I've got to call it a night, I'll check back first thing in the morning.
I've got to call it a night, I'll check back first thing in the morning.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
addition.txt
-----------
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-04-2022
Ran by Chris (09-04-2022 13:28:54)
Running from C:\Users\Chris\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-10-12 00:27:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4166634823-2150066620-1418166359-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4166634823-2150066620-1418166359-1023 - Limited - Enabled)
Chris (S-1-5-21-4166634823-2150066620-1418166359-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-4166634823-2150066620-1418166359-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4166634823-2150066620-1418166359-1007 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 17.01 beta (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
Acronis True Image (HKLM\...\{A46CEE04-E692-47C9-B04A-BD849DD8AB65}) (Version: 23.6.18100 - Acronis) Hidden
Acronis True Image (HKLM\...\{A46CEE04-E692-47C9-B04A-BD849DD8AB65}Visible) (Version: 23.6.18100 - Acronis)
Acronis Universal Restore Bootable Media Builder (HKLM\...\{D8DCEF7C-9698-46FF-A1CB-89FAB7712E9E}) (Version: 11.7.40250 - Acronis)
Autodesk DWG TrueView 2016 - English (HKLM\...\DWG TrueView 2016 - English) (Version: 20.1.49.0 - Autodesk)
AutoIt Debugger 0.47.0 (HKLM\...\AutoIt Debugger) (Version: 0.47.0 - Essential Software)
AutoIt v3.3.14.5 (HKLM\...\AutoItv3) (Version: 3.3.14.5 - AutoIt Team)
AutoIt v3.3.15.3 (Beta) (HKLM\...\AutoItv3beta) (Version: 3.3.15.3 - AutoIt Team)
BabaCAD (HKLM\...\{FF8C8DDD-70E5-493E-92B6-296334F0601B}) (Version: 1.3.4 - BabaCAD)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon CanoScan LiDE 220 On-screen Manual (HKLM\...\Canon CanoScan LiDE 220 On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.11.1 - Canon Inc.)
CanoScan LiDE 220 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4811) (Version: 1.00 - Canon Inc.)
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CuteFTP (HKLM\...\CuteFTP) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Diskeeper 16 (HKLM\...\{24CA6BF3-C7E2-4E11-9009-A0A34B97413E}) (Version: 19.0.1214.32 - Condusiv Technologies)
DraftSight 2015 SP1 (HKLM\...\{FA2DA057-6711-4830-9D29-8F7C9BA77BAD}) (Version: 13.1.1091 - Dassault Systemes)
eMachineShop version 1.929 (HKLM\...\eMachineShop_is1) (Version: 1.929 - eMachineShop)
FileZilla Client 3.58.0 (HKLM\...\FileZilla Client) (Version: 3.58.0 - Tim Kosse)
Fine Homebuilding Archive 2011 (HKLM\...\{FC3523BB-134E-494C-957F-53DD2651A0ED}) (Version: 1.3.0000 - )
Foxit PDF Reader (HKLM\...\Foxit Reader_is1) (Version: 11.2.1.53537 - Foxit Software Inc.)
GoldWave v5.70 (HKLM\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GWX Control Panel (HKLM\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP LaserJet 3050/3052/3055/3390/3392 4.0 (HKLM\...\HP LaserJet 3050/3052/3055/3390/3392) (Version: 4.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® SSD Toolbox (HKLM\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.4.6.400 - Intel Corporation)
IrfanView 4.57 (32-bit) (HKLM\...\IrfanView) (Version: 4.57 - Irfan Skiljan)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Mozilla Firefox (x86 en-US) (HKLM\...\Mozilla Firefox 99.0 (x86 en-US)) (Version: 99.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.0.8124 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM\...\{D08D765A-2191-4210-9711-30FF98806770}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Pegasus Mail (HKLM\...\Pegasus Mail) (Version: - David Harris)
Pegasus Mail HTML Renderer 2.4.10.3 (HKLM\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version: - Micha's Midnight Manufacture)
Pegasus Mail v4.73 (HKLM\...\{6998396E-6D20-48FE-9200-4C9DFAFCED54}_is1) (Version: 4.73 - David Harris)
PowerDesk 9 (HKLM\...\{C4E1D1E5-0F67-463D-BD07-A24742AA7469}) (Version: 9.0.0.0 - Avanquest North America Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SciTE4AutoIt3 17.224.935.0 (HKLM\...\SciTE4AutoIt3) (Version: 17.224.935.0 - Jos van der Zande)
SharpKeys (HKLM\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (32-bit) (HKLM\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.5 - Safer-Networking Ltd.)
StudioTax 2016 (HKLM\...\{6DB3D78B-0756-4B0C-AC1B-0775378B90A0}) (Version: 12.0.10.1 - BHOK IT Consulting)
StudioTax 2017 (HKLM\...\{E5FF3290-BB3F-471A-8BDA-96135C3B69A8}) (Version: 13.0.4.0 - BHOK IT Consulting)
StudioTax 2018 (HKLM\...\{E3B7A312-0487-4261-B76D-1C94F2FAE38B}) (Version: 14.0.4.0 - BHOK IT Consulting)
StudioTax 2019 (HKLM\...\{DF514EC7-A25D-48D2-954F-93AE3837F2AB}) (Version: 15.0.5.0 - BHOK IT Consulting)
StudioTax 2020 (HKLM\...\{00A4E24D-F868-4D20-83E2-4EC0A569B305}) (Version: 16.0.6.0 - BHOK IT Consulting Inc.)
StudioTax 2021 (HKLM\...\{B409725E-D2DB-40F6-95D9-B7C0A6F638D8}) (Version: 17.0.3.0 - BHOK IT Consulting Inc.)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.0 - Helios)
Visual Basic 5.0 Professional Edition (HKLM\...\VB5) (Version: - )
Windows Resource Kit Tools (HKLM\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
WordPerfect IFilter 32 bit (HKLM\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X6 - Common Files (HKLM\...\{315FE707-7A15-4B1B-8C5A-955428AAA01D}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (HKLM\...\{E1AF3785-AA77-471E-ABC5-4C2B459B877A}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Extras (HKLM\...\{98F94B9C-9FF5-4053-85A6-3D4F3FA3EBA0}) (Version: 1.00.0000 - Corel Corporation)
WordPerfect Office X6 - IPM (HKLM\...\{230100D9-27B4-49A3-A30F-D44B51EF56AA}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (HKLM\...\{440F51A9-8CA3-41D7-AFD5-F47820895949}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (HKLM\...\{C4D92146-95DE-415A-99CC-51FBFF7C10CF}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (HKLM\...\{8959569B-D9BA-43A9-972A-D509EE7D4BA9}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (HKLM\...\{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (HKLM\...\{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (HKLM\...\{069793F3-E123-47B9-88DB-5DE76FF32ADB}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (HKLM\...\{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (HKLM\...\{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (HKLM\...\{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}) (Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (HKLM\...\{CCADD122-70A5-47A6-8722-1BD5267B85F5}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (HKLM\...\{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (HKLM\...\{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 (HKLM\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.428 - Corel Corporation)
WordPerfect Office X6 (HKLM\...\{F6582F6F-6CD1-4B62-8BC6-EACF98AF410F}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 SDK (HKLM\...\{D57A4C2B-C92F-46BF-9EFE-4EDD49E88628}) (Version: 16.0.0.388 - Corel Corporation)
WordPerfect OfficeReady (HKLM\...\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}) (Version: 1.0 - Corel Corporation.)
XML Notepad 2007 (HKLM\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> F:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000_Classes\CLSID\{28D8ABA0-4B78-11CE-B27D-00AA001F73C1}\InprocServer32 -> C:\Program Files\Windows Resource Kits\Tools\iviewers.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> F:\Program Files\Autodesk\DWG TrueView 2016 - English\en-US\dwgviewrficn.dll (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000_Classes\CLSID\{57EFBF49-4A8B-11CE-870B-0800368D2302}\InprocServer32 -> C:\Program Files\Windows Resource Kits\Tools\iviewers.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000_Classes\CLSID\{7CE551EA-F85C-11CE-9059-080036F12502}\InprocServer32 -> C:\Program Files\Windows Resource Kits\Tools\iviewers.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000_Classes\CLSID\{7CE551EB-F85C-11CE-9059-080036F12502}\InprocServer32 -> C:\Program Files\Windows Resource Kits\Tools\iviewers.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> F:\Program Files\TextPad 5\System\shellext32.dll (Helios Software Solutions) [File not signed]
CustomCLSID: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000_Classes\CLSID\{D2AF7A60-4C42-11CE-B27D-00AA001F73C1}\InprocServer32 -> C:\Program Files\Windows Resource Kits\Tools\iviewers.dll (Microsoft Corporation) [File not signed]
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2019-03-25] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2019-03-25] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2019-03-25] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2019-03-25] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => F:\Program Files\Notepad++\NppShell_05.dll -> No File
ContextMenuHandlers1: [CuteFTP] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => F:\Program Files\GlobalSCAPE\CuteFTP\CuteShell.dll [2000-09-26] () [File not signed]
ContextMenuHandlers1: [PowerDesk Menu] -> {26E7F081-EB97-11d3-9239-006008D2D00F} => F:\Program Files\Avanquest\PowerDesk\PDShExt.dll [2012-12-14] (Avanquest Publishing USA, Inc.) [File not signed]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [CuteFTP] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => F:\Program Files\GlobalSCAPE\CuteFTP\CuteShell.dll [2000-09-26] () [File not signed]
ContextMenuHandlers2: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => f:\Program Files\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2012-10-31] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => F:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [CuteFTP] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => F:\Program Files\GlobalSCAPE\CuteFTP\CuteShell.dll [2000-09-26] () [File not signed]
ContextMenuHandlers4: [PowerDesk Menu] -> {26E7F081-EB97-11d3-9239-006008D2D00F} => F:\Program Files\Avanquest\PowerDesk\PDShExt.dll [2012-12-14] (Avanquest Publishing USA, Inc.) [File not signed]
ContextMenuHandlers4: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => f:\Program Files\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2012-10-31] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => F:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => F:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1_S-1-5-21-4166634823-2150066620-1418166359-1000: [TextPad] -> {ABECE8A0-FF84-4efb-82AE-9B3181CE097D} => F:\Program Files\TextPad 5\System\shellext32.dll [2007-03-27] (Helios Software Solutions) [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\system32\ir50_32.dll [746496 2009-07-13] (Microsoft Windows -> Intel Corporation)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name="BVTConsumer"",Filter="__EventFilter.Name="BVTFilter"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Chris\Desktop\schmgrReport.bat.lnk -> F:\AutoIt scripts\ATIH backup settings\schmgrReport.bat ()
==================== Loaded Modules (Whitelisted) =============
2016-11-09 17:33 - 2016-11-09 17:33 - 000026112 _____ () [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\boost_chrono-vc110-mt-1_54.dll
2016-11-09 17:33 - 2016-11-09 17:33 - 000041472 _____ () [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\boost_date_time-vc110-mt-1_54.dll
2016-11-09 17:33 - 2016-11-09 17:33 - 000101376 _____ () [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\boost_filesystem-vc110-mt-1_54.dll
2016-11-09 17:33 - 2016-11-09 17:33 - 000532480 _____ () [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\boost_log-vc110-mt-1_54.dll
2016-11-09 17:33 - 2016-11-09 17:33 - 000016896 _____ () [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\boost_system-vc110-mt-1_54.dll
2016-11-09 17:33 - 2016-11-09 17:33 - 000081408 _____ () [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\boost_thread-vc110-mt-1_54.dll
2007-05-03 17:38 - 2007-05-03 17:38 - 000036864 _____ () [File not signed] c:\program files\hp\hp ut\bin\enumeration.dll
2007-05-03 17:38 - 2007-05-03 17:38 - 000016384 _____ () [File not signed] c:\program files\hp\hp ut\bin\hpstreamsinterface.dll
2007-05-03 17:38 - 2007-05-03 17:38 - 000110592 _____ () [File not signed] c:\program files\hp\hp ut\bin\hptoolkit.dll
2007-05-03 17:38 - 2007-05-03 17:38 - 000061440 _____ () [File not signed] c:\program files\hp\hp ut\bin\hptools.dll
2007-05-03 17:38 - 2007-05-03 17:38 - 000057344 _____ () [File not signed] c:\program files\hp\hp ut\bin\hpusagetracking.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 000010752 _____ () [File not signed] c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 003289088 _____ () [File not signed] c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d3f5dc3c\mscorlib.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 002994176 _____ () [File not signed] c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_8cb17cfd\system.windows.forms.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 002076672 _____ () [File not signed] c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_eadb1e09\system.xml.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 001929216 _____ () [File not signed] c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_9009abfc\system.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 000022016 _____ () [File not signed] C:\Windows\system32\docobj.dll
2012-12-14 11:50 - 2012-12-14 11:50 - 000107520 _____ () [File not signed] C:\Windows\system32\FileMonitor32.dll
2014-06-04 06:43 - 2014-06-04 06:43 - 000204800 _____ () [File not signed] C:\Windows\System32\lmadxninpa.DLL
2014-06-04 06:43 - 2014-06-04 06:43 - 001126400 _____ () [File not signed] C:\Windows\System32\LMADXNLANG.DLL
2013-10-16 13:08 - 2012-08-31 15:01 - 000069632 _____ () [File not signed] C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2012-12-14 11:51 - 2012-12-14 11:51 - 000011264 _____ () [File not signed] F:\Program Files\Avanquest\PowerDesk\DClickDesktopHook.dll
2012-12-14 11:36 - 2012-12-14 11:36 - 000011264 _____ () [File not signed] F:\Program Files\Avanquest\PowerDesk\mxcview.dll
2012-12-14 11:37 - 2012-12-14 11:37 - 000111616 _____ () [File not signed] F:\Program Files\Avanquest\PowerDesk\mxgview.dll
2013-10-29 11:08 - 2000-09-26 07:38 - 000143360 _____ () [File not signed] F:\Program Files\GlobalSCAPE\CuteFTP\CuteShell.dll
2015-03-17 18:01 - 2012-08-03 06:43 - 000548864 ____N () [File not signed] F:\Program Files\Lexmark\ErrorApp\lm__ac.dll
2015-03-17 18:01 - 2012-08-07 08:37 - 000217088 ____N () [File not signed] F:\Program Files\Lexmark\ErrorApp\lmab1err.dll
2012-12-14 11:52 - 2012-12-14 11:52 - 000314368 _____ (Avanquest Publishing USA, Inc.) [File not signed] F:\Program Files\Avanquest\PowerDesk\PDShExt.dll
2012-12-14 11:41 - 2012-12-14 11:41 - 000122368 _____ (Avanquest Software) [File not signed] F:\Program Files\Avanquest\PowerDesk\MXPM.DLL
2012-12-14 11:43 - 2012-12-14 11:43 - 000123392 _____ (Avanquest Software) [File not signed] F:\Program Files\Avanquest\PowerDesk\pddlghlp.dll
2005-09-07 13:03 - 2005-09-07 13:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files\Nuance\PaperPort\blicectr.dll
2016-11-09 17:32 - 2016-11-09 17:32 - 000620032 _____ (Condusiv Technologies) [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\Common.dll
2016-11-09 17:33 - 2016-11-09 17:33 - 000142848 _____ (Condusiv Technologies) [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\DkTabProvider.dll
2015-01-14 07:00 - 2015-01-14 07:00 - 004118528 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\Qt5Core.dll
2015-01-14 07:00 - 2015-01-14 07:00 - 000848384 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\Qt5Network.dll
2015-01-14 07:00 - 2015-01-14 07:00 - 000153088 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\Qt5Xml.dll
2007-03-27 15:24 - 2007-03-27 15:24 - 000061440 _____ (Helios Software Solutions) [File not signed] F:\Program Files\TextPad 5\System\shellext32.dll
2007-01-15 13:16 - 2007-01-15 13:16 - 000114688 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2007-01-15 13:17 - 2007-01-15 13:17 - 000172032 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2006-10-03 11:55 - 2006-10-03 11:55 - 000139264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2006-12-12 00:45 - 2006-12-12 00:45 - 000401408 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
2007-05-23 21:22 - 2007-05-23 21:22 - 000030720 _____ (Hewlett-Packard Company) [File not signed] C:\Windows\System32\hpz3llhn.dll
2013-11-17 23:25 - 2007-01-25 14:24 - 000286208 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpp4wm.DLL
2015-03-21 10:17 - 2007-05-23 21:22 - 000089600 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpplhn.dll
2006-08-30 13:32 - 2006-08-30 13:32 - 000049152 _____ (Hewlett-Packard) [File not signed] C:\Windows\system32\FXCompChannel.DLL
2007-03-09 03:19 - 2007-03-09 03:19 - 000077824 _____ (Hewlett-Packard) [File not signed] C:\Windows\System32\hppaecpm.dll
2007-03-22 12:45 - 2007-03-22 12:45 - 000573440 _____ (Hewlett-Packard) [File not signed] C:\Windows\system32\hpxp3390.dll
2010-08-06 12:13 - 2010-08-06 12:13 - 000044032 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 12:13 - 2010-08-06 12:13 - 000053760 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2017-11-29 18:36 - 2017-08-28 06:40 - 000049152 ____N (Igor Pavlov) [File not signed] F:\Program Files\7-Zip\7-zip.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 000683200 ____N (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer32.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 003003584 ____N (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 000244928 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper32.dll
2002-04-10 10:19 - 2002-04-10 10:19 - 000118784 _____ (LEAD Technologies, Inc.) [File not signed] C:\Windows\System32\LTFIL11n.DLL
2002-04-10 10:19 - 2002-04-10 10:19 - 000392192 _____ (LEAD Technologies, Inc.) [File not signed] C:\Windows\System32\LTKRN11n.dll
2015-03-17 18:02 - 2014-06-04 06:43 - 000212480 _____ (Lexmark International Inc.) [File not signed] C:\Windows\system32\spool\PRTPROCS\W32X86\LMADXN4C.DLL
2009-06-25 09:27 - 2009-06-25 09:27 - 000376832 _____ (Marvell Semiconductor, Inc.) [File not signed] C:\Windows\System32\mvtcpmon.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 000131072 _____ (Microsoft Corporation) [File not signed] c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 002039808 _____ (Microsoft Corporation) [File not signed] c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 001335296 _____ (Microsoft Corporation) [File not signed] c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
2013-11-17 23:26 - 2013-11-17 23:26 - 001216512 _____ (Microsoft Corporation) [File not signed] c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
2003-02-20 20:06 - 2003-02-20 20:06 - 000282624 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
2003-02-20 20:06 - 2003-02-20 20:06 - 000311296 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
2003-02-21 08:26 - 2003-02-21 08:26 - 002088960 _____ (Microsoft Corporation) [File not signed] c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
2003-02-20 20:09 - 2003-02-20 20:09 - 000077824 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
2003-02-20 20:08 - 2003-02-20 20:08 - 002482176 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
2003-02-21 05:42 - 2003-02-21 05:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
2007-01-15 13:20 - 2007-01-15 13:20 - 000241664 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2013-11-03 14:51 - 2014-06-04 06:43 - 000758784 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\PS5UI.DLL
2013-11-03 14:51 - 2014-06-04 06:43 - 000558080 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
2013-10-25 14:13 - 2013-10-25 14:13 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2009-06-25 09:26 - 2009-06-25 09:26 - 000126976 _____ (OpenSLP) [File not signed] C:\Windows\System32\slp32.dll
2022-02-26 14:18 - 2021-06-19 02:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2012-12-14 11:28 - 2012-12-14 11:28 - 000696832 _____ (STLport Consulting, Inc.) [File not signed] F:\Program Files\Avanquest\PowerDesk\stlport.5.2.dll
2019-03-25 21:30 - 2019-03-25 21:30 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files\Acronis\TrueImageHome\icudt54.dll
2019-03-25 21:30 - 2019-03-25 21:30 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files\Acronis\TrueImageHome\icuin54.dll
2019-03-25 21:30 - 2019-03-25 21:30 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files\Acronis\TrueImageHome\icuuc54.dll
2015-01-14 07:00 - 2015-01-14 07:00 - 023512540 _____ (The ICU Project) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\icudt52.dll
2015-01-14 07:00 - 2015-01-14 07:00 - 001424345 _____ (The ICU Project) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\icuin52.dll
2015-01-14 07:00 - 2015-01-14 07:00 - 001072602 _____ (The ICU Project) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\icuuc52.dll
2016-11-09 17:33 - 2016-11-09 17:33 - 001295872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\LIBEAY32.dll
2016-11-09 17:33 - 2016-11-09 17:33 - 000273408 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Condusiv Technologies\Diskeeper\SSLEAY32.dll
2022-02-26 14:18 - 2018-11-22 17:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll
2022-02-26 14:18 - 2018-11-22 17:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll
2015-03-17 18:01 - 2011-07-07 05:02 - 000335872 ____N (TODO: <Company name>) [File not signed] F:\Program Files\Lexmark\ErrorApp\NpaParser.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7947 more sites.
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\123simsen.com -> www.123simsen.com
There are 7947 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2022-04-07 12:30 - 000454336 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15617 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Windows Resource Kits\Tools\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Condusiv Technologies\Diskeeper\TCE\;C:\PROGRA~1\CONDUS~1\DISKEE~1\;C:\Program Files\Common Files\Acronis\VirtualFile\;C:\Program Files\Common Files\Acronis\FileProtector\;C:\Program Files\Common Files\Acronis\SnapAPI\
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupreg: ToolBoxFX => "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EBDDD846-801E-48AE-B509-66D8B92650F6}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe => No File
FirewallRules: [{26FC5F17-CF91-4358-AF93-570262B89E2C}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe => No File
FirewallRules: [{98D9F9A5-C382-44C4-A820-78DBDDAEE185}] => (Allow) LPort=9100
FirewallRules: [{1F1D3D76-6FAA-499F-AA0B-038BC0B8D6E9}] => (Allow) LPort=427
FirewallRules: [{47E372C1-8768-4A61-A792-8B5D32A9B6B5}] => (Allow) LPort=161
FirewallRules: [{3E46316B-F4D2-42D3-8643-3DCED4413562}] => (Allow) LPort=427
FirewallRules: [TCP Query User{054A7DAF-2D7E-4FAB-A276-79C5A342F349}F:\program files\globalscape\cuteftp\cutftp32.exe] => (Allow) F:\program files\globalscape\cuteftp\cutftp32.exe (GlobalSCAPE, Inc.) [File not signed]
FirewallRules: [UDP Query User{AAD756BC-2D04-4728-BD30-1576279EBCC3}F:\program files\globalscape\cuteftp\cutftp32.exe] => (Allow) F:\program files\globalscape\cuteftp\cutftp32.exe (GlobalSCAPE, Inc.) [File not signed]
FirewallRules: [{54A4E472-29D2-41CB-BADF-9CA40746588F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9E7A7DDD-0863-4017-836A-6DB11A0CDB00}] => (Allow) F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9C82A641-0877-4AEE-BB08-BE75BE31644B}] => (Allow) F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3653838F-07F7-4E0B-A200-119BC5EC4340}F:\program files\mozilla firefox\firefox.exe] => (Block) F:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{7ABA8A90-407B-430D-8929-2ADDC6CC53D8}F:\program files\mozilla firefox\firefox.exe] => (Block) F:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C23F12FF-1779-4FC6-B5F7-25A61FA9D289}] => (Allow) F:\Program Files\Lexmark\Status Center\lmsmc.exe (Lexmark International, Inc. -> )
FirewallRules: [{BFE09928-4791-40DB-B097-CEA2FDF4C003}] => (Allow) F:\Program Files\Lexmark\Status Center\lmsmc.exe (Lexmark International, Inc. -> )
FirewallRules: [{7BEE059F-1A46-4951-8C0A-0E413FA3197F}] => (Allow) D:\Install\x86\InstallGui.exe => No File
FirewallRules: [{4BEC2007-033C-40F2-8E04-EE7D8EF563F3}] => (Allow) D:\Install\x86\InstallGui.exe => No File
FirewallRules: [{6A52C645-0B63-4A90-B661-F728E091C0DD}] => (Allow) F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{45800C23-03CE-431F-A108-73C806C72CE2}] => (Allow) F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2A893C07-6CEA-4F17-8D03-A953816EAED4}] => (Allow) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
FirewallRules: [{3F74D2B4-D755-448D-9F93-E207206F2E42}] => (Allow) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
FirewallRules: [TCP Query User{8E613441-113C-48BC-B514-00837BBF519C}C:\program files\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files\acronis\trueimagehome\trueimage.exe (Acronis International GmbH -> )
FirewallRules: [UDP Query User{DCE23AE7-5816-41A4-BD58-415FB3EF031B}C:\program files\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files\acronis\trueimagehome\trueimage.exe (Acronis International GmbH -> )
FirewallRules: [{F93CEB76-BFC1-4572-A00F-D8CBFD7C1C77}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA5580AB-0A43-4E64-9708-F00BBF387691}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{61A06813-CFFF-41C9-A39B-1F9083BC30C1}H:\comments\utilities\cutftp32.exe] => (Allow) H:\comments\utilities\cutftp32.exe => No File
FirewallRules: [UDP Query User{3C1D61AD-6C50-49F8-8116-4FCB9C51652D}H:\comments\utilities\cutftp32.exe] => (Allow) H:\comments\utilities\cutftp32.exe => No File
FirewallRules: [TCP Query User{0304635B-2E24-48AA-A4D6-151934E3F595}F:\program files\filezilla ftp client\filezilla.exe] => (Block) F:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [UDP Query User{1A71B744-E339-42BF-8C3A-4DC75D352C46}F:\program files\filezilla ftp client\filezilla.exe] => (Block) F:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project)
FirewallRules: [{3376F186-3350-4145-A787-3AA98DF4E075}] => (Allow) C:\Users\Chris\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{045173D7-99E6-436E-8F0A-037BBD9D11C4}] => (Allow) C:\Users\Chris\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{78CF7A5F-F8AA-4D52-AA0E-8761AA743E3A}] => (Allow) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{6FFD6A8B-C2B6-4D7A-80C3-81FE04466860}] => (Allow) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{D495AC9E-443E-444B-A0F5-680F9115543A}] => (Allow) C:\Program Files\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{6B5F8350-A2E2-4A14-A3D3-7B4B5F08011A}] => (Allow) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{A52BE098-6019-4479-B568-41147056B4CD}] => (Allow) C:\Program Files\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{9BAF94E4-68C8-4287-88E3-B6217DE30555}] => (Allow) C:\Program Files\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{5A53A078-F3C0-4E78-877F-9580B137F3EA}] => (Allow) C:\Program Files\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{0076D6B0-DBC0-4221-8AAD-98C47424F403}] => (Allow) C:\Program Files\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{A122D8EC-869D-4C94-9654-8E82A1F28B59}] => (Allow) C:\Program Files\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{B7902BB3-B99F-479A-93F8-D141B74FEE16}] => (Allow) C:\Program Files\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{CE8EB291-8EA2-4CCB-BD23-3A4538B06E48}] => (Allow) C:\Program Files\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{AD0F7DD2-6A47-4B4A-8400-393F7FD5F0D0}] => (Allow) C:\Program Files\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{502FF050-5B69-47C4-B75A-B0A3E28DC79C}] => (Allow) C:\Program Files\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{0245EC2F-47DF-46E4-9F32-E602466F9041}] => (Allow) C:\Program Files\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> )
FirewallRules: [{F4DB42B3-8DD8-4311-BB51-DBF995A38E74}] => (Allow) C:\Program Files\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{822512EF-9F51-4A9C-8347-E00EECE38E5F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
==================== Restore Points =========================
31-03-2022 17:52:35 Installed StudioTax 2021
08-04-2022 00:18:35 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/05/2022 12:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/05/2022 12:29:25 PM) (Source: Spybot Auto Update) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/31/2022 03:38:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpwin16.exe, version: 16.0.0.427, time stamp: 0x5091e4ef
Faulting module name: wpwin16.dll, version: 16.0.0.428, time stamp: 0x51029abc
Exception code: 0xc0000005
Fault offset: 0x0041f348
Faulting process id: 0xa59c
Faulting application start time: 0x01d84535704cfa96
Faulting application path: F:\Program Files\Corel\WordPerfect Office X6\Programs\wpwin16.exe
Faulting module path: F:\Program Files\Corel\WordPerfect Office X6\Programs\wpwin16.dll
Report Id: 15d92f83-b12a-11ec-9ae8-74d02b282604
Error: (03/28/2022 01:10:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/28/2022 12:14:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.9.82.16, time stamp: 0x6193b8b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24291, time stamp: 0x5be78231
Exception code: 0x0eedfade
Fault offset: 0x0000845d
Faulting process id: 0x1ce08
Faulting application start time: 0x01d842bef6bb7acd
Faulting application path: C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 34f9399e-aeb2-11ec-b7aa-74d02b282604
Error: (03/22/2022 11:15:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpwin16.exe, version: 16.0.0.427, time stamp: 0x5091e4ef
Faulting module name: wpwin16.dll, version: 16.0.0.428, time stamp: 0x51029abc
Exception code: 0xc0000005
Fault offset: 0x0041f348
Faulting process id: 0x5364
Faulting application start time: 0x01d83e0ad752d7f3
Faulting application path: F:\Program Files\Corel\WordPerfect Office X6\Programs\wpwin16.exe
Faulting module path: F:\Program Files\Corel\WordPerfect Office X6\Programs\wpwin16.dll
Report Id: 8dac7024-aa57-11ec-b7aa-74d02b282604
Error: (03/21/2022 10:20:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/21/2022 09:53:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDOnAccess.exe, version: 2.9.82.16, time stamp: 0x6193b8b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24291, time stamp: 0x5be78231
Exception code: 0x0eedfade
Fault offset: 0x0000845d
Faulting process id: 0x35d0c
Faulting application start time: 0x01d83d2b0c37368e
Faulting application path: C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 4a7756bf-a91e-11ec-adb1-74d02b282604
System errors:
=============
Error: (04/09/2022 01:31:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
Error: (04/07/2022 07:29:01 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer AMPED_RE_USB
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{61A2128C-D99C-413E-B4E8-292F8.
The master browser is stopping or an election is being forced.
Error: (04/07/2022 05:55:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR10.
Error: (04/07/2022 05:55:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR10.
Error: (04/07/2022 05:55:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR10.
Error: (04/07/2022 05:55:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR10.
Error: (04/07/2022 03:38:32 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR6.
Error: (04/07/2022 12:25:40 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer AMPED_RE_USB
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{61A2128C-D99C-413E-B4E8-292F8.
The master browser is stopping or an election is being forced.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1101 02/06/2013
Motherboard: ASUSTeK COMPUTER INC. P8H77-M
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 68%
Total physical RAM: 3269.51 MB
Available physical RAM: 1031.39 MB
Total Virtual: 6537.38 MB
Available Virtual: 3238.85 MB
==================== Drives ================================
Drive c: (MWin) (Fixed) (Total:60 GB) (Free:8.6 GB) NTFS
Drive f: (MProgs) (Fixed) (Total:50 GB) (Free:37.08 GB) NTFS
Drive g: (MDataH) (Fixed) (Total:20 GB) (Free:11.02 GB) NTFS
Drive h: (MDataC) (Fixed) (Total:20 GB) (Free:8.12 GB) NTFS
Drive w: (PDataH) (Network) (Total:30 GB) (Free:21.25 GB) NTFS
Drive x: (PDataC) (Network) (Total:30 GB) (Free:22.81 GB) NTFS
Drive y: (PProgs) (Network) (Total:50 GB) (Free:46.57 GB) NTFS
Drive z: (KDataH2) (Network) (Total:492.06 GB) (Free:445.94 GB) NTFS
\\?\Volume{0a4c5e07-32d3-11e3-892a-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 92C3177A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=90 GB) - (Type=05)
==================== End of Addition.txt =======================
FRST.txt
--------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-04-2022
Ran by Chris (administrator) on MOLLY (09-04-2022 13:27:57)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(explorer.exe ->) () [File not signed] C:\Program Files\HP\HP UT\bin\hppusg.exe
(explorer.exe ->) () [File not signed] F:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
(explorer.exe ->) (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(explorer.exe ->) (Acronis International GmbH -> ) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(explorer.exe ->) (Acronis International GmbH -> ) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(explorer.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(explorer.exe ->) (Avanquest Software) [File not signed] F:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
(explorer.exe ->) (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(explorer.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Josh Mayfield -> UltimateOutsider) F:\Program Files\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(explorer.exe ->) (Lexmark International, Inc. -> ) F:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(explorer.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(explorer.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(F:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) F:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (CONDUSIV TECHNOLOGIES -> Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
(services.exe ->) (Dassault Systèmes) [File not signed] C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) F:\Program Files\Foxit Software\Foxit Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) F:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5995152 2012-10-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2012-02-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2012-02-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM\...\Run: [QuickFinder Scheduler] => f:\Program Files\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [155592 2012-10-31] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [HPUsageTracking] => "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT" (No File)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [GwxControlPanelMonitor] => F:\Program Files\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (Josh Mayfield -> UltimateOutsider)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4992504 2022-01-12] (Acronis International GmbH -> )
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [752168 2019-03-25] (Acronis International GmbH -> )
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [PDHookServer] => F:\Program Files\Avanquest\PowerDesk\PDHookServer.exe [60416 2012-12-14] () [File not signed]
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [LMab1err] => F:\Program Files\Lexmark\ErrorApp\lmab1err.exe [645296 2012-08-07] (Lexmark International, Inc. -> )
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (No File)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (No File)
HKLM\...\Windows NT x86\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\W32X86\HP1100PP.DLL [69632 2012-08-31] () [File not signed]
HKLM\...\Windows NT x86\Print Processors\HPZPP4wm: C:\Windows\System32\spool\prtprocs\W32X86\hpzpp4wm.DLL [286208 2007-01-25] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows NT x86\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\W32X86\hpzpplhn.dll [89600 2007-05-23] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows NT x86\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\W32X86\hpzppwn7.dll [90624 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows NT x86\Print Processors\LMADXN4C: C:\Windows\System32\spool\prtprocs\W32X86\LMADXN4C.DLL [212480 2014-06-04] (Lexmark International Inc.) [File not signed]
HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor: C:\Windows\system32\mvtcpmon.dll [376832 2009-06-25] (Marvell Semiconductor, Inc.) [File not signed]
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon2k.dll [89136 2013-10-23] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\HP DriverMon LJ3390: C:\Windows\system32\hppaecpm.dll [77824 2007-03-09] (Hewlett-Packard) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [172032 2007-01-15] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\HP1100LM: HP1100LM.DLL
HKLM\...\Print\Monitors\LM_LMADXN: C:\Windows\system32\LMADXNLANG.DLL [1126400 2014-06-04] () [File not signed]
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [30720 2007-05-23] (Hewlett-Packard Company) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lwn7: C:\Windows\system32\hpz3lwn7.dll [30720 2009-07-13] (Microsoft Windows -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-07] (Google LLC -> Google LLC)
AppInit_DLLs: C:\Windows\system32\FileMonitor32.dll => C:\Windows\system32\FileMonitor32.dll [107520 2012-12-14] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2016-10-11]
ShortcutTarget: Microsoft Find Fast.lnk -> F:\Program Files\Microsoft Office\Office\FINDFAST.EXE () [File not signed]
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dialog Helper.lnk [2013-10-25]
ShortcutTarget: Dialog Helper.lnk -> F:\Program Files\Avanquest\PowerDesk\pddlghlp.exe (Avanquest Software) [File not signed]
BootExecute: autocheck autochk * sdnclean.exe
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B6E885F-D349-4707-90FB-E92D8FE6010E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {1D6AB74A-A772-4B8E-B4D2-A97C1042D171} - System32\Tasks\Microsoft\Windows\Time Synchronization\C Sync Time => Command(1): %windir%\system32\sc.exe -> start w32time task_started
Task: {1D6AB74A-A772-4B8E-B4D2-A97C1042D171} - System32\Tasks\Microsoft\Windows\Time Synchronization\C Sync Time => Command(2): %windir%\system32\w32tm.exe -> /resync /nowait
Task: {2CE6DDEA-14B8-4C58-98C4-178BDA741566} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {2F14BB0A-70F8-47D2-9BAB-2C333EC54B2B} - System32\Tasks\My Alarm\My Alarm005 => F:\Program Files\AutoIt3\Beta\AutoIt3.exe [943784 2020-05-16] (AutoIt Consulting Ltd -> AutoIt Team) -> "F:\AutoIt scripts\MyAlarm.au3" "Make Make Subs DL Web Page, Upload, and Email notice (week) 102d1.wcm production version" "~ty dt" "~ed 2022-04-25" "/st 13:17" "/tn My Alarm\My Alarm005"
Task: {2F9EC57E-F920-4EF6-88F4-CA3DACFEAD02} - System32\Tasks\Intel_F_CVCV3191005V240FGN => C:\Program Files\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [1508096 2017-05-23] (Intel(R) Corporation - NAND Flash Memory -> Intel)
Task: {49307A00-9295-4C6C-9C8E-A622A9D87B2B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {5DD4AF47-439D-426D-B8D4-7BA020FCE5C9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {67A38BA1-9134-4157-A326-47AA7F4059D3} - System32\Tasks\{850D6D04-DD46-49C0-9A3B-4CD1B86ADB2D} => C:\Windows\system32\pcalua.exe -a "H:\DL\Irfanview 4_54\iview454_setup.exe" -d "H:\DL\Irfanview 4_54"
Task: {6D3D40F5-BD27-4434-9345-58EF95E4CFD1} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [8790696 2019-12-18] (Safer-Networking Ltd. -> )
Task: {71E34AD2-0884-4D08-B0A3-0E3B594D9A40} - System32\Tasks\Intel_C_CVCV3191005V240FGN => C:\Program Files\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [1508096 2017-05-23] (Intel(R) Corporation - NAND Flash Memory -> Intel)
Task: {810AF7D6-8EBC-49C1-90CB-31AADAAE7FFB} - System32\Tasks\My Alarm\My Alarm001 => F:\Program Files\AutoIt3\Beta\AutoIt3.exe [943784 2020-05-16] (AutoIt Consulting Ltd -> AutoIt Team) -> "F:\AutoIt scripts\MyAlarm.au3" "Pay Hudson Hardware" "~ty bt" "~bm 4" "~dk calendar" "/st 11:00" "~am 0" "/tn My Alarm\My Alarm001"
Task: {85C317C4-0E0A-4C2D-8A94-8A096F45988C} - System32\Tasks\Intel_H_CVCV3191005V240FGN => C:\Program Files\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [1508096 2017-05-23] (Intel(R) Corporation - NAND Flash Memory -> Intel)
Task: {8A7E0DA5-90E9-4113-B4EC-1FCD3E04E8D2} - System32\Tasks\My Alarm\My Alarm002 => F:\Program Files\AutoIt3\Beta\AutoIt3.exe [943784 2020-05-16] (AutoIt Consulting Ltd -> AutoIt Team) -> "F:\AutoIt scripts\MyAlarm.au3" "Send Comments" "~ty wt" "/d Tue" "/st 20:00" "~am 0" "/tn My Alarm\My Alarm002"
Task: {AB61584E-29DA-49C8-89AF-FAD6469B4560} - System32\Tasks\{2B37C955-537D-4B6E-833E-52C603FFA80B} => C:\Windows\system32\pcalua.exe -a "H:\DL\Irfanview 4_54\iview454a_plugins_setup.exe" -d "H:\DL\Irfanview 4_54"
Task: {B4A21C92-41B5-4627-B5AB-91DFA73BAA16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {BD222059-A389-45E4-A0C3-B99EC876BD92} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {BFC5DF99-3D59-4D1C-A40A-0632B292EAA6} - System32\Tasks\{82065A16-7231-4FA4-86D6-75CC5D970F17} => C:\QV2\QV2.EXE [383520 1992-11-06] () [File not signed]
Task: {C388E02D-C331-4983-8D65-0B46CF5AD7EB} - System32\Tasks\Intel_G_CVCV3191005V240FGN => C:\Program Files\Intel\Intel(R) SSD Toolbox\Intel SSD Toolbox.exe [1508096 2017-05-23] (Intel(R) Corporation - NAND Flash Memory -> Intel)
Task: {CE666DA6-5038-47DD-88B2-138B7D9D635C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {D44B75A7-4A96-4FC9-9E5E-A9DFCDA6B8C5} - System32\Tasks\{03AF8397-0B59-4BDC-9C2F-C6D0D41103F9} => C:\Windows\system32\pcalua.exe -a "F:\Program Files\Avanquest\PowerDesk\PDExploNXP.exe"
Task: {E2379398-F40A-492B-955B-CA5F183278F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe [5886744 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {E24E5581-902C-4661-ABBB-4834EB96726D} - System32\Tasks\_My Alarm => "F:\AutoIt scripts\MyAlarm.au3" [Argument = showMissedAtLogin]
Task: {E3A63D79-6E85-4A58-8519-408AA043BA8A} - System32\Tasks\My Alarm\My Alarm003 => F:\Program Files\AutoIt3\Beta\AutoIt3.exe [943784 2020-05-16] (AutoIt Consulting Ltd -> AutoIt Team) -> "F:\AutoIt scripts\MyAlarm.au3" "Make Make Comments web pages SSI 101d1.wcm production version" "~ty dt" "~ed 2022-04-24" "/st 14:29" "/tn My Alarm\My Alarm003"
Task: {F3BF17EF-B561-4E61-9EB1-C3138185B10F} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe /silent (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-4166634823-2150066620-1418166359-1000] => localhost:8080
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{61A2128C-D99C-413E-B4E8-292F8A12B08D}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF DefaultProfile: fh8ss4av.default-1472575210563-1504725635353
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5o4091bm.default-release [2022-04-07]
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fh8ss4av.default-1472575210563-1504725635353 [2022-04-09]
FF Notifications: Mozilla\Firefox\Profiles\fh8ss4av.default-1472575210563-1504725635353 -> hxxps://www.autoitscript.com
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fh8ss4av.default-1472575210563-1504725635353\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-24]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
StartMenuInternet: FIREFOX.EXE - F:\Program Files\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2022-04-07]
CHR Extension: (Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-21]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-21]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-25]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcronisActiveProtectionService; C:\Program Files\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [4387696 2022-01-12] (Acronis International GmbH -> Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [1155344 2019-03-25] (Acronis International GmbH -> )
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [6341824 2022-02-13] (Acronis International GmbH -> )
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation - pGFX -> Intel Corporation)
R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2461408 2016-11-09] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [95232 2015-01-14] (Dassault Systèmes) [File not signed]
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2015-03-01] (Flexera Software LLC -> Flexera Software LLC)
R2 FoxitReaderUpdateService; F:\Program Files\Foxit Software\Foxit Reader\FoxitPDFReaderUpdateService.exe [2359424 2022-01-21] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel® Upgrade Service -> Intel(R) Corporation)
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation -> Intel Corporation)
R2 MBAMService; F:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5959136 2022-03-05] (Malwarebytes Inc -> Malwarebytes)
R2 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4882992 2022-01-12] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files\Acronis\TrueImageHome\mobile_backup_status_server.exe [1782696 2022-01-12] (Acronis International GmbH -> )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7184848 2022-01-12] (Acronis International GmbH -> )
S3 Tib Mounter Service; C:\Program Files\Common Files\Acronis\TibMounter\tib_mounter_service.exe [6057488 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [35600 2013-05-06] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R3 DKRtWrt; C:\Windows\system32\drivers\DKRtWrt.sys [42136 2016-01-28] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [94448 2014-04-14] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [494600 2022-02-13] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [291264 2022-02-13] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [9344 2006-04-04] (Hewlett Packard) [File not signed]
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15680 2012-05-20] (Intel Corporation -> Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [350016 2012-05-20] (Intel Corporation -> Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793920 2012-05-20] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [184200 2022-04-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [213936 2022-03-05] (Malwarebytes Inc -> Malwarebytes)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation -> Intel Corporation)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [74328 2018-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R1 tcefs; C:\Windows\system32\drivers\tcefs.sys [22680 2015-08-18] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies Corporation)
R0 tcesd; C:\Windows\System32\drivers\tcesd.sys [200944 2016-07-19] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies Corporation)
S3 tib; C:\Windows\System32\DRIVERS\tib.sys [541816 2022-02-13] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [131016 2022-02-13] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [472584 2022-02-13] (Acronis International GmbH -> Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [251088 2022-02-13] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [176912 2022-02-13] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-09 13:27 - 2022-04-09 13:28 - 000029158 _____ C:\Users\Chris\Desktop\FRST.txt
2022-04-09 13:27 - 2022-04-09 13:28 - 000000000 ____D C:\FRST
2022-04-09 13:27 - 2022-04-09 13:27 - 000000000 ____D C:\Users\Chris\Desktop\FRST-OlderVersion
2022-04-07 12:30 - 2022-04-05 17:51 - 000454336 _____ C:\Windows\system32\Drivers\etc\hosts.20220407-123014.backup
2022-04-03 21:50 - 2022-04-03 21:50 - 006490743 _____ C:\Users\Chris\Downloads\27UD68_ENG_US.pdf
2022-03-31 22:47 - 2022-03-31 22:47 - 000829923 _____ C:\Users\Chris\Downloads\CanadaHelps8564927.pdf
2022-03-31 17:52 - 2022-03-31 17:52 - 000002115 _____ C:\Users\Public\Desktop\StudioTax 2021.lnk
2022-03-31 15:57 - 2022-03-31 15:57 - 000001654 _____ C:\Users\Chris\Desktop\StudioTax 2021.lnk
2022-03-31 15:56 - 2022-03-31 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2021
2022-03-31 12:30 - 2022-03-30 19:09 - 000454336 _____ C:\Windows\system32\Drivers\etc\hosts.20220331-123013.backup
2022-03-29 13:59 - 2022-04-09 13:27 - 002070528 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2022-03-24 12:30 - 2022-03-22 12:34 - 000454336 _____ C:\Windows\system32\Drivers\etc\hosts.20220324-123013.backup
2022-03-15 21:18 - 2022-03-15 21:18 - 012080232 _____ (Tim Kosse) C:\Users\Chris\Downloads\FileZilla_3.58.0_win32-setup.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-09 13:23 - 2013-10-11 22:28 - 000000000 ____D C:\Program Files\Google
2022-04-09 12:07 - 2016-11-19 23:31 - 000000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2022-04-09 09:47 - 2022-02-11 12:12 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-08 21:53 - 2013-11-25 10:56 - 000000000 ____D C:\Users\Chris\AppData\Roaming\ClassicShell
2022-04-08 12:25 - 2010-11-20 17:01 - 000795074 _____ C:\Windows\system32\PerfStringBackup.INI
2022-04-08 12:25 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2022-04-07 17:45 - 2013-11-17 23:41 - 000000000 ____D C:\Users\Chris\Documents\My Scans
2022-04-07 01:26 - 2019-08-30 00:11 - 000002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-07 01:26 - 2019-08-30 00:11 - 000002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-05 20:31 - 2017-01-08 18:48 - 000000000 ____D C:\Windows\system32\Tasks\My Alarm
2022-04-05 18:14 - 2009-07-14 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-04-05 17:53 - 2013-10-24 14:36 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2022-04-05 17:52 - 2019-11-13 17:24 - 000000000 ____D C:\Users\Chris\AppData\Roaming\FileZilla
2022-04-05 17:51 - 2014-05-20 09:40 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2022-04-05 17:51 - 1997-07-11 00:00 - 000021476 ____H C:\Windows\system32\FFASTLOG.TXT
2022-04-05 17:40 - 2013-11-03 15:00 - 000000000 ____D C:\Users\Chris\AppData\Local\CutePDF Writer
2022-04-05 12:40 - 2009-07-14 00:34 - 000032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-04-05 12:40 - 2009-07-14 00:34 - 000032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-04-05 12:33 - 2022-03-05 21:37 - 000184200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-04-05 12:32 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-03-31 17:52 - 2021-04-03 18:10 - 000000000 ____D C:\Program Files\BHOK IT Consulting Inc
2022-03-31 16:05 - 2021-03-29 19:12 - 000000000 ____D C:\ProgramData\BHOK IT Consulting Inc
2022-03-31 16:00 - 2018-04-09 11:48 - 000000000 __SHD C:\ProgramData\ST
2022-03-31 16:00 - 2014-03-31 18:28 - 000000000 ____D C:\Users\Chris\AppData\Roaming\BHOK
2022-03-31 15:55 - 2021-03-01 18:50 - 000000000 ____D C:\Users\Chris\AppData\Roaming\BHOK IT Consulting Inc
2022-03-31 15:38 - 2013-10-22 18:58 - 000000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2022-03-30 19:55 - 2016-09-01 15:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-25 13:05 - 2019-11-13 17:24 - 000000951 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2022-03-25 13:05 - 2019-11-13 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
==================== Files in the root of some directories ========
2015-08-01 10:23 - 2018-10-31 12:47 - 000000240 _____ () C:\Users\Chris\AppData\Roaming\StringRegExpGUIPattern.dat
2013-11-17 23:27 - 2013-11-17 23:27 - 000000093 _____ () C:\Users\Chris\AppData\Local\fusioncache.dat
2013-10-23 09:20 - 2021-02-02 19:47 - 000007606 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2022-04-07 00:54
==================== End of FRST.txt ========================
Really didn't see much but we can tidy up and see if anything improves from doing that.
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Start::
CloseProcesses:
CreateRestorePoint:
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => F:\Program Files\Notepad++\NppShell_05.dll -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FirewallRules: [{EBDDD846-801E-48AE-B509-66D8B92650F6}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe => No File
FirewallRules: [{26FC5F17-CF91-4358-AF93-570262B89E2C}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe => No File
FirewallRules: [{7BEE059F-1A46-4951-8C0A-0E413FA3197F}] => (Allow) D:\Install\x86\InstallGui.exe => No File
FirewallRules: [{4BEC2007-033C-40F2-8E04-EE7D8EF563F3}] => (Allow) D:\Install\x86\InstallGui.exe => No File
FirewallRules: [TCP Query User{61A06813-CFFF-41C9-A39B-1F9083BC30C1}H:\comments\utilities\cutftp32.exe] => (Allow) H:\comments\utilities\cutftp32.exe => No File
FirewallRules: [UDP Query User{3C1D61AD-6C50-49F8-8116-4FCB9C51652D}H:\comments\utilities\cutftp32.exe] => (Allow) H:\comments\utilities\cutftp32.exe => No File
FirewallRules: [{3376F186-3350-4145-A787-3AA98DF4E075}] => (Allow) C:\Users\Chris\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{045173D7-99E6-436E-8F0A-037BBD9D11C4}] => (Allow) C:\Users\Chris\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKLM\...\Run: [HPUsageTracking] => "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT" (No File)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {F3BF17EF-B561-4E61-9EB1-C3138185B10F} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe /silent (No File)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
Hosts:
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
EmptyTemp:
C:\Windows\Temp\*.*
End::
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Emsisoft Emergency Kit and save it to your desktop.
- Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
- Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
- After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
- When asked to run an online update, click Yes.
- When the update is finished, click the Back to Security Status link in the left corner.
- On the main screen click the Scan PC button.
- Select Smart Scan, then click the Scan button.
- When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
- Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
- Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
- Copy and paste the contents of that logfile in your next reply.
Last edited by Juliet; 2022-04-11 at 15:58.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Step 1 (of 2) done
fixlog.txt
--------
Fix result of Farbar Recovery Scan Tool (x86) Version: 13-04-2022 01
Ran by Chris (13-04-2022 14:12:14) Run:1
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => F:\Program Files\Notepad++\NppShell_05.dll -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FirewallRules: [{EBDDD846-801E-48AE-B509-66D8B92650F6}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe => No File
FirewallRules: [{26FC5F17-CF91-4358-AF93-570262B89E2C}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe => No File
FirewallRules: [{7BEE059F-1A46-4951-8C0A-0E413FA3197F}] => (Allow) D:\Install\x86\InstallGui.exe => No File
FirewallRules: [{4BEC2007-033C-40F2-8E04-EE7D8EF563F3}] => (Allow) D:\Install\x86\InstallGui.exe => No File
FirewallRules: [TCP Query User{61A06813-CFFF-41C9-A39B-1F9083BC30C1}H:\comments\utilities\cutftp32.exe] => (Allow) H:\comments\utilities\cutftp32.exe => No File
FirewallRules: [UDP Query User{3C1D61AD-6C50-49F8-8116-4FCB9C51652D}H:\comments\utilities\cutftp32.exe] => (Allow) H:\comments\utilities\cutftp32.exe => No File
FirewallRules: [{3376F186-3350-4145-A787-3AA98DF4E075}] => (Allow) C:\Users\Chris\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{045173D7-99E6-436E-8F0A-037BBD9D11C4}] => (Allow) C:\Users\Chris\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKLM\...\Run: [HPUsageTracking] => "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT" (No File)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {F3BF17EF-B561-4E61-9EB1-C3138185B10F} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe /silent (No File)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PDF Editor\plugins\npFoxitPhantomPDFPlugin.dll [No File]
Hosts:
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
EmptyTemp:
C:\Windows\Temp\*.*
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++ => removed successfully.
HKLM\Software\Classes\CLSID\{00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully.
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\Software\Microsoft\Internet Explorer\Main\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBDDD846-801E-48AE-B509-66D8B92650F6}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26FC5F17-CF91-4358-AF93-570262B89E2C}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BEE059F-1A46-4951-8C0A-0E413FA3197F}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BEC2007-033C-40F2-8E04-EE7D8EF563F3}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{61A06813-CFFF-41C9-A39B-1F9083BC30C1}H:\comments\utilities\cutftp32.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3C1D61AD-6C50-49F8-8116-4FCB9C51652D}H:\comments\utilities\cutftp32.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3376F186-3350-4145-A787-3AA98DF4E075}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{045173D7-99E6-436E-8F0A-037BBD9D11C4}" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HPUsageTracking" => removed successfully.
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
HKLM\SOFTWARE\Policies\Google => removed successfully.
HKU\S-1-5-21-4166634823-2150066620-1418166359-1000\SOFTWARE\Policies\Google => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3BF17EF-B561-4E61-9EB1-C3138185B10F}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3BF17EF-B561-4E61-9EB1-C3138185B10F}" => removed successfully.
C:\Windows\System32\Tasks\Tweaking.com - Registry Backup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Registry Backup" => removed successfully.
HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf => removed successfully.
HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => removed successfully.
HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= netsh int ip reset =========
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= ipconfig /flushDNS =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\AcronisMMS.log => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\fwtsqmfile00.sqm => moved successfully
C:\Windows\Temp\mbamiservice.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\TBitDefenderUpdaterThread.log => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5190380 B
Java, Flash, Steam htmlcache => 19291 B
Windows/system/drivers => 222904 B
Edge => 0 B
Chrome => 37213776 B
Firefox => 295120635 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 41053 B
LocalService => 41181 B
NetworkService => 2468799 B
Chris => 16657337 B
RecycleBin => 0 B
EmptyTemp: => 340.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:14:13 ====
Good deal. looking good so far.
Post the other log when finished.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
When I tried to download Emsisoft Emergence Kit, Firefox told me
emsisoft DL warning.jpg
Thoughts?
That is your browser alerting you of a possible download, which is what it's supposed to do, it would had been fine to allow it. but you don't have to use that one we can try a different one.
Go to https://download.eset.com/com/eset/t...inescanner.exe
It will start a download of "esetonlinescanner.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.
Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan
Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.
Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be.
You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked View detected results.
Click The blue Save scan log to save the log.
If something was removed and you know it is a false finding, you may click on the blue Restore cleaned files ( in blue, at bottom).
Press Continue when all done. You should click to off the offer for periodic scanning.
Please make sure you attach the log report.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
I chose to run EEK.
What I got, after downloading, differed substantially from the steps in your instructions.
A folder named C:\EEK was created with Start Emergency Kit Scanner.exe in it.
I double clicked it, and this showed:eek after updates.jpg
"Run Directly" did not show.
I accepted to run online update.
I did not see "Back to Security Status, nor did I see "Scan PC".
I am paused at this point, and will leave EEK as it is now.
Please advise.