Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:BAT/Malgent!MSR [Solved]

Started by scewter , Mar 09 2025 12:18 PM

  • This topic is locked This topic is locked

#1
scewter
Posted 09 March 2025 - 12:18 PM

scewter

    Member

  • Member
  • PipPipPip
  • 153 posts

Hi folks. 

 

Doing some pc cleanup actions a few days ago and ran across this issue.

 

Details:

 

After getting all win11 updates completed started the various scans;

 

SuperAntiSpyware

Malwarebytes

Windows Security

 

Seemed to be pretty routine until Windows Security Full Scan revealed Trojan:BAT/Malgent!MSR. Went through the process of removing it with Windows Security, but I'm not completely sure it's gone now. Ran another Windows Security scan today and it hung up part way through. Canceled the Windows Security scan, restarted the computer and scanned again with Windows Security - Full Scan. Came back clean this time.

 

Tried to insert a screenshot in this message which was taken after the malware was removed by Windows Security a few days ago but the site apparently doesn't allow that. I'll try attaching it as file instead. Hopefully that will work.

 

That's all I can think of right now. The pc may be clean, but my limited experience with trojans is giving me doubts that it's completely removed. I'd really appreciate someone taking a close look to see.

 

Thnx in advance for your time in this.

 

Here're the two FRST logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-03-2025
Ran by scodo (administrator) on SCOTTSOFFICEDES (Dell Inc. XPS 8930) (09-03-2025 13:46:23)
Running from C:\Users\scodo\OneDrive\Desktop\FRST64.exe
Loaded Profiles: scodo
Platform: Microsoft Windows 11 Home Version 23H2 22631.4974 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.18526.20144\OfficeClickToRun.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25012.107.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25012.107.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.51\msedgewebview2.exe <6>
(CANON INC. -> CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxEM.exe
(EB742617-4934-4951-8B93-E211D04E5A38 -> Intel) C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1423.712.0_x64__rh07ty8m5nkag\KillerControlCenter_v2\KillerIntelligenceCenter.exe
(explorer.exe ->) () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PowerPanel Personal.exe
(explorer.exe ->) (Cyber Power Systems, Inc.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppuser.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2501.7.0_x64__8wekyb3d8bbwe\SnippingTool\SnippingTool.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (RealDefense LLC -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ppped.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\pppServiceMonitor.exe
(services.exe ->) (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(services.exe ->) (Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_d6e4236a0f82e7b4\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_ece153ca769ec179\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\SocketHeciServer.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\IntelCpHeciSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (RealDefense LLC -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(sihost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25012.50.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\scodo\AppData\Local\Microsoft\OneDrive\25.031.0217.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-08-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617848 2021-08-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC. -> CANON INC.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis International GmbH -> Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-01-14] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC. -> CANON INC.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2756368 2023-10-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [12022808 2025-02-04] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\Run: [MicrosoftEdgeAutoLaunch_BB62A735E233B14196F44785A12A8A74] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4291112 2025-03-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\MountPoints2: {61fccc5d-8a59-11eb-b98b-004e01b3ca92} - "D:\LaunchU3.exe" -a
HKLM\...\Print\Monitors\Canon MFNP Port: C:\WINDOWS\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon WSD Language Monitor: C:\WINDOWS\system32\cnnx0_flm.dll [1498112 2014-04-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\WINDOWS\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\133.0.6943.142\Installer\chrmstp.exe [2025-02-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PowerPanel Personal.exe.lnk [2021-11-04]
ShortcutTarget: PowerPanel Personal.exe.lnk -> C:\Program Files (x86)\CyberPower PowerPanel Personal\PowerPanel Personal.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ppuser.exe.lnk [2021-11-04]
ShortcutTarget: ppuser.exe.lnk -> C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppuser.exe (Cyber Power Systems, Inc.) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {80C50332-5EAA-4298-8098-07D454A9EA6E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-19] (Adobe Inc. -> Adobe Inc.)
Task: {FE262240-E402-4F48-AEFB-826A5BD5701E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5463968 2025-03-04] (Microsoft Windows -> Microsoft Corporation)
Task: {12BC664E-CE28-4BC1-92DC-FE1383BABBA9} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{B53321A8-79E0-45B5-AFA0-1A3D9CFD0922} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe [5745760 2025-02-19] (Google LLC -> Google LLC)
Task: {83F76E7D-0827-4EA4-919F-6F46F2DE765D} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223880 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6478595F-7CCA-4189-A7A1-88D28E0BA6EB} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223880 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {447688D8-B001-4F0E-86B2-93804BA942DD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28895416 2025-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {233681FB-B296-46E0-BFFF-056B3CB67528} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\opushutil.exe [58544 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6121B65E-1A5E-4A31-91A3-F6AB7C57DAE5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28895416 2025-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {644443BB-EFBE-4EA2-AE2A-A2837ECA7DF8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223880 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF70EAAC-170D-406F-AC72-CDA013AC786C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223880 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {D19065FF-57A8-43CC-B2DC-31FF2E0A3552} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [72840 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {63D90348-4801-4E48-833A-597C1B4D2684} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {7074B1F7-E29F-45AB-9A88-80F200AAC72F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {88C4734E-8C23-44D7-A2CA-A7B5CE6EB0E6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {A24A7E18-6F4D-479B-BB50-AE942759E8C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {76CEC393-713B-4A54-B57D-E19A7BB3129D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF5DEED7-2639-4392-855A-1C4CF2F3FCFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A0DB06B1-F03C-40C5-8F1D-3683CC725A1D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7D3879A8-46CD-4B95-BE19-C2060A6DB1E6} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2087068202-1813543609-1746243882-1002 => C:\Users\scodo\AppData\Local\Microsoft\OneDrive\25.031.0217.0002\OneDriveLauncher.exe [669520 2025-03-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {067021EF-70C9-4E0C-930D-B382382252A4} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-2087068202-1813543609-1746243882-1002 => C:\Users\scodo\AppData\Roaming\Zoom\bin\Zoom.exe [434488 2025-03-07] (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0cdb6014-279f-4f7f-843d-dc9d6a3aa7a0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0cdb6014-279f-4f7f-843d-dc9d6a3aa7a0}: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{a235eab2-c774-4ff8-bf15-571d48ac6748}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\scodo\AppData\Local\Microsoft\Edge\User Data\Default [2025-03-09]
Edge DownloadDir: Default -> C:\Users\scodo\Downloads
Edge Notifications: Default -> hxxps://calendar.google.com
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge Extension: (Google Docs Offline) - C:\Users\scodo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-09]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\scodo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-02-18]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\scodo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-02-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2087068202-1813543609-1746243882-1002: SkypeForBusinessPlugin-16.2 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2087068202-1813543609-1746243882-1002: SkypeForBusinessPlugin64-16.2 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\scodo\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-08-05]
 
Chrome: 
=======
CHR Profile: C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default [2025-03-09]
CHR DownloadDir: C:\Users\scodo\Downloads
CHR Notifications: Default -> hxxps://robynbauder.securefilepro.com
CHR HomePage: Default -> hxxps://192.168.1.1/login?redirect=%2F
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (MasterCook) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlemnmgimcdhhaphaecileladgedmhf [2024-12-07]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-03]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-02-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Cisco Webex Extension) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2022-07-22]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Web Store Payments) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Privacy Badger) - C:\Users\scodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2025-03-06]hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [231456 2024-09-19] (RealDefense LLC -> SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1263424 2014-08-14] (Acronis International GmbH -> Acronis)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-19] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3996664 2020-01-03] (Acronis International GmbH -> Acronis)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13768944 2025-03-01] (Microsoft Corporation -> Microsoft Corporation)
S3 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [40656 2020-04-10] (Dell Inc -> )
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [78088 2023-07-14] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2480944 2023-07-14] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2981168 2023-07-14] (Intel Corporation -> Intel)
R3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [78128 2023-07-14] (Intel Corporation -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9483456 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-22] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe [1926976 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 PowerPanel Personal Service; C:\Program Files (x86)\CyberPower PowerPanel Personal\ppped.exe [11264 2021-08-03] () [File not signed]
R2 PowerPanel Personal Service Monitor; C:\Program Files (x86)\CyberPower PowerPanel Personal\pppServiceMonitor.exe [1186304 2021-08-03] () [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [6847712 2014-09-13] (Acronis International GmbH -> Acronis)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe [4352456 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe [270056 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [155744 2024-04-01] (Alcorlink Corp. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2023-01-14] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2023-01-14] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2022-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [296736 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [134432 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [209200 2023-07-14] (Intel Corporation -> Rivet Networks, LLC.)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [278944 2025-03-06] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-03-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [235376 2025-03-09] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [80448 2025-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-03-09] (Malwarebytes Inc. -> Malwarebytes)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [23072 2024-09-19] (RealDefense LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [1058632 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [248648 2020-01-03] (Acronis International GmbH -> Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601520 2025-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100768 2025-03-06] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-03-09 13:46 - 2025-03-09 13:47 - 000031629 _____ C:\Users\scodo\OneDrive\Desktop\FRST.txt
2025-03-09 13:46 - 2025-03-09 13:46 - 000000000 ____D C:\FRST
2025-03-09 13:42 - 2025-03-09 13:45 - 002404352 _____ (Farbar) C:\Users\scodo\OneDrive\Desktop\FRST64.exe
2025-03-09 11:38 - 2025-03-09 11:38 - 000235376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2025-03-09 11:38 - 2025-03-09 11:38 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2025-03-08 20:20 - 2025-03-08 20:20 - 000000000 ____D C:\Users\scodo\OneDrive\Documents\Team New Boundaries  2025
2025-03-07 19:50 - 2025-03-07 19:50 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2087068202-1813543609-1746243882-1002
2025-03-07 19:50 - 2025-03-07 19:50 - 000002432 _____ C:\Users\scodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-03-07 09:38 - 2025-03-07 09:38 - 000004256 _____ C:\WINDOWS\system32\Tasks\ZoomUpdateTaskUser-S-1-5-21-2087068202-1813543609-1746243882-1002
2025-03-07 09:38 - 2025-03-07 09:38 - 000000000 ____D C:\Users\scodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2025-03-06 15:54 - 2025-03-06 15:54 - 000132750 _____ C:\Users\scodo\Downloads\240605764159.JPEG
2025-03-05 21:42 - 2025-03-05 21:42 - 000000000 ____D C:\WINDOWS\Panther
2025-02-27 00:33 - 2025-02-27 00:33 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-02-27 00:33 - 2025-02-27 00:33 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-02-13 11:14 - 2025-02-13 11:14 - 000146878 _____ C:\Users\scodo\Downloads\RH703PTUTC-Web-Cutsheet.pdf
2025-02-12 09:04 - 2025-02-12 09:04 - 000027135 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-02-12 09:03 - 2025-02-12 09:03 - 000027135 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-02-08 09:17 - 2025-03-07 19:50 - 000003576 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2087068202-1813543609-1746243882-1002
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-03-09 13:47 - 2023-05-14 07:45 - 000000000 ____D C:\Users\scodo\AppData\Local\Malwarebytes
2025-03-09 13:46 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-09 13:44 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-09 13:21 - 2023-01-14 12:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-09 12:37 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-09 12:07 - 2020-01-09 15:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-03-09 11:43 - 2023-01-14 12:24 - 000850308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-09 11:43 - 2022-05-07 01:22 - 000000000 ____D C:\WINDOWS\INF
2025-03-09 11:39 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-09 11:39 - 2020-10-22 13:48 - 000000000 ____D C:\Users\scodo\AppData\Roaming\Microsoft\Teams
2025-03-09 11:39 - 2019-12-30 16:43 - 000000000 ___RD C:\Users\scodo\OneDrive
2025-03-09 11:38 - 2023-01-14 12:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-09 11:38 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ServiceState
2025-03-09 11:38 - 2022-05-07 01:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-03-09 11:38 - 2020-11-08 11:11 - 000012288 ___SH C:\DumpStack.log.tmp
2025-03-09 11:38 - 2019-12-30 16:41 - 000000000 __SHD C:\Users\scodo\IntelGraphicsProfiles
2025-03-09 11:38 - 2019-12-06 14:02 - 000000000 ____D C:\Intel
2025-03-08 22:56 - 2020-01-03 18:35 - 000000000 ____D C:\Users\scodo\AppData\Roaming\Microsoft\Word
2025-03-08 22:35 - 2020-01-03 18:35 - 000000000 ____D C:\Users\scodo\AppData\Roaming\Microsoft\Office
2025-03-08 20:21 - 2022-02-05 12:18 - 000000000 ____D C:\Users\scodo\AppData\Local\CrashDumps
2025-03-07 19:50 - 2023-01-14 12:23 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2087068202-1813543609-1746243882-1002
2025-03-07 19:50 - 2020-11-03 12:22 - 000000000 ____D C:\Users\scodo\AppData\Roaming\Zoom
2025-03-07 09:45 - 2020-07-14 14:18 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-07 09:39 - 2023-01-14 12:23 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-07 09:39 - 2023-01-14 12:23 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-05 23:18 - 2019-12-30 17:29 - 000000000 ____D C:\Users\scodo\AppData\Local\D3DSCache
2025-03-05 21:38 - 2019-12-06 13:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-03-04 17:39 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2025-03-04 17:22 - 2023-01-14 12:17 - 000479280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-03-04 17:22 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SystemResources
2025-03-04 17:21 - 2023-12-13 16:56 - 000000000 ____D C:\WINDOWS\InboxApps
2025-03-04 17:21 - 2022-05-07 02:10 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-03-04 17:21 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-03-04 17:21 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\servicing
2025-03-04 17:19 - 2022-05-07 01:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-04 17:17 - 2023-01-14 12:18 - 003216384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-03-04 14:44 - 2019-12-30 16:41 - 000000000 ____D C:\Users\scodo\AppData\Local\Packages
2025-03-03 21:14 - 2022-05-07 01:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-02-27 16:37 - 2020-01-03 17:18 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-02-25 18:08 - 2023-01-05 15:57 - 000000000 ____D C:\Users\scodo\OneDrive\Documents\Tools
2025-02-25 12:33 - 2020-01-03 18:52 - 000000000 ____D C:\Users\scodo\AppData\Roaming\Microsoft\Excel
2025-02-20 12:07 - 2022-05-04 11:14 - 000000000 ____D C:\ProgramData\Quicken
2025-02-12 18:52 - 2020-01-03 17:18 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2025-02-12 18:51 - 2023-10-11 01:13 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\UUS
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\setup
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-02-12 18:51 - 2022-05-07 01:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-12 09:09 - 2019-12-30 19:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-02-12 09:07 - 2019-12-30 19:46 - 209365816 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-02-11 19:18 - 2021-06-15 08:44 - 000000000 ____D C:\Users\scodo\AppData\Roaming\MediaMonkey5
2025-02-11 17:18 - 2022-02-11 20:06 - 087075920 _____ (Ventis Media Inc. ) C:\Users\scodo\OneDrive\Desktop\MediaMonkey_5.0.2.2531.exe
2025-02-08 13:13 - 2020-01-09 16:00 - 000000000 ____D C:\Users\scodo\AppData\Roaming\Microsoft\Outlook
 
==================== Files in the root of some directories ========
 
2020-01-08 12:53 - 2020-01-08 12:53 - 000000135 _____ () C:\Users\scodo\AppData\Roaming\pppe_log.txt
2019-12-30 18:01 - 2020-01-03 13:05 - 000007679 _____ () C:\Users\scodo\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-03-2025
Ran by scodo (09-03-2025 13:48:30)
Running from C:\Users\scodo\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.4974 (X64) (2023-01-14 16:23:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2087068202-1813543609-1746243882-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2087068202-1813543609-1746243882-503 - Limited - Disabled)
Guest (S-1-5-21-2087068202-1813543609-1746243882-501 - Limited - Disabled)
Krdon (S-1-5-21-2087068202-1813543609-1746243882-1003 - Limited - Disabled)
mag_p (S-1-5-21-2087068202-1813543609-1746243882-1004 - Limited - Disabled)
scodo (S-1-5-21-2087068202-1813543609-1746243882-1002 - Administrator - Enabled) => C:\Users\scodo
WDAGUtilityAccount (S-1-5-21-2087068202-1813543609-1746243882-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}) (Version: 18.0.6613 - Acronis) Hidden
Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}Visible) (Version: 18.0.6613 - Acronis)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20421 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF220 Series (HKLM\...\{33A079E0-BF49-4E97-9293-3EDDA6D130A4}) (Version: 4.5.0.0 - CANON INC.)
Cisco Webex Meetings (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\ActiveTouchMeetingClient) (Version: 41.2.4 - Cisco Webex LLC)
CrystalDiskInfo 8.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.1.0 - Crystal Dew World)
CrystalDiskInfo 8.12.4 (64-bit) (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.4 - Crystal Dew World)
CyberPower PowerPanel Personal 2.3.0 (HKLM-x32\...\5708-0475-1423-7128) (Version: 2.3.0 - CyberPower Systems, Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{CC5730C7-C867-43BD-94DA-00BB3836906F}) (Version: 4.0.52.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{2D27B76E-8FB1-495B-A61D-FB76349E7E36}) (Version: 3.1.9518 - Screenovate Technologies Ltd.)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{02C6E1BF-7D31-4BDA-ACA4-0B412F3CE527}) (Version: 3.11.77 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0000 - SEIKO EPSON Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 133.0.6943.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM\...\{94E05108-3E4E-4F2E-AC5F-33A1B22B779C}) (Version: 10.1.1.44 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1932.12.0.1298 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{79686D7F-92EC-4591-94E5-42A05DCA31A8}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{7F6B8D19-4752-4514-8D26-558549CB866E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{436D9308-4561-4B7B-BE34-D31996883929}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{05817e4d-5f15-49b4-afec-7edb31fc7dd6}) (Version: 1.56.87.0 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{7EBADAB6-B7AC-4560-85A7-FF345559F193}) (Version: 17.2.6.1027 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ISIS Driver - EPSON GT-1500 v1.0 (HKLM-x32\...\{D41864EF-CC5D-4CF4-B0B9-CA3152164157}) (Version: 1.0 - EMC Captiva)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{B6A1310A-C2C4-4401-8563-7F8B2BFF7643}) (Version: 2.1.1295 - Rivet Networks)
Malwarebytes version 5.2.7.167 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.7.167 - Malwarebytes)
MasterCook 22 (HKLM-x32\...\{EE25B4AE-413E-4590-A708-D894919F87BE}) (Version: 22.0.2.0 - ValuSoft Finance LLC) Hidden
MasterCook 22 (HKLM-x32\...\MasterCook 22 22.0.2.0) (Version: 22.0.2.0 - ValuSoft Finance LLC)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
MDI To TIFF File Converter (HKLM-x32\...\{90120000-00A6-0409-0000-0000000FF1CE}) (Version: 12.0.6661.5002 - Microsoft Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MediaMonkey 5 (HKLM-x32\...\MediaMonkey 5_is1) (Version: 5 - Ventis Media Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18526.20144 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 134.0.3124.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 134.0.3124.51 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\OneDriveSetup.exe) (Version: 25.031.0217.0002 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.14501 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{2F76B349-BFDF-4D4C-A891-D7AFE57BFA02}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{431A9859-6B29-4F31-840E-B511CA32459B}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18429.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.61.20 - Quicken)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
RHINO Connect Software (HKLM\...\{4528FB2C-65B7-4B6E-87CD-D82CAA3529D3}) (Version: 1.4.0.412 - DYMO Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.59.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{DEA18FF6-D84A-4242-9663-692E5BA56805}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23043.3 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23043.3 - Samsung Electronics Co., Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1272 - SUPERAntiSpyware.com)
Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.0.0.0 - CANON INC.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version: 9.8.39 - Hamrick Software)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom Workplace (HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\...\ZoomUMX) (Version: 6.3.11 (60501) - Zoom Communications, Inc.)
 
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-02-04] ()
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2025-02-18] (Canon Inc.)
Copilot -> C:\Program Files\WindowsApps\Microsoft.Copilot_1.25014.121.0_x64__8wekyb3d8bbwe [2025-02-19] (Microsoft Corporation) [Startup Task]
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2022-05-18] (Dell Inc)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2025-02-18] (INTEL CORP)
Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1423.712.0_x64__rh07ty8m5nkag [2023-10-16] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_4.0.10820.0_x64__yxz26nhyzhsrt [2025-03-07] (Microsoft Corp.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2502.5002.0_x64__8wekyb3d8bbwe [2025-02-11] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corp.)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.6.0_x64__htrsf667h5kn2 [2025-01-08] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-10-09] (Netflix, Inc.)
OfficePushNotificationsUtility -> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16 [2025-03-09] ()
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-30] (Microsoft Corporation)
Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.4008.0_x64__8wekyb3d8bbwe [2025-02-11] (Microsoft Corporation)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-22] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_6000.401.2352.0_x64__8wekyb3d8bbwe [2025-02-26] (Microsoft Corp.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\scodo\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.14501\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\scodo\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{D74E95E7-EE89-4B29-B282-AE56EC7CC41F} -> [Scott's S23 Ultra] => C:\Users\scodo\CrossDevice\Scott's S23 Ultra [2024-12-29 17:13]
CustomCLSID: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002_Classes\CLSID\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1}\localserver32 -> C:\Users\scodo\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayVersion-x64.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis International GmbH -> Acronis)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2dadf80722c4f751\igfxDTCM.dll [2021-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2014-09-09] (Acronis International GmbH -> Acronis)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-11-04 13:22 - 2017-09-15 01:35 - 000128512 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\_cffi_backend.cp36-win32.pyd
2021-11-04 13:23 - 2021-11-04 13:23 - 001196032 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppbedrv.dll
2021-11-04 13:23 - 2021-11-04 13:23 - 000163840 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\bin\ppbedrvc.dll
2021-11-04 13:22 - 2021-08-03 03:32 - 000023040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\AdvancedHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\AppTrayHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DeviceConfigHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DevicePropHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000020992 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\DeviceStatusHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000023552 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\EnergyHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\EventLogsHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\MenuHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000029696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\NotificationHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\RuntimeHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\ScheduleHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000019968 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SelfTestHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SoftwareUpdateHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\SummaryHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientHandler\VoltageHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\ClientModel\DaemonStatus.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\BypassEventCount.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DesktopInteractiveServer.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000025088 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceConfigure.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceLogHelper.cp36-win32.pyd
2021-11-04 13:23 - 2021-11-04 13:23 - 000110592 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DeviceMonitor.cp36-win32.pyd
2021-11-04 13:23 - 2021-11-04 13:23 - 000055296 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\DevicePropertiesFetcher.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:28 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\EnergyRecorder.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:29 - 000079360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\EventAnalyzer.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:29 - 000100864 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\MobileDataProvider.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:29 - 000024064 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\TransactionHelper.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:30 - 000055808 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\controllers\WebAppController.cp36-win32.pyd
2021-11-04 13:22 - 2017-09-15 01:35 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_constant_time.pyd
2021-11-04 13:22 - 2017-09-15 01:35 - 002095616 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_openssl.pyd
2021-11-04 13:22 - 2017-09-15 01:35 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\cryptography\hazmat\bindings\_padding.pyd
2021-11-04 13:22 - 2021-08-03 03:33 - 000015360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Events\Event.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:33 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Events\EventsMobile.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000045568 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\AdvancedHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\AppTrayHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DeviceConfigHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000019456 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DevicePropHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\DeviceStatusHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\EnergyHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\EventLogsHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000026624 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\NotificationHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\RuntimeHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000038400 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\ScheduleHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SelfTestHandler.cp36-win32.pyd
2021-11-04 13:23 - 2021-11-04 13:23 - 000067072 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SoftwareUpdateHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000014848 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\SummaryHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\handler_refactor\VoltageHandler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:34 - 000079360 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\AppClient.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:35 - 000093696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\AppServer.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:35 - 000010240 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\Command.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:35 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\major\Verification.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:30 - 000096256 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DataSource2.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:30 - 000016896 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DBSession.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:30 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Device.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:30 - 000029696 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DevicePropertiesData.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000043520 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DevicePushMessageData.cp36-win32.pyd
2021-11-04 13:23 - 2021-11-04 13:23 - 000033792 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DeviceStatusData.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000020480 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\DriverTransaction.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000015872 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Statement.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\Transaction.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\UpdateStatusData.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:31 - 000036352 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\model_Json\WebAppData.cp36-win32.pyd
2021-11-04 13:22 - 2017-12-07 07:05 - 001751040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtCore.pyd
2021-11-04 13:22 - 2017-12-07 07:05 - 001879040 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtGui.pyd
2021-11-04 13:22 - 2017-12-07 07:05 - 000513024 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtNetwork.pyd
2021-11-04 13:22 - 2017-12-07 07:05 - 003814400 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\QtWidgets.pyd
2021-11-04 13:22 - 2017-06-21 02:02 - 000111616 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\pywintypes36.dll
2021-11-04 13:22 - 2017-03-13 15:15 - 000033792 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\servicemanager.pyd
2021-11-04 13:22 - 2017-12-07 07:06 - 000084992 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sip.pyd
2021-11-04 13:22 - 2017-07-05 11:30 - 000013824 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cprocessors.cp36-win32.pyd
2021-11-04 13:22 - 2017-07-05 11:30 - 000014848 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cresultproxy.cp36-win32.pyd
2021-11-04 13:22 - 2017-07-05 11:30 - 000009728 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\sqlalchemy\cutils.cp36-win32.pyd
2021-11-04 13:23 - 2021-11-04 13:23 - 000008192 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\buildConfig.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000029184 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\loggerSetting.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\module.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\settings.cp36-win32.pyd
2021-11-04 13:23 - 2021-11-04 13:23 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\systemDefine.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000034816 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\systemFunction.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:26 - 000021504 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\System\ValueId.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000017408 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\DataCryptor.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000043520 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\EmailSender.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HelpOpener.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HibernateMac.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000014336 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\HibernateWin.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:33 - 000017920 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\i18nTranslater.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000031232 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\Logger.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000024576 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\OAuthManagement.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000018944 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\OSOperator.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:32 - 000020480 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\RequestImp.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:33 - 000068096 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\Scheduler.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:33 - 000012800 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownMac.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:33 - 000016384 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownUtil.cp36-win32.pyd
2021-11-04 13:22 - 2021-08-03 03:33 - 000012800 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Utility\ShutdownWin.cp36-win32.pyd
2021-11-04 13:22 - 2017-03-13 15:15 - 000103424 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32api.pyd
2021-11-04 13:22 - 2017-03-13 15:14 - 000021504 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32event.pyd
2021-11-04 13:22 - 2017-03-13 15:15 - 000173568 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32gui.pyd
2021-11-04 13:22 - 2017-03-13 15:15 - 000046592 _____ () [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\win32service.pyd
2005-09-07 13:03 - 2005-09-07 13:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\ScanSoft\PaperPort\blicectr.dll
2020-01-08 13:28 - 2014-04-10 10:19 - 000002048 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask_EN.dll
2020-01-08 13:27 - 2013-01-31 14:21 - 000152064 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCENPM6.dll
2008-04-11 13:54 - 2008-04-11 13:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qgif.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000033280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qicns.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qico.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qjpeg.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qtga.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000327680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qtiff.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qwbmp.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000401408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\imageformats\qwebp.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 001096704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\platforms\qwindows.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 004770816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Core.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 004964352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Gui.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000960000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Network.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 004460544 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\PyQt5\Qt\bin\Qt5Widgets.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 004770816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Core.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 004964352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Gui.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 000960000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Network.dll
2021-11-04 13:22 - 2017-12-07 07:05 - 004460544 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\CyberPower PowerPanel Personal\Qt5Widgets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\scodo\OneDrive\Desktop\FRST64.exe:MBAM.Zone.Identifier [225]
AlternateDataStreams: C:\Users\scodo\OneDrive\Desktop\MediaMonkey_5.0.2.2531.exe:MBAM.Zone.Identifier [93]
AlternateDataStreams: C:\Users\scodo\Downloads\EEM_3.11.77.exe:MBAM.Zone.Identifier [113]
AlternateDataStreams: C:\Users\scodo\Downloads\epson15561 (1).exe:MBAM.Zone.Identifier [112]
AlternateDataStreams: C:\Users\scodo\Downloads\epson15561 (2).exe:MBAM.Zone.Identifier [112]
AlternateDataStreams: C:\Users\scodo\Downloads\MDI2TIFConverter.exe:MBAM.Zone.Identifier [179]
AlternateDataStreams: C:\Users\scodo\Downloads\Smart.Switch.PC_setup.exe:MBAM.Zone.Identifier [170]
AlternateDataStreams: C:\Users\scodo\Downloads\vuex64-9.8.32 (1).exe:MBAM.Zone.Identifier [112]
AlternateDataStreams: C:\Users\scodo\Downloads\vuex64-9.8.32 (4).exe:MBAM.Zone.Identifier [112]
AlternateDataStreams: C:\Users\scodo\Downloads\vuex64-9.8.32.exe:MBAM.Zone.Identifier [112]
AlternateDataStreams: C:\Users\scodo\Downloads\vuex64-9.8.37.exe:MBAM.Zone.Identifier [112]
AlternateDataStreams: C:\Users\scodo\Downloads\vuex64-9.8.39.exe:MBAM.Zone.Identifier [112]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
SearchScopes: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> DefaultScope {207C416D-9F08-4EA0-A815-7DD0E992EC54} URL = 
SearchScopes: HKU\S-1-5-21-2087068202-1813543609-1746243882-1002 -> {207C416D-9F08-4EA0-A815-7DD0E992EC54} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2087068202-1813543609-1746243882-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\scodo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: Qualcomm QCA9377 802.11ac Wireless Adapter -> Qcamain10x64.sys
Ethernet: Killer E2400 Gigabit Ethernet Controller -> e2xw10x64.sys
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "MFNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{41A7E5AA-A894-4DCB-AC2F-485644A109A4}C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe] => (Allow) C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [TCP Query User{72DE8819-7480-4B24-8791-4A7FE9CAB55D}C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe] => (Allow) C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [UDP Query User{D0E99F02-F8DD-46F2-AD42-1F170CC84C4E}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{2B6B19A9-A7C6-49EC-8D2B-6DA36A237808}C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\scodo\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{B91D5AD0-302A-4A07-AB25-5BB7637A2BF6}C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe] => (Allow) C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [TCP Query User{D76B90CF-6C5B-43CC-8AB3-5931EFDC0B9B}C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe] => (Allow) C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [UDP Query User{400035FF-87A0-4434-B72B-BBC684D5D3B6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{062BDDCC-8024-4562-B2B5-514B44A17570}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{F77926CF-31E6-4232-AD6C-68CBD5A8357D}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{791CC140-24F7-4F35-862F-F1EE70C73DBB}C:\windows\syswow64\rundll32.exe] => (Allow) C:\windows\syswow64\rundll32.exe
FirewallRules: [{63EF18A9-915F-40A8-BBEB-CE45D24B703F}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{6F3CA265-6045-47FB-AB9C-39842EE99B61}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{5A59F609-48DE-470C-AADB-369C965CBCAC}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [{CC49D73D-368F-4679-A14F-873376C8674C}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7D740CC3-D1CA-46EA-8480-F515FE4457E9}] => (Allow) C:\Users\scodo\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{435006CF-DD94-4660-9BCB-2C0DCD716E48}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C01A884B-B74D-4F53-91A2-685D9FB5F8C8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24295.401.3195.9406_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6E0C8BC-C49E-49F5-B667-60770909AC27}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24295.401.3195.9406_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{714CC82C-CB34-4A72-8C30-726E89690962}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software -> Hamrick Software)
FirewallRules: [{0994218D-A86A-4380-8214-A314664DA1D0}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software -> Hamrick Software)
FirewallRules: [{FF362302-E076-45EB-A089-7C2312913AB8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D09FBEC6-93A9-4E53-889C-F92E18953629}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.137.3425.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{15B83D91-C336-44E1-9ABF-8B52112F79CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.137.3425.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ECE46709-4AF0-4C67-8940-DF008B5EB64C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.137.3425.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F436421-FC95-4FCC-8559-DE61E8613612}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.137.3425.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3AC6AA6E-B31E-4EC6-91AD-E1954FF2A562}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.51\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4A509BFC-CA5E-45C9-93F5-66F793504401}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6CE52207-5A4B-41AB-AA7D-B51632108D7F}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
06-03-2025 09:56:54 Windows Update
 
==================== Faulty Device Manager Devices ============
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/09/2025 11:38:00 AM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
Error: (03/08/2025 08:21:33 PM) (Source: Application Error) (EventID: 1000) (User: SCOTTSOFFICEDES)
Description: Faulting application name: Notepad.exe, version: 11.2412.16.0, time stamp: 0x67ab5982
Faulting module name: ucrtbase.dll, version: 10.0.22621.3593, time stamp: 0x10c46e71
Exception code: 0xc0000409
Fault offset: 0x000000000007f6fe
Faulting process id: 0x0x2238
Faulting application start time: 0x0x1db9089361bbf3b
Faulting application path: C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2412.16.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 98d8de04-a172-4fd3-b92f-fc2006bfbe17
Faulting package full name: Microsoft.WindowsNotepad_11.2412.16.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (03/06/2025 01:31:49 PM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
Error: (03/05/2025 09:41:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (03/05/2025 09:41:31 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (03/05/2025 09:41:26 PM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
Error: (03/04/2025 06:29:25 PM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
Error: (03/04/2025 05:22:10 PM) (Source: PowerPanel Personal Service) (EventID: 3) (User: )
Description: The instance's SvcRun() method failed
 
Traceback (most recent call last):
  File "C:\Program Files (x86)\Python36-32\lib\site-packages\win32\lib\win32serviceutil.py", line 836, in SvcRun
  File "WinService.py", line 169, in SvcDoRun
    self.daemon.start()
  File "C:\Users\Dev\Downloads\workspace\PowerPanel Personal for Windows test\label\Windows_PPPE\Daemon.py", line 69, in start
SystemExit: 0
 
%2: %3
 
 
System errors:
=============
Error: (03/06/2025 03:45:55 PM) (Source: DCOM) (EventID: 10010) (User: SCOTTSOFFICEDES)
Description: The server MicrosoftWindows.Client.CBS_1000.22700.1074.0_x64__cw5n1h2txyewy!Global.DesktopSpotlight.AppX1ay99xhphzbwzv134qx0tx5qnb6t98qf.mca did not register with DCOM within the required timeout.
 
Error: (03/06/2025 08:58:29 AM) (Source: DCOM) (EventID: 10010) (User: SCOTTSOFFICEDES)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.22621.2506_neutral_neutral_cw5n1h2txyewy!App.AppX76q4xtxwbj16z0zkyp0pnwtt6m850rvk.mca did not register with DCOM within the required timeout.
 
Error: (03/06/2025 08:58:29 AM) (Source: DCOM) (EventID: 10010) (User: SCOTTSOFFICEDES)
Description: The server DellInc.MyDell_2.2.6.0_x64__htrsf667h5kn2!Fusion.AppX37e56vz58s6bn8hjnfvq1x7bc6z91a6a.mca did not register with DCOM within the required timeout.
 
Error: (03/06/2025 08:58:29 AM) (Source: DCOM) (EventID: 10010) (User: SCOTTSOFFICEDES)
Description: The server Microsoft.People_10.2202.100.0_x64__8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXv1pa150fssxfwf8qn0j65z3gp1qhwkcs.mca did not register with DCOM within the required timeout.
 
Error: (03/05/2025 08:36:32 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/05/2025 12:49:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80073d02 = The package could not be installed because resources it modifies are currently in use.): 9NMPJ99VJBWV-Microsoft.YourPhone.
 
Error: (03/03/2025 09:52:50 PM) (Source: DCOM) (EventID: 10010) (User: SCOTTSOFFICEDES)
Description: The server DellInc.MyDell_2.2.6.0_x64__htrsf667h5kn2!Fusion.AppX37e56vz58s6bn8hjnfvq1x7bc6z91a6a.mca did not register with DCOM within the required timeout.
 
Error: (03/03/2025 06:28:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80073d02 = The package could not be installed because resources it modifies are currently in use.): 9NMPJ99VJBWV-Microsoft.YourPhone.
 
 
Windows Defender:
================
Date: 2025-03-08 22:16:05
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-03-08 10:33:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-03-06 12:10:38
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUABundler:Win32/PiriformBundler
Severity: Low
Category: Potentially Unwanted Software
Path: file:_T:\Scotty\Downloads\spsetup132.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.423.257.0, AS: 1.423.257.0, NIS: 1.423.257.0
Engine Version: AM: 1.1.25010.7, NIS: 1.1.25010.7 
 
Date: 2025-03-05 20:59:07
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2025-03-05 19:46:37
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:BAT/Malgent!MSR
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Public\ANawElgAnG129GEhb.bat; file:_C:\Users\Public\ro7naWgENAwMashaa.bat
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.423.241.0, AS: 1.423.241.0, NIS: 1.423.241.0
Engine Version: AM: 1.1.25010.7, NIS: 1.1.25010.7 
Event[0]
 
Date: 2025-02-09 12:03:27
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.421.1791.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24090.11
Error code: 0x80070643
Error description: Fatal error during installation.  
 
CodeIntegrity:
===============
Date: 2025-03-09 13:46:31
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.1.18 09/06/2021
Motherboard: Dell Inc. 0T2HR0
Processor: Intel® Core™ i7-9700 CPU @ 3.00GHz
Percentage of memory in use: 48%
Total physical RAM: 16190.91 MB
Available physical RAM: 8278.66 MB
Total Virtual: 17214.91 MB
Available Virtual: 8513.3 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:223.19 GB) (Free:68.84 GB) (Model: PM981a NVMe Samsung 256GB) NTFS
Drive s: (Audio/Video) (Fixed) (Total:833.84 GB) (Free:458.28 GB) (Model: ST31000524AS) NTFS
Drive t: (Misc Data) (Fixed) (Total:97.66 GB) (Free:44.59 GB) (Model: ST31000524AS) NTFS
 
\\?\Volume{32f547c6-c831-48bd-b930-186e67c7499a}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.32 GB) NTFS
\\?\Volume{4505f415-94fa-480c-95da-2643ae05f561}\ (Image) (Fixed) (Total:12.32 GB) (Free:0.18 GB) NTFS
\\?\Volume{62156c42-d9ec-43fd-a0fa-4727839d5129}\ (DELLSUPPORT) (Fixed) (Total:1.22 GB) (Free:0.43 GB) NTFS
\\?\Volume{d188605c-5e7d-480f-96f7-ecb1888c371d}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.55 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 0BEC2E74)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 

 

 


  • 0

Advertisements

#2
RKinner
Posted 11 March 2025 - 05:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

CyberPower PowerPanel Personal 2.3.0 isn't working correctly and is throwing errors.  I would update to 2.6.1:

https://www.cyberpow...rsonal-windows/

 

Also I doubt you need two version of Media Monkey.  

MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MediaMonkey 5 (HKLM-x32\...\MediaMonkey 5_is1) (Version: 5 - Ventis Media Inc.)
 
Uninstall 4.1
 
As for your problem:
Defender says the files were:
Path: file:_C:\Users\Public\ANawElgAnG129GEhb.bat; file:_C:\Users\Public\ro7naWgENAwMashaa.bat
No telling what they do or what is in the .bat files.  You can look in Defender's quarantine files and see if it put ANawElgAnG129GEhb.bat; and/or ro7naWgENAwMashaa.bat there.  If so see if you can download them and then attach the zip file so I can look at them:
 
 
to Attach a file:
 
 Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
Let's check your system files to make sure they haven't been tampered with:
 
Copy the text between the lines of stars:
 
****
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
CMD: dir /a C:\Users\Public\*.bat
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
****
Open Notepad and Ctrl + v to paste the copied text into notepad.  File, Save As, to your Desktop, call it: Fixlist.txt
 
Run FRST64 (remember to start it with Run As Admin) and press Fix
 
This normally takes about 25 minutes to complete.  Be Patient.  System will reboot when done.
A fix log will be generated please post that 
 
 
 
Run FRST64 again and hit Scan.  Post both logs.
 
 
 
 

 


  • 1

#3
scewter
Posted 11 March 2025 - 05:08 PM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

CyberPower 2.6.1 installed

 

Media Monkey 4.1 uninstalled

 

Defender's quarantine files - did not complete yet. Need the thumbs up before proceeding. The link in your post took me to a 404 Page not found, but it offered a choice to restore quarantined files - see attached screenshot (titled "404 page not found_option to restore quarantined files_screenshot 2025-03-11"). Selected the link to restore quarantined file which opened up this page - see screenshot (titled "Restore quarantined files in Defender_how to guide_screenshot 2025-03-11"). But it came with the following caution - Depending on how Microsoft Defender Antivirus is configured, it quarantines suspicious files. If you're certain a quarantined file isn't a threat, you can restore it on your Windows device (my emphasis). I'm not certain it is not a threat, so before I do that wanted a thumbs up on this, or other advice. Just being cautious as I'm not particularly fond of creating unnecessary work.

 

OK, moving on.

 

Completed the FRST64 Fix as instructed. The fix log is attached.

 

And lastly opened FRST64 again and hit Scan.  Both logs are attached.

 

Thank you very much for your time in this!

Attached Thumbnails

  • 404 page not found_option to restore quarantined files_screenshot 2025-03-11.png
  • Restore quarantined files in Defender_how to guide_screenshot 2025-03-11.png

Attached Files


  • 0

#4
RKinner
Posted 12 March 2025 - 02:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

Don't worry about restoring the quarantined files. 

 

I had FRST look in the Public folder and there are no bat files hiding there.  

 

Your system files are good.  I don't see anything suspicious in your logs.  The number of errors has dropped to normal so I think you are probably good.  If you want a second opinion you can run ESET free scan.  Takes a couple of hours but is very thorough.

 

Go to 

https://www.eset.com...online-scanner/

Click on One Time Scan

That will download Esetonlinescanner.exe

Go to your download folder then right click Esetonlinescanner.exe and Run As Admin.

 

Follow the directions.  Allow it to automatically remove anything it finds.


  • 1

#5
scewter
Posted 12 March 2025 - 09:07 PM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Most excellent. Thnx for checking.

 

Tried out eset online scanner - scan completed and Scan log attached.

 

I think I had used that online scanner in the past. Forgot about that tool. Appreciate the heads up on that.

 

Standing by for any other suggestions

 

Really appreciate the use of your time and knowledge!

Attached Files


  • 0

#6
RKinner
Posted 13 March 2025 - 04:31 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

GQvJduDgxzclzM8.ps1 is a randomly named Power Shell program so probably the original source of the two bat files that Defender removed.  The ccsetup files are just CCleaner setup files.  Not really malware but sometimes it is a bit too aggressive at removing stuff it thinks you don't need.  It is also being bundled in the Speccy download so can be considered foistware.

 

I think we are done now unless there is some other problem.


  • 1

#7
scewter
Posted 13 March 2025 - 06:25 AM

scewter

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

No other problems.

 

Much obliged!


  • 0

#8
RKinner
Posted 13 March 2025 - 01:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

Time to clean up:
If we used FRST to clean your PC:
 
right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.
 
 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP