 06:33 - 2023-06-17 16:55 - 000000000 ____D C:\Program Files\Bitwarden
2023-07-10 06:32 - 2023-06-17 16:55 - 000000000 ____D C:\Users\rigoj\AppData\Local\bitwarden-updater
2023-07-09 14:45 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-07-08 23:19 - 2023-05-25 00:24 - 000000000 ____D C:\Users\rigoj\OneDrive\Documents\Promote Application Data
2023-07-08 22:37 - 2023-02-22 15:58 - 000000000 ____D C:\Users\rigoj\OneDrive\Documents\My Recording
2023-07-07 20:17 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2023-07-07 18:52 - 2023-04-16 20:37 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-07 18:52 - 2023-04-16 20:37 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-07 15:21 - 2023-06-08 19:35 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\ImageGlass
2023-07-07 10:28 - 2023-04-16 22:39 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-07 10:28 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-07 10:28 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-07-07 10:28 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-07-07 10:28 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-07-07 10:28 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-07-07 09:29 - 2023-04-16 20:05 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-03 20:52 - 2023-04-17 20:19 - 000000000 ____D C:\Users\rigoj\AppData\Local\Epic Games
2023-07-03 19:42 - 2023-06-07 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2023-07-03 18:43 - 2023-06-07 16:41 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2023-07-01 16:09 - 2023-05-27 00:27 - 000000000 ____D C:\Users\rigoj\AppData\Local\babl-0.1
2023-07-01 15:48 - 2023-04-08 20:10 - 000000000 ____D C:\Users\rigoj\OneDrive\Documents\My Games
2023-07-01 03:53 - 2023-04-16 23:41 - 000000000 ____D C:\Users\rigoj\OneDrive\Documents\ShareX
2023-06-30 17:15 - 2022-07-09 13:30 - 000000000 ___SD C:\Users\rigoj\AppData\Roaming\Microsoft\Credentials
2023-06-29 17:54 - 2023-05-08 16:04 - 000000595 _____ C:\Users\rigoj\Downloads\installer_prefs.json
2023-06-29 17:54 - 2022-10-06 18:16 - 000000000 ____D C:\Users\rigoj\Downloads\Assets
2023-06-29 11:39 - 2023-05-28 20:09 - 000000000 ____D C:\ProgramData\FxSound
2023-06-29 11:39 - 2023-04-17 09:14 - 000000000 ____D C:\Users\rigoj\AppData\Local\AdvinstAnalytics
2023-06-29 11:39 - 2022-08-29 07:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound
2023-06-28 21:40 - 2023-05-09 00:51 - 000000000 ____D C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser Apps
2023-06-28 14:37 - 2023-04-19 14:43 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2023-06-28 14:37 - 2023-04-19 14:43 - 000002469 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2023-06-28 14:01 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-06-28 08:56 - 2023-05-28 19:39 - 000000179 _____ C:\WINDOWS\tsdwshell.xml
2023-06-22 06:26 - 2023-04-16 21:35 - 000000000 ____D C:\Users\rigoj\AppData\Local\VirtualStore
2023-06-20 21:14 - 2023-05-16 10:40 - 000000595 _____ C:\Users\rigoj\Downloads\installer_prefs.json.backup
2023-06-19 18:38 - 2023-04-16 22:39 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-06-19 07:20 - 2023-05-11 01:02 - 000000000 ____D C:\ProgramData\Wondershare Filmora
==================== Files in the root of some directories ========
2023-05-24 19:30 - 2023-05-24 19:30 - 000000012 _____ () C:\Users\rigoj\AppData\Roaming\2457fe3357cbf1220231e8917326f70f
2023-06-11 20:02 - 2017-05-04 14:05 - 000000002 _____ () C:\Users\rigoj\AppData\Roaming\stlan.ini
2023-06-07 16:36 - 2023-06-11 20:01 - 000000028 _____ () C:\Users\rigoj\AppData\Roaming\stsetting.ini
2023-06-11 20:02 - 2023-06-06 11:30 - 000000008 _____ () C:\Users\rigoj\AppData\Roaming\stsound.dll
2023-07-01 16:02 - 2023-07-01 16:02 - 000000889 _____ () C:\Users\rigoj\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2023
Ran by rigoj (18-07-2023 09:55:05)
Running from C:\Users\rigoj\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.1992 (X64) (2023-04-17 02:12:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1626067706-482745893-4017202076-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1626067706-482745893-4017202076-503 - Limited - Disabled)
Guest (S-1-5-21-1626067706-482745893-4017202076-501 - Limited - Disabled)
rigoj (S-1-5-21-1626067706-482745893-4017202076-1001 - Administrator - Enabled) => C:\Users\rigoj
WDAGUtilityAccount (S-1-5-21-1626067706-482745893-4017202076-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7 Sticky Notes (HKLM-x32\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version: - Fabio Martin)
Amazon Games (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.3.8425.2 - Amazon.com Services, Inc.)
AnyMusic (HKLM-x32\...\AnyMusic) (Version: 10.2.0 - AmoyShare)
Ashampoo Burning Studio 2023 (HKLM-x32\...\{91B33C97-BE65-DDE3-D255-3F72499A8B67}_is1) (Version: 1.24.13 - Ashampoo GmbH & Co. KG)
Audials One 2023 SE (HKLM\...\{41A258D1-239E-4D82-9573-51EBA5731A4B}) (Version: 23.0.229.0 - Audials AG)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 114.0.21608.199 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Bandizip (HKLM\...\Bandizip) (Version: 7.30 - Bandisoft.com)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2023.5.1 - Bitwarden Inc.)
Burnova 1.3.98 (HKLM-x32\...\{1545EC4A-2820-4F0E-8F6E-07D16F34F477}_is1) (Version: 1.3.98 - Aiseesoft Studio)
Capture One 23 (HKLM\...\Capture One 23_is1) (Version: 16.2.0.1367 - Capture One A/S)
Cirrus High Definition Audio Driver (HKLM-x32\...\{433094b4-6c6b-49a6-abd0-b752daff061c}) (Version: 1.2.13 - Cirrus Logic Inc.)
Cirrus High Definition Audio Driver Setup (HKLM\...\{F4B02992-36FA-4AC3-85B4-3C50D6EB76C2}) (Version: 1.2.13 - Cirrus Logic Inc.) Hidden
CyberLink PowerDirector 365 (HKLM-x32\...\{1C2ACE6C-5C3C-45d7-8CF0-149DD8514825}) (Version: 21.0.2123.0 - CyberLink Corp.)
Dell Digital Delivery Services (HKLM-x32\...\{A21A0E9A-A083-47C6-AEAA-695348A25779}) (Version: 5.0.71.0 - Dell Inc.)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: 1.56.2110 - EnTech Taiwan)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{E2DCC087-13A9-4BF3-AA0E-B42645D87C8E}) (Version: 5.5.7.18773 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3671ea45-970e-4390-8c93-a3c5ba77107b}) (Version: 5.5.7.18773 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.)
Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.5.0 - IObit)
Epic Games Launcher (HKLM-x32\...\{FAC47927-1A6A-4C6E-AD7D-E9756794A4BC}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.2.15332 - Foxit Software Inc.)
Free Download Manager (HKLM\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.19.1.5263 - Softdeluxe)
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.2.14.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{6e578348-d226-4341-a69f-26274feac293}) (Version: 2.2.14.0 - Dell.Inc)
FxSound (HKLM\...\{63517CFE-21F5-478B-AFA0-119C899EBF59}) (Version: 1.1.18.0 - FxSound LLC) Hidden
FxSound (HKLM\...\FxSound 1.1.18.0) (Version: 1.1.18.0 - FxSound LLC)
GIMP 2.10.34 (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team)
Home - Peacock (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\d62f571786e868d109454e3359b435bf) (Version: 1.0 - AVAST Software\Browser)
Hulu (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\75d9b0bbee863d1bd34efa0571965e8f) (Version: 1.0 - AVAST Software\Browser)
ImageGlass (HKLM\...\{B58AC56C-EFD1-4690-91F8-AFD7D5D0D6EC}) (Version: 8.9.6.9 - Duong Dieu Phap)
Intel® Software Installer (HKLM-x32\...\{bddd55ff-828e-4d3d-90dd-cdcc8076d5ba}) (Version: 22.200.2.1 - Intel Corporation) Hidden
Java 8 Update 371 (64-bit) (HKLM\...\{71124AE4-039E-4CA4-87B4-2F64180371F0}) (Version: 8.0.3710.11 - Oracle Corporation)
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 5.17.8.540 - KC Softwares)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 7.5.4.2 (HKLM\...\{B8BF99B6-750E-45C5-A07D-AF394E5B6139}) (Version: 7.5.4.2 - The Document Foundation)
Malwarebytes version 4.5.33.272 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.33.272 - Malwarebytes)
Max (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\89a34994f3b5fe8b7e3e5553eae89e79) (Version: 1.0 - AVAST Software\Browser)
Microsoft .NET Host - 6.0.20 (x64) (HKLM\...\{217B2755-3BAD-486B-9606-CCD0E6CF3BE8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.9 (x64) (HKLM\...\{8F119CBB-1BAC-40CC-BA74-4B65814CBBA8}) (Version: 56.39.63170 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x64) (HKLM\...\{76FA02FF-603F-48BB-9E3F-17ED5DB861E8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.9 (x64) (HKLM\...\{E0C694BD-B643-43FA-840F-DECA17E60895}) (Version: 56.39.63170 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM\...\{6CE8AD8C-E6D5-4BF7-91C3-7F8106A5CD93}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM-x32\...\{403b0cfe-5969-462d-8eb2-aafde344360e}) (Version: 6.0.20.32620 - Microsoft Corporation)
Microsoft .NET Runtime - 7.0.9 (x64) (HKLM\...\{23782E82-6E71-4613-9631-E8F8DD27D052}) (Version: 56.39.63170 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.82 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.82 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\OneDriveSetup.exe) (Version: 23.127.0618.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.9 (x64) (HKLM\...\{2EC74499-9D3D-4613-8A01-A90AC9A8F4DF}) (Version: 56.39.63195 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.9 (x64) (HKLM-x32\...\{e50a4615-886b-485a-9754-48b9520ef275}) (Version: 7.0.9.32621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.0 (x64 en-US)) (Version: 115.0 - Mozilla)
Nilesoft Shell (HKLM\...\{A5E0BCAC-2748-424B-81E8-4481FF33F479}_is1) (Version: 1.8.1 - Nilesoft)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Open-Shell (HKLM\...\{F07C0CF2-6021-403A-99CA-1164340B09FB}) (Version: 4.4.170 - The Open-Shell Team)
OpenShot Video Editor 3.1.1 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 3.1.1 - OpenShot Studios, LLC)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 230707 - Kakao Corp.)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.76.0 - Goversoft LLC)
proDAD Vitascene 2.0 (64bit) (HKLM\...\proDAD-Vitascene-2.0) (Version: 2.0.252 - proDAD GmbH)
ScanTransfer 1.4.5 (HKLM-x32\...\ScanTransfer_is1) (Version: - hxxps://ScanTransfer.net)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 15.0.0 - ShareX Team)
SmartByte Drivers and Services (HKLM\...\{19A754FE-0343-4311-835F-33EAB7ADEA7B}) (Version: 3.1122.728.7 - Rivet Networks)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamFab (x64) (13/07/2023) (HKLM-x32\...\StreamFab (x64)) (Version: 6.1.3.1 - Streamfab Technology)
The Jigsaw Puzzles (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\59b606398af22740fca163a05a00960e) (Version: 1.0 - AVAST Software\Browser)
VTubeGo 2.0.6 (HKLM-x32\...\VTubeGo) (Version: 2.0.6 - VTubeGo)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 17.57 - NCH Software)
Winamp (HKLM-x32\...\Winamp) (Version: 5.92.0 - Winamp SA)
WonderFox DVD Ripper Pro 22.0 (HKLM-x32\...\WonderFox DVD Ripper Pro) (Version: 22.0 - WonderFox Soft, Inc.)
WonderFox DVD Video Converter 29.0 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 29.0 - WonderFox Soft, Inc.)
Wondershare Filmora 12(Build 12.0.21.1726) (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\Wondershare Filmora 12_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare NativePush(Build 1.0.0.7) (HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\Wondershare NativePush_is1) (Version: - )
Packages:
=========
Angry Birds 2 -> C:\Program Files\WindowsApps\1ED5AEA5.4160926B82DB_2.63.3.0_x64__p2gbknwb5d8r2 [2023-06-12] (Rovio Entertainment Oyj)
Bigo Live–Live Stream, Go Live -> C:\Program Files\WindowsApps\BIGOTECHNOLOGYPTE.LTD.BigoLiveLiveStreamGoLive_1.0.1.0_neutral__z08yczf8ycqj8 [2023-07-15] (BIGO TECHNOLOGY PTE. LTD.)
BlueMail Email -> C:\Program Files\WindowsApps\BlueMail.BlueMailEmail_1.137.2.0_x64__t08282y3j4hc4 [2023-07-10] (Blix Inc)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.4.9.0_x64__htrsf667h5kn2 [2023-04-21] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.71.0_x64__htrsf667h5kn2 [2023-07-06] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2023-07-15] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86__htrsf667h5kn2 [2023-05-15] (Dell Inc)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.57.2.0_x64__6rarf9sa4v8jt [2023-07-17] (Disney)
DuckDuckGo -> C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.42.7.0_x64__ya2fgkz3nks94 [2023-06-26] (DuckDuckGo)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.2.2.0_x86__1sdd7yawvg6ne [2023-06-08] (File-New-Project) [Startup Task]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-14] (HP Inc.)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_7.3.7.0_x64__a76a11dkgb644 [2023-04-26] (iHeartMedia.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_19.0.1042.0_x64__8j3eq9eme6ctt [2023-06-30] (INTEL CORP)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1900.9.106.0_x64__8xx8rvfyw5nnt [2023-07-08] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-05-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-05-06] (Microsoft Corporation) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.8.904.0_x64__8wekyb3d8bbwe [2023-06-26] (Microsoft Studios) [MS Ad]
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\microsoft.mpeg2videoextension_1.0.50901.0_x64__8wekyb3d8bbwe [2023-04-16] (Microsoft Corporation)
ms-resource:ClassicAppStoreName -> C:\Program Files\WindowsApps\Microsoft.PhotosLegacy_2023.11030.27002.0_x64__8wekyb3d8bbwe [2023-05-01] (Microsoft Corporation)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-03] (INTEL CORP) [Startup Task]
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.4.0_x64__htrsf667h5kn2 [2023-04-21] (Dell Inc)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2023-04-17] (Pandora Media Inc) [Startup Task]
PDF Reader - View, Edit, Annotate -> C:\Program Files\WindowsApps\5E8FC25E.XODODOCS_6.3.0.0_x64__3v3sf0k6w2rec [2023-06-27] (Apryse Software Inc.)
PhotoScape X -> C:\Program Files\WindowsApps\MooiiTech.PhotoScapeX_4.2.1.0_x64__f5eddttrpssna [2023-05-24] (Mooii Tech)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.145.0_x64__pwbj9vvecjh7j [2023-07-12] (Amazon Development Centre (London) Ltd)
PrivaZer -> C:\\Program Files (x86)\\PrivaZer [] (Goversoft LLC)
ShellBandizip -> C:\Program Files\Bandizip\data [2023-04-26] (Bandisoft)
Shrestha Files - A Modern Dual Panel File Manager -> C:\Program Files\WindowsApps\43158JPTGamesandApps.ShresthaFiles-AModernDualPane_3.9.468.0_x64__pnxmbr0ydfejr [2023-07-12] (JPT Games and Apps)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.1002.0_x64__rh07ty8m5nkag [2023-06-05] (Rivet Networks LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-04-17] (Microsoft Studios) [MS Ad]
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.16.0_x64__cw5n1h2txyewy [2023-05-26] (Microsoft Windows)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.16.165.0_x64__43tkc6nmykmb6 [2023-04-17] (Ookla)
Tubi - Free Movies and TV -> C:\Program Files\WindowsApps\TubiInc.Tubi-FreeMoviesandTV_2.0.1.0_neutral__6e499re8j0dp2 [2023-07-15] (Tubi, Inc.)
Waves MaxxAudio Pro for Dell 2021 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2021_4.0.53.0_x64__fh4rh281wavaa [2023-04-24] (Waves Audio)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2327.6.0_x64__cv1g1gvanyjgm [2023-07-12] (WhatsApp Inc.) [Startup Task]
Widget Launcher -> C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_4.0.5.0_x64__agy8jafheqhng [2023-07-15] (Chan Software Solutions) [Startup Task]
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2023-05-11] (Matt Hafner)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1626067706-482745893-4017202076-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-1626067706-482745893-4017202076-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\rigoj\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
CustomCLSID: HKU\S-1-5-21-1626067706-482745893-4017202076-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl.x64.dll (Bandisoft -> Bandisoft International Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-05-12] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-05-12] (Open-Shell) [File not signed]
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2023-01-19] (Bandisoft -> Bandisoft International Inc.)
ContextMenuHandlers1: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => -> No File
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-07-02] (Goversoft LLC -> )
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2023-01-19] (Bandisoft -> Bandisoft International Inc.)
ContextMenuHandlers2: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => -> No File
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-07-02] (Goversoft LLC -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-16] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-07-02] (Goversoft LLC -> )
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2023-01-19] (Bandisoft -> Bandisoft International Inc.)
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-07-02] (Goversoft LLC -> )
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2023-01-19] (Bandisoft -> Bandisoft International Inc.)
ContextMenuHandlers6: [BCShellMenu] -> {7850a720-705f-11d0-a9eb-0080488625e5} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-16] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2023-07-02] (Goversoft LLC -> )
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2022-05-12] (Open-Shell) [File not signed]
ContextMenuHandlers1_S-1-5-21-1626067706-482745893-4017202076-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2023-01-19] (Bandisoft -> Bandisoft International Inc.)
ContextMenuHandlers2_S-1-5-21-1626067706-482745893-4017202076-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2023-01-19] (Bandisoft -> Bandisoft International Inc.)
ContextMenuHandlers4_S-1-5-21-1626067706-482745893-4017202076-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2023-01-19] (Bandisoft -> Bandisoft International Inc.)
ContextMenuHandlers5_S-1-5-21-1626067706-482745893-4017202076-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2023-01-19] (Bandisoft -> Bandisoft International Inc.)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.pDAD] => C:\WINDOWS\system32\prodad-codec.dll [607256 2013-08-17] (proDAD GmbH -> proDAD GmbH)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\rigoj\OneDrive\Desktop\Home - Peacock.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=lpjgdhmgbaanblpbjnodflnpgkggbhmk
ShortcutWithArgument: C:\Users\rigoj\OneDrive\Desktop\Hulu (1).lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=nmmiboolbhbgjakphejfnpecjdccmahl
ShortcutWithArgument: C:\Users\rigoj\OneDrive\Desktop\Max.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=eojnlinjoecmlgjhoabffiecchjeebpp
ShortcutWithArgument: C:\Users\rigoj\OneDrive\Desktop\The Jigsaw Puzzles.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=nnoaodgedipcalgfeipbidpadneegnce
ShortcutWithArgument: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser Apps\Home - Peacock (1).lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=lpjgdhmgbaanblpbjnodflnpgkggbhmk
ShortcutWithArgument: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser Apps\Home - Peacock.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=lpjgdhmgbaanblpbjnodflnpgkggbhmk
ShortcutWithArgument: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser Apps\Hulu (1).lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=nmmiboolbhbgjakphejfnpecjdccmahl
ShortcutWithArgument: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser Apps\Hulu.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=nmmiboolbhbgjakphejfnpecjdccmahl
ShortcutWithArgument: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser Apps\Max.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=eojnlinjoecmlgjhoabffiecchjeebpp
ShortcutWithArgument: C:\Users\rigoj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser Apps\The Jigsaw Puzzles.lnk -> C:\Program Files (x86)\AVAST Software\Browser\Application\browser_proxy.exe (AVAST Software) -> --profile-directory=Default --app-id=nnoaodgedipcalgfeipbidpadneegnce
==================== Loaded Modules (Whitelisted) =============
2023-05-19 20:25 - 2016-06-14 15:00 - 020923392 _____ () [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\opengl32sw.dll
2022-05-12 18:55 - 2022-05-12 18:55 - 000996864 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\ClassicExplorer64.dll
2022-05-12 18:57 - 2022-05-12 18:57 - 002682880 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2022-05-12 18:56 - 2022-05-12 18:56 - 000407552 _____ (Open-Shell) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2023-05-19 20:25 - 2023-05-19 15:22 - 000075776 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsbatch.dll
2023-05-19 20:25 - 2023-05-19 15:23 - 002964992 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsbt.dll
2023-05-19 20:25 - 2023-05-19 15:23 - 000089600 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsjsp.dll
2023-05-19 20:25 - 2023-05-19 15:22 - 000186880 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsm3u.dll
2023-05-19 20:25 - 2023-05-19 15:22 - 000512512 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadsms.dll
2023-05-19 20:25 - 2023-05-19 15:22 - 000268800 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\downloadswww.dll
2023-05-19 20:25 - 2023-05-19 15:19 - 000037376 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\logger.dll
2023-05-19 20:25 - 2023-05-19 15:19 - 000208384 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\quazip.dll
2023-05-19 20:25 - 2023-05-19 15:21 - 000508928 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\vmsclshared.dll
2023-05-19 20:25 - 2023-05-19 15:19 - 000043520 _____ (Softdeluxe) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\winunivappfeatures.dll
2023-05-19 20:25 - 2023-04-27 19:27 - 002876928 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\libcrypto-1_1-x64.dll
2023-05-19 20:25 - 2023-04-27 19:27 - 000688640 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\libssl-1_1-x64.dll
2023-05-19 20:25 - 2023-05-19 15:25 - 005979824 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Program Files\Softdeluxe\Free Download Manager\Qt5Core.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-05-12] (Open-Shell) [File not signed]
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2022-05-12] (Open-Shell) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-05-12] (Open-Shell) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2022-05-12] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2022-05-12] (Open-Shell) [File not signed]
Toolbar: HKLM - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2022-05-12] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-06-05 07:08 - 2021-06-05 07:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2023-04-17 20:47 - 2023-04-26 19:07 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.25.80.1 DESKTOP-2EMPE5I.mshome.net # 2028 4 2 25 0 7 4 612
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Bandizip\
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rigoj\Downloads\my_daily_wallpaper (2)\MDWallpaper_7269676F6A.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Dell Display Manager.lnk"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\StartupApproved\Run: => "BlueMail"
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\StartupApproved\Run: => "247b6221a26d5c5da9074c127870d49f"
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\StartupApproved\Run: => "ChrisPC VPN Connection"
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\StartupApproved\Run: => "Ashampoo Soundstage"
HKU\S-1-5-21-1626067706-482745893-4017202076-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4869B9ED-E81D-44C0-9392-05EA83D79933}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [TCP Query User{F124CA84-5021-494B-A663-3B42C6814EA9}C:\program files\windowsapps\bluemail.bluemailemail_1.136.21.0_x64__t08282y3j4hc4\app\bluemail.exe] => (Allow) C:\program files\windowsapps\bluemail.bluemailemail_1.136.21.0_x64__t08282y3j4hc4\app\bluemail.exe => No File
FirewallRules: [UDP Query User{61A47BD2-B3E7-4883-99CB-865C6D4E5689}C:\program files\windowsapps\bluemail.bluemailemail_1.136.21.0_x64__t08282y3j4hc4\app\bluemail.exe] => (Allow) C:\program files\windowsapps\bluemail.bluemailemail_1.136.21.0_x64__t08282y3j4hc4\app\bluemail.exe => No File
FirewallRules: [TCP Query User{55FF0FBD-55B1-4899-91A0-68940B836A8B}C:\users\rigoj\downloads\opera.exe] => (Allow) C:\users\rigoj\downloads\opera.exe => No File
FirewallRules: [UDP Query User{2DDB4DDC-D313-409A-BDDC-51A7AEAE4583}C:\users\rigoj\downloads\opera.exe] => (Allow) C:\users\rigoj\downloads\opera.exe => No File
FirewallRules: [{98AEF5AC-6E7F-4CB8-BD42-3A88F012233B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{C003AE7B-0308-4775-8313-5EF50817BF4E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [TCP Query User{66D882BF-E39E-45D6-BA13-13B869F18033}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{E0D12A1B-C141-47B3-B5E8-5566958A37BC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{DF3CDAA0-239C-42CF-A857-7CED5A2EE524}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [{A9B9E197-581C-46D5-89C5-228DFA1CF1AA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{AD6784BE-9143-4CCE-A440-48C2AB566538}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23091.406.2009.3890_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A11624A-28FE-4135-8019-26F46E8F1F1E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23091.406.2009.3890_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{026E983E-D643-49AF-A615-B68B2E552B52}] => (Allow) C:\Users\rigoj\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [{1012732A-4A73-470A-9399-8F723F0890C2}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{315CA977-5CDC-4343-8E46-52C5504EEE49}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{4FDF30D1-65C6-4A9F-8466-28FF91EE6466}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{1724D277-2045-47D8-8A95-61B9618435D7}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{5B1E1E6B-EF8A-4F3D-9C1D-26126F17887B}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [{FA53F226-24ED-43E8-8BE2-8800FBCF7ECC}] => (Allow) C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe) [File not signed]
FirewallRules: [TCP Query User{EA40440D-DD87-4375-9B92-BEEA6525FAAA}C:\program files\streamfab\streamfab\youtubedl\youtubetomp3service.exe] => (Allow) C:\program files\streamfab\streamfab\youtubedl\youtubetomp3service.exe (StreamFab Technology -> )
FirewallRules: [UDP Query User{43DFCDAF-CC93-42A4-8CA2-7AC31240468B}C:\program files\streamfab\streamfab\youtubedl\youtubetomp3service.exe] => (Allow) C:\program files\streamfab\streamfab\youtubedl\youtubetomp3service.exe (StreamFab Technology -> )
FirewallRules: [{0B6AF77A-BFE9-49F5-B56A-C09B55E0B754}] => (Allow) LPort=12972
FirewallRules: [{C994596B-CC0F-4A3E-B1C4-F5B001E6B9BE}] => (Allow) LPort=14714
FirewallRules: [{607869F1-877E-4D67-96DF-DDAFF77D3266}] => (Allow) LPort=31931
FirewallRules: [{FB43755C-591C-42A8-8D16-FAE0307C1491}] => (Allow) C:\Program Files\Capture One\Capture One 23\CaptureOne.exe (Capture One A/S -> Capture One)
FirewallRules: [{F479E80F-8ABD-4332-84CB-878D40F555C9}] => (Allow) C:\Program Files\Capture One\Capture One 23\CaptureOne.exe (Capture One A/S -> Capture One)
FirewallRules: [TCP Query User{25A4B3D9-A4BA-489E-9E56-F483DEE7D0E4}C:\users\rigoj\downloads\operagxportable\app\operagx\opera.exe] => (Allow) C:\users\rigoj\downloads\operagxportable\app\operagx\opera.exe => No File
FirewallRules: [UDP Query User{D6357AB1-A75E-4C5D-8541-822844F53401}C:\users\rigoj\downloads\operagxportable\app\operagx\opera.exe] => (Allow) C:\users\rigoj\downloads\operagxportable\app\operagx\opera.exe => No File
FirewallRules: [{C0173528-6EF1-440F-A467-A942BA47D508}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{D5808789-9EBB-4E08-AEB9-62294EEA0A48}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{260EC50E-6936-42F4-B738-C6CB1BFD828C}] => (Allow) C:\ScanTransferHost\core\apache2\bin\httpd_z.exe (Xi'an Pantuowangluokeji co, ltd. -> Apache Software Foundation)
FirewallRules: [{0F36B44B-1428-4C29-86D3-858F6AD2029D}] => (Allow) C:\ScanTransferHost\core\apache2\bin\httpd_z.exe (Xi'an Pantuowangluokeji co, ltd. -> Apache Software Foundation)
FirewallRules: [{F789C309-2BC3-41BE-AE9E-8A945DACE1C8}] => (Allow) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.42.7.0_x64__ya2fgkz3nks94\WindowsBrowser\WebView2\msedgewebview2.exe (Duck Duck Go, Inc. -> Microsoft Corporation)
FirewallRules: [{18940431-1BBA-4465-B9E4-7370EAA2C9AD}] => (Allow) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.42.7.0_x64__ya2fgkz3nks94\WindowsBrowser\WebView2\msedgewebview2.exe (Duck Duck Go, Inc. -> Microsoft Corporation)
FirewallRules: [{D0CB468C-C9C7-43F2-8D75-25641AF7BE61}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7C645D86-C8D3-4CB2-86DC-4BEFAD6E62CB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{178244AC-F0B0-4841-8B0F-471C41F9957E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{87D5D76E-6186-4761-8BEC-7E30D764ED08}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FCB2A9B3-8DA9-4A03-B806-114CA9345045}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DEDA840F-9564-46B9-89ED-BD45F576BF1D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9512A5B-C922-497A-BEFA-33064327BAD8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5115C223-1FCE-460B-AAAA-6D78AF3BB14C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Capcom Arcade 2nd Stadium\CapcomArcade2ndStadium.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{64E73CD2-1152-4A4A-B502-9E4CA8446E7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Capcom Arcade 2nd Stadium\CapcomArcade2ndStadium.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{87D312BB-9E34-47BB-80E3-3936A97BACF3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{32663272-CF0A-44F9-B36E-AA7054844000}] => (Allow) C:\Program Files\Audials\AudialsOneEdition 2023\Audials.exe (Audials AG -> Audials AG)
==================== Restore Points =========================
15-07-2023 21:59:01 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt68cx21
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (07/18/2023 09:42:33 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (07/18/2023 09:41:02 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (07/18/2023 09:12:56 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-2EMPE5I)
Description: Faulting application name: Aerial.scr, version: 1.0.0.0, time stamp: 0x58968453
Faulting module name: KERNELBASE.dll, version: 10.0.22621.1928, time stamp: 0xe9af6ed4
Exception code: 0xe0434352
Fault offset: 0x0000000000064b2c
Faulting process id: 0x0x3f54
Faulting application start time: 0x0x1d9b981efd9e0ec
Faulting application path: C:\Users\rigoj\DOWNLO~1\AERIAL~1\Aerial.scr
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 314a04ec-57a8-4e82-9c5c-54b7e4d43a2c
Faulting package full name:
Faulting package-relative application ID:
Error: (07/18/2023 09:12:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Aerial.scr
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
at System.Net.WebClient.DownloadDataInternal(System.Uri, System.Net.WebRequest ByRef)
at System.Net.WebClient.DownloadString(System.Uri)
at ScreenSaver.AerialContext.GetMovies()
at ScreenSaver.ScreenSaverForm.ScreenSaverForm_Load(System.Object, System.EventArgs)
at System.Windows.Forms.Form.OnLoad(System.EventArgs)
at System.Windows.Forms.Form.SetVisibleCore(Boolean)
at System.Windows.Forms.Control.Show()
at ScreenSaver.Program.ShowScreenSaver()
at ScreenSaver.Program.Main(System.String[])
Error: (07/18/2023 06:34:48 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SecurityHealthService.exe, version: 10.0.22621.1635, time stamp: 0xc9cb2878
Faulting module name: ntdll.dll, version: 10.0.22621.1928, time stamp: 0x7dd9e350
Exception code: 0xc0000374
Fault offset: 0x000000000010c1f9
Faulting process id: 0x0x654
Faulting application start time: 0x0x1d9b96b7dd36908
Faulting application path: C:\WINDOWS\system32\SecurityHealthService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 794fdf8c-4acb-429b-a6e5-56c009a45641
Faulting package full name:
Faulting package-relative application ID:
Error: (07/18/2023 06:12:01 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SecurityHealthService.exe, version: 10.0.22621.1635, time stamp: 0xc9cb2878
Faulting module name: ntdll.dll, version: 10.0.22621.1928, time stamp: 0x7dd9e350
Exception code: 0xc0000374
Fault offset: 0x000000000010c1f9
Faulting process id: 0x0x1824
Faulting application start time: 0x0x1d9b9685641eb85
Faulting application path: C:\WINDOWS\system32\SecurityHealthService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: bf0970f7-6ad0-406e-a629-140910c326cf
Faulting package full name:
Faulting package-relative application ID:
Error: (07/18/2023 06:04:31 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-2EMPE5I)
Description: Faulting application name: thunderbird.exe, version: 115.0.0.0, time stamp: 0x64ad57e4
Faulting module name: xul.dll, version: 115.0.2.8592, time stamp: 0x64ad5abb
Exception code: 0xc0000005
Fault offset: 0x00000000001a9332
Faulting process id: 0x0x56a4
Faulting application start time: 0x0x1d9b936936ebdc8
Faulting application path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
Faulting module path: C:\Program Files\Mozilla Thunderbird\xul.dll
Report Id: d348c44d-12fb-45be-bf4a-7dd7950c7ef6
Faulting package full name:
Faulting package-relative application ID:
Error: (07/17/2023 07:02:16 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: MBAMService.exe, version: 3.2.0.1230, time stamp: 0x649b1276
Faulting module name: ntdll.dll, version: 10.0.22621.1928, time stamp: 0x7dd9e350
Exception code: 0xc0000005
Fault offset: 0x0000000000033aba
Faulting process id: 0x0x11e0
Faulting application start time: 0x0x1d9b8a5ae957633
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1310efdf-f021-486d-9c65-cbee73172094
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (07/18/2023 09:40:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PaladinVPN Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/18/2023 06:56:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee WebAdvisor service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/18/2023 06:35:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (07/18/2023 06:35:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (07/18/2023 06:35:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (07/18/2023 06:35:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (07/18/2023 06:35:42 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2EMPE5I)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.
Error: (07/18/2023 06:35:42 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2EMPE5I)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2023-07-16 02:06:58
Description:
Controlled Folder Access blocked C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe from making changes to memory.
Detection time: 2023-07-16T07:06:58.077Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
Security intelligence Version: 1.393.473.0
Engine Version: 1.1.23060.1005
Product Version: 4.18.23050.5
Date: 2023-07-15 23:39:30
Description:
C:\Users\rigoj\AppData\Local\Temp\n1s\nchsetup.exe has been blocked from modifying %favorites%\ by Controlled Folder Access.
Detection time: 2023-07-16T04:39:30.549Z
Path: %favorites%\
Process Name: C:\Users\rigoj\AppData\Local\Temp\n1s\nchsetup.exe
Security intelligence Version: 1.393.473.0
Engine Version: 1.1.23060.1005
Product Version: 4.18.23050.5
Date: 2023-07-15 23:05:20
Description:
C:\Program Files (x86)\Rene.E Laboratory\Audio Tools\Audio Converter Ripper\AudioConverterRipper.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access.
Detection time: 2023-07-16T04:05:20.850Z
Path: %userprofile%\Videos
Process Name: C:\Program Files (x86)\Rene.E Laboratory\Audio Tools\Audio Converter Ripper\AudioConverterRipper.exe
Security intelligence Version: 1.393.448.0
Engine Version: 1.1.23060.1005
Product Version: 4.18.23050.5
Date: 2023-07-15 23:02:54
Description:
C:\Program Files (x86)\Rene.E Laboratory\Audio Tools\Audio Converter Ripper\AudioConverterRipper.exe has been blocked from modifying %userprofile%\Videos by Controlled Folder Access.
Detection time: 2023-07-16T04:02:54.671Z
Path: %userprofile%\Videos
Process Name: C:\Program Files (x86)\Rene.E Laboratory\Audio Tools\Audio Converter Ripper\AudioConverterRipper.exe
Security intelligence Version: 1.393.448.0
Engine Version: 1.1.23060.1005
Product Version: 4.18.23050.5
Date: 2023-07-15 21:46:44
Description:
C:\Program Files (x86)\Rene.E Laboratory\Audio Tools\Audio Recorder\AudioRecorder.exe has been blocked from modifying %userprofile%\Music by Controlled Folder Access.
Detection time: 2023-07-16T02:46:44.118Z
Path: %userprofile%\Music
Process Name: C:\Program Files (x86)\Rene.E Laboratory\Audio Tools\Audio Recorder\AudioRecorder.exe
Security intelligence Version: 1.393.448.0
Engine Version: 1.1.23060.1005
Product Version: 4.18.23050.5
Event[0]
Date: 2023-07-17 19:02:15
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2023-07-16 06:18:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.393.473.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070643
Error description: Fatal error during installation.
Date: 2023-07-15 00:47:34
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.393.374.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070643
Error description: Fatal error during installation.
Date: 2023-07-11 06:38:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.4170.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2023-07-11 06:38:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.4170.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23060.1005
Error code: 0x80070102
Error description: The wait operation timed out.
CodeIntegrity:
===============
Date: 2023-07-18 06:54:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\ControlLib.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-07-18 06:53:25
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2023-07-17 19:08:24
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Dell Inc. 1.13.0 05/16/2023
Motherboard: Dell Inc. 0YJHYD
Processor: 12th Gen Intel® Core™ i3-12100
Percentage of memory in use: 87%
Total physical RAM: 7880.73 MB
Available physical RAM: 1016.88 MB
Total Virtual: 12232.73 MB
Available Virtual: 3783.19 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:913.48 GB) (Free:736.67 GB) (Model: TOSHIBA DT01ACA100) NTFS
\\?\Volume{ba55aa63-d0b9-4b89-9e0c-1e0a793d37a3}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.33 GB) NTFS
\\?\Volume{0de806c5-0bd1-45e1-ac91-77d9e8c0c007}\ (Image) (Fixed) (Total:15.35 GB) (Free:0.11 GB) NTFS
\\?\Volume{d9d48d0a-4e7a-40b5-b5c0-34f224e25bbb}\ (DELLSUPPORT) (Fixed) (Total:1.39 GB) (Free:0.44 GB) NTFS
\\?\Volume{54e88ace-2cf9-486b-bccc-4ff77ae4d60f}\ (ESP) (Fixed) (Total:0.19 GB) (Free:0.11 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A3905AC8)
Partition: GPT.
==================== End of Addition.txt =======================
Sign In
Create Account
