ColorMania causing high disk usage + blue screen - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.com
2021-10-08 01:54:00 -
Posted 08 October 2021 - 03:54 AM
Hey guys!
Context:
- I might have torrented "Microsoft Office Pro Plus 2016" from a torrent website.
- Downloaded it, ran and install program, including this thing called KMSAuto.
- While executing KMS, there is mention of something like changing registry for activating MS Office every 10 days.
- After a day or two, suddenly high disk usage, followed by blue screen and auto restart of computer.
- I used RevoUninstaller to uninstall Microsoft Office Pro Plus 2016.
- I ran Kaspersky AV, quarantined and deleted 18 files.
- I ran MalwareBytes and removed a few more files.
- MalwareBytes currently reads 0 threats in safe mode, but when booted normally, blue screen persists
I noticed that other forum users have also encountered the ColorMania problem.
It would mean alot if I could get some help here to resolve this too.
Thanks!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2021
Ran by Joshua (administrator) on JOSHUA (SAMSUNG ELECTRONICS CO., LTD. 870Z5E/880Z5E/680Z5E) (08-10-2021 16:26:53)
Running from C:\Users\Joshua\Downloads
Loaded Profiles: Joshua
Platform: Windows 8 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <20>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-03-25] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3971584 2013-05-07] () [File not signed]
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-28] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2237256 2020-03-13] (voidtools -> voidtools)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1580368 2010-11-03] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8091424 2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Joshua\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-09-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5641776 2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Joshua\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-09-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91667312 2020-05-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [] => [X]
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [3649931] => /VERYSILENT
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [uTorrent] => C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe [2082792 2020-06-27] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [Spotify] => C:\Users\Joshua\AppData\Roaming\Spotify\Spotify.exe [18616456 2021-10-06] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5417008 2020-05-04] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\MountPoints2: D - "D:\setup.exe"
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65488 2020-05-04] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.71\Installer\chrmstp.exe [2021-10-07] (Google LLC -> Google LLC)
Startup: C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-10-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04564F1C-C6ED-46DA-8C37-5DF174B4AE90} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe
Task: {04A1746D-EED2-4540-AE08-2138303C3C1F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [233824 2012-09-13] (Intel® Services Manager -> Intel Corporation)
Task: {0DC0B7E9-B6DF-44CA-961C-814532E2A9A4} - System32\Tasks\GoogleUpdateSoftware => C:\Users\Joshua\AppData\Roaming\Google\GoogleDiagnostics.exe [800303616 2021-06-06] (Blacksun Software) [File not signed] <==== ATTENTION
Task: {0F00F19B-A956-43C2-8801-A8E25755005D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613232 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {25423CD6-ECA8-4ACF-B233-8D14FE730A92} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {2F41A80D-7E73-46A2-A527-00F45A31FF49} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {380FDC14-1EED-4C40-945F-AC6EE79C1753} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
Task: {3C091392-74F6-4C70-8439-3F0367B712AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-25] (Google LLC -> Google LLC)
Task: {43AED76B-EC7B-4019-8E5A-12C4A0EF5519} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13530184 2013-04-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\WINDOWS\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {44E1E3A4-5AEA-48B1-ACB0-33A70BA87DF4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {45723947-6E0B-432B-AF12-F0C2F55E956A} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [3474480 2013-05-01] (Samsung Electronics CO., LTD. -> SEC)
Task: {4644A096-EC9B-4B47-99FE-F1FF2B38AC2A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {50D1B70E-293D-4268-9AC3-6C5BC94B0260} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24613232 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {53F6B8AC-B3D0-4BD4-A400-78364279E912} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [233824 2012-09-13] (Intel® Services Manager -> Intel Corporation)
Task: {54A60FB2-92BF-47E1-91E7-12C81339DAF0} - System32\Tasks\{EA6A8A7C-2D72-4680-9CD5-A962EC644DD5} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Joshua\Downloads\Adobe Acrobat Pro DC - v2020 006 20042 Final + Patch\Adobe Acrobat Pro DC - v2020 006 20042 Final + Patch\Setup.exe" -d "C:\Users\Joshua\Downloads\Adobe Acrobat Pro DC - v2020 006 20042 Final + Patch\Adobe Acrobat Pro DC - v2020 006 20042 Final + Patch"
Task: {5C1ECCED-36C7-4B8F-B3E8-EA1F9FD1C2D4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2624560 2013-04-23] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
Task: {785C1B39-80E0-48A3-980A-906C614E62B8} - System32\Tasks\Samsung Update Configuration => C:\ProgramData\Samsung\SamsungUpdateConfiguration\ModifyServerRefresh.exe
Task: {855319B3-3FD8-4D80-9C03-18BDA67556DA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-06-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {8BEBF5A4-BE24-4076-A721-AA2990648C5B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {95606300-F55A-440A-AF5C-E398BAF03102} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\WINDOWS\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AE9849F2-E65A-4557-B83E-4B148CC613F8} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2964528 2013-02-26] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\WINDOWS\system32\SettingSyncInfo.dll [128512 2015-08-04] (Microsoft Windows -> Microsoft Corporation)
Task: {B5A7CDB8-24AD-4313-82E6-3DE43FC20D2E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {C29115AC-599A-49BE-8B59-560D732384C7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D8666EE8-E8E5-492C-84A3-EC287BA13D69} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {E9B85FE5-C1E3-4D77-8000-6C21E1A790DB} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe
Task: {EAD35A7C-A2B2-4632-A0FC-62F57DC982A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-25] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{9DEE8DF6-F705-4250-AD83-ACBF1630B287}: [DhcpNameServer] 192.168.86.1
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-05-03]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default [2021-10-08]
CHR StartupUrls: Default -> "hxxps://www.notion.so/INTHEbleep-HOME-c06520026c474b099c40ee37c0cd3721","hxxps://www.youtube.com/watch?v=ZAx0UF_k2hM&list=PLjumkJUG-60LcCu-aZ32Sws63LQJVdLnr","hxxps://docs.google.com/spreadsheets/d/1-Olx3PCRvWjfseNvmgrzq5kV6ptaRghEjiP5pgOe26I/edit#gid=0"
CHR NewTab: Default -> Active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR Extension: (Slides) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-13]
CHR Extension: (Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-13]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (Video Downloader Plus) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\baejfnndpekpkaaancgpakjaengfpopk [2020-05-20]
CHR Extension: (YouTube) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-08-06]
CHR Extension: (Dark Reader) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-10-03]
CHR Extension: (1clickVPN - Free VPN for Chrome) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfhplploccackoneaefokcmbjfbkenj [2020-12-18]
CHR Extension: (Sheets) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-23]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-07-21]
CHR Extension: (Pinterest Save button) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-09-10]
CHR Extension: (Grammarly for Chrome) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-10-08]
CHR Extension: (Momentum) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2021-10-08]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-10-05]
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-23]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [243864 2020-06-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-06-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137424 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-13] (Dropbox, Inc -> Dropbox, Inc.)
S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-04-23] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
S2 Everything; C:\Program Files\Everything\Everything.exe [2237256 2020-03-13] (voidtools -> voidtools)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2021-06-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7789240 2021-10-07] (Malwarebytes Inc -> Malwarebytes)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [3548672 2020-01-10] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2921520 2013-04-09] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [164832 2013-02-13] (Intel Corporation-Mobile Wireless Group -> Windows ® Win 7 DDK provider)
S3 btmaux; C:\WINDOWS\system32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation -> EldoS Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S1 intmfs; C:\WINDOWS\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R0 intmsd; C:\WINDOWS\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
S1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [674104 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1469240 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-06-16] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [246952 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [284408 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [106224 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [216824 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-08] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S2 NPF; C:\WINDOWS\SysWOW64\drivers\aztech_npf64.sys [40208 2009-05-04] (CACE TECHNOLOGIES, LLC -> CACE Technologies)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Samsung Electronics CO., LTD. -> Windows ® Win 7 DDK provider)
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation -> Microsoft Corporation)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S3 SBIOSIO; \??\C:\Users\Joshua\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-09 06:47 - 2021-10-09 06:47 - 000000000 _____ C:\Recovery.txt
2021-10-08 16:26 - 2021-10-08 16:29 - 000030983 _____ C:\Users\Joshua\Downloads\FRST.txt
2021-10-08 16:26 - 2021-10-08 16:29 - 000000000 ____D C:\FRST
2021-10-08 16:26 - 2021-10-08 16:26 - 002308096 _____ (Farbar) C:\Users\Joshua\Downloads\FRST64.exe
2021-10-08 16:24 - 2021-10-08 16:24 - 002019328 _____ (Farbar) C:\Users\Joshua\Downloads\FRST.exe
2021-10-08 01:09 - 2021-10-08 01:10 - 000295360 _____ C:\WINDOWS\Minidump\100821-37906-01.dmp
2021-10-08 01:07 - 2021-10-08 01:08 - 000295440 _____ C:\WINDOWS\Minidump\100821-31750-01.dmp
2021-10-08 01:06 - 2021-10-08 01:06 - 000006144 _____ C:\WINDOWS\system32\umstartup.etl
2021-10-08 01:03 - 2021-10-08 01:03 - 000299576 _____ C:\WINDOWS\Minidump\100821-39718-01.dmp
2021-10-08 01:00 - 2021-10-08 01:01 - 000295504 _____ C:\WINDOWS\Minidump\100821-38171-01.dmp
2021-10-08 00:54 - 2021-10-08 00:55 - 000295496 _____ C:\WINDOWS\Minidump\100821-40078-01.dmp
2021-10-07 23:31 - 2021-10-07 23:31 - 000295488 _____ C:\WINDOWS\Minidump\100721-20437-01.dmp
2021-10-07 23:29 - 2021-10-07 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2021-10-07 23:25 - 2021-10-07 23:26 - 000299904 _____ C:\WINDOWS\Minidump\100721-30281-01.dmp
2021-10-07 23:20 - 2021-10-07 23:22 - 000295344 _____ C:\WINDOWS\Minidump\100721-31515-01.dmp
2021-10-07 23:18 - 2021-10-08 01:09 - 1139896023 _____ C:\WINDOWS\MEMORY.DMP
2021-10-07 23:18 - 2021-10-07 23:19 - 000307032 _____ C:\WINDOWS\Minidump\100721-32859-01.dmp
2021-10-07 23:16 - 2021-10-08 14:48 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-10-07 23:16 - 2021-10-08 14:48 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-10-07 23:16 - 2021-10-07 23:23 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-10-07 23:16 - 2021-10-07 23:16 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-10-07 23:16 - 2021-10-07 23:16 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-10-07 23:16 - 2021-10-07 23:16 - 000001964 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-10-07 23:16 - 2021-10-07 23:16 - 000001952 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-10-07 23:15 - 2021-10-07 23:15 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-10-07 23:15 - 2021-10-07 23:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-10-07 23:14 - 2021-10-07 23:14 - 002101944 _____ (Malwarebytes) C:\Users\Joshua\Downloads\MBSetup-119967.119967-consumer.exe
2021-10-07 23:14 - 2021-10-07 23:14 - 000000000 ____D C:\Program Files\Malwarebytes
2021-10-07 03:20 - 2021-10-07 03:20 - 000000000 ____D C:\WINDOWS\pss
2021-10-03 22:22 - 2021-10-03 22:22 - 000000000 ____D C:\Users\Joshua\AppData\Local\Microsoft Help
2021-10-03 22:21 - 2021-10-07 23:53 - 000000000 ____D C:\ProgramData\KMSAutoS
2021-10-03 22:18 - 2021-10-03 23:03 - 000000000 ____D C:\Users\Joshua\AppData\Local\MSfree Inc
2021-09-29 17:04 - 2021-09-29 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-09-29 16:48 - 2021-09-24 01:31 - 001209624 _____ C:\Users\Joshua\Desktop\josh-gdgf-BW.ai
2021-09-29 16:48 - 2021-09-24 01:31 - 001209314 _____ C:\Users\Joshua\Desktop\josh-gdgf-COLOR.ai
2021-09-29 16:47 - 2021-09-24 01:31 - 000361083 _____ C:\Users\Joshua\Desktop\josh-gdgf-BW.pdf
2021-09-28 23:27 - 2021-09-28 23:27 - 000000000 ___SH C:\DkHyperbootSync
2021-09-26 06:01 - 2021-09-26 06:01 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-09-26 06:01 - 2021-09-26 06:01 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-09-26 06:01 - 2021-09-26 06:01 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-09-26 06:01 - 2021-09-26 06:01 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-09-23 23:05 - 2021-09-23 23:05 - 000246952 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-09-23 23:05 - 2021-09-23 23:05 - 000216824 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-09-23 19:59 - 2021-09-23 19:59 - 000284408 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-09-23 19:58 - 2021-09-23 19:58 - 000106224 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-09-10 02:23 - 2021-09-10 02:24 - 394176568 _____ C:\Users\Joshua\Downloads\whampoaphoto_untitled-transfer_2021-09-09_1719.zip
2021-09-09 11:22 - 2021-09-09 11:22 - 001469240 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2021-09-09 11:22 - 2021-09-09 11:22 - 000674104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klgse.sys
2021-09-08 13:24 - 2021-09-10 02:26 - 000000000 ____D C:\Users\Joshua\Desktop\PRINT
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-08 01:10 - 2012-07-26 15:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-08 00:59 - 2020-02-20 01:20 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-10-07 23:31 - 2020-04-27 02:13 - 000000000 ____D C:\WINDOWS\Minidump
2021-10-07 23:24 - 2019-01-13 20:53 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-07 23:21 - 2019-01-13 20:44 - 000000000 ____D C:\Users\Joshua
2021-10-07 23:17 - 2020-05-05 18:37 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-10-07 23:11 - 2020-06-25 23:34 - 000002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-07 23:11 - 2020-06-25 23:34 - 000002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-07 23:11 - 2013-05-15 05:56 - 000000000 ____D C:\ProgramData\WinClon
2021-10-07 23:03 - 2019-01-13 20:54 - 000003596 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-584704260-4262202810-3377494693-1001
2021-10-07 23:00 - 2020-02-20 01:20 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-10-07 03:31 - 2021-07-14 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-10-07 03:31 - 2021-07-14 23:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-10-07 03:11 - 2012-07-26 13:37 - 000000000 ____D C:\WINDOWS\Inf
2021-10-07 03:04 - 2012-07-26 13:26 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2021-10-07 03:04 - 2012-07-26 13:26 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2021-10-07 02:54 - 2021-06-06 23:08 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\WinHost
2021-10-07 02:43 - 2021-04-18 15:00 - 000000000 ____D C:\Users\Joshua\AppData\Local\Spotify
2021-10-07 02:42 - 2021-04-18 14:59 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Spotify
2021-10-04 18:20 - 2020-12-10 13:40 - 000000000 ____D C:\Users\Joshua\Downloads\Telegram Desktop
2021-10-04 18:05 - 2020-11-21 23:58 - 000000033 _____ C:\Users\Joshua\AppData\Roaming\AdobeWLCMCache.dat
2021-10-04 18:05 - 2019-02-24 15:28 - 000000000 ____D C:\Users\Joshua\AppData\Local\CrashDumps
2021-10-04 18:03 - 2020-12-10 13:38 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\Telegram Desktop
2021-10-04 03:05 - 2019-03-15 23:21 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\vlc
2021-10-03 23:05 - 2019-01-13 20:44 - 000000000 ____D C:\Users\Joshua\AppData\Local\Packages
2021-10-03 22:01 - 2012-07-26 16:12 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-03 22:01 - 2012-07-26 16:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
2021-10-03 21:59 - 2012-07-26 16:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-03 21:39 - 2020-06-27 23:04 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\uTorrent
2021-10-03 21:39 - 2020-02-08 05:18 - 000000000 ____D C:\Users\Joshua\AppData\Local\BitTorrentHelper
2021-10-03 21:16 - 2012-07-26 16:12 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-03 15:52 - 2021-03-01 17:50 - 000000000 ____D C:\Users\Joshua\AppData\Roaming\WhatsApp
2021-10-02 01:29 - 2020-06-25 23:33 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-02 01:29 - 2020-06-25 23:33 - 000003206 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-29 17:06 - 2020-02-20 01:20 - 000000000 ____D C:\Users\Joshua\AppData\Local\Dropbox
2021-09-29 17:05 - 2020-02-20 01:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-09-29 16:48 - 2012-07-26 15:28 - 000849706 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-25 01:35 - 2019-02-20 02:33 - 000315904 ___SH C:\Users\Joshua\Desktop\Thumbs.db
2021-09-23 00:22 - 2021-03-16 03:06 - 000157696 ___SH C:\Users\Joshua\Documents\Thumbs.db
2021-09-17 15:59 - 2019-03-14 22:08 - 002709504 ___SH C:\Users\Joshua\Downloads\Thumbs.db
2021-09-13 15:09 - 2021-06-07 21:14 - 000004476 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-10 23:30 - 2021-03-01 17:49 - 000000000 ____D C:\Users\Joshua\AppData\Local\WhatsApp
==================== Files in the root of some directories ========
2019-01-13 20:46 - 2019-01-22 20:42 - 000005736 _____ () C:\Users\Joshua\AppData\Roaming\AbsoluteReminder.xml
2020-11-21 23:58 - 2021-10-04 18:05 - 000000033 _____ () C:\Users\Joshua\AppData\Roaming\AdobeWLCMCache.dat
2020-06-27 22:20 - 2020-06-27 22:20 - 000000000 _____ () C:\Users\Joshua\AppData\Local\oobelibMkey.log
2020-10-12 15:00 - 2020-10-12 15:00 - 000000000 _____ () C:\Users\Joshua\AppData\Local\{971FD582-2C1C-4B7C-920C-5AF3500CDD0F}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-09-29 16:57
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2021
Ran by Joshua (08-10-2021 16:29:49)
Running from C:\Users\Joshua\Downloads
Windows 8 (X64) (2019-01-13 12:44:37)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-584704260-4262202810-3377494693-500 - Administrator - Disabled)
Dennis (S-1-5-21-584704260-4262202810-3377494693-1005 - Limited - Enabled) => C:\Users\Dennis
Guest (S-1-5-21-584704260-4262202810-3377494693-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-584704260-4262202810-3377494693-1003 - Limited - Enabled)
Joshua (S-1-5-21-584704260-4262202810-3377494693-1001 - Administrator - Enabled) => C:\Users\Joshua
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Security Cloud (Enabled - Up to date) {F41710F6-65D1-4F66-2B68-CCCF63D4A09E}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\uTorrent) (Version: 3.5.5.45704 - BitTorrent Inc.)
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.009.20063 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_0) (Version: 22.0.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_1_0) (Version: 11.1.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{77A7CE43-5A1E-8282-931B-E0CC4C075793}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bitcasa version 1.0.1.5005 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.0.1.5005 - Bitcasa Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.2.18 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities RemoteCapture 2.7 (HKLM-x32\...\InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}) (Version: 2.7.5 - Canon)
CPUID HWMonitor 1.42 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.42 - CPUID, Inc.)
CrystalDiskMark 8.0.0a (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.0a - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 132.4.3800 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.10.4_WHQL (HKLM\...\Elantech) (Version: 11.7.10.4 - ELAN Microelectronic Corp.)
Everything 1.4.1.969 (x64) (HKLM\...\Everything) (Version: 1.4.1.969 - David Carpenter)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.71 - Google LLC)
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
iTunes (HKLM\...\{0F55124A-C00E-4227-A543-19389E732653}) (Version: 12.10.10.2 - Apple Inc.)
Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Malwarebytes version 4.4.7.134 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.7.134 - Malwarebytes)
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Microsoft OneDrive (HKU\S-1-5-21-584704260-4262202810-3377494693-1005\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{E8F373BC-AAE2-4DC7-9853-B6A83CC88793}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.21952 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21952 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21952 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.21952 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
PowerXpressHybrid (HKLM-x32\...\{51FDC2DE-0917-46B7-EAEC-5377504701DE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6890 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.7 - Samsung Electronics CO., LTD.)
Revo Uninstaller 2.1.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.5 - VS Revo Group, Ltd.)
S Agent (HKLM\...\{39648D75-C1D7-4590-8A83-0A160AF3FFA3}) (Version: 1.1.40 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Skype version 8.60 (HKLM-x32\...\Skype_is1) (Version: 8.60 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\Spotify) (Version: 1.1.69.612.gb7409abc - Spotify AB)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.3300 - DTS, Inc.)
Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.)
Support Center FAQ (HKLM-x32\...\{02F04AFA-243D-4E6A-9556-60F8D2539547}) (Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{43C711D9-67C9-4793-80D4-E957D638D531}) (Version: 2.1.14 - Samsung Electronics CO., LTD.)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: - TechPowerUp)
Telegram Desktop version 3.1.1 (HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.1.1 - Telegram FZ-LLC)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
User Guide (HKLM-x32\...\{5A6D46E0-D4F4-487D-BFC5-D7DCEB877027}) (Version: 1.3.00 - Samsung Electronics CO., LTD.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WhatsApp (HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\WhatsApp) (Version: 2.2134.10 - WhatsApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.90 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.3 - win.rar GmbH)
Zoom (HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)
照片库 (HKLM-x32\...\{0E6639BB-C1BB-4FF5-8846-5813EF63E04B}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Packages:
=========
Adera -> C:\Program Files\WindowsApps\Microsoft.Adera_1.0.0.4957_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Studios)
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.5.1.251_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation)
Bitcasa for Samsung -> C:\Program Files\WindowsApps\Bitcasa.BitcasaforSamsung_3.2.1.28_neutral__t064hbck1pfne [2013-05-15] (Bitcasa, Inc)
Camera -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.9200.20523_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation)
ChatON -> C:\Program Files\WindowsApps\6E04A0BD.3483954CEF3A0_1.6.0.5_neutral__ez4k4b2fwzhzt [2019-01-13] (SAMSUNG ELECTRONICS CO,. LTD.)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_1.1.2.8_x86__q4d96b2w5wcc2 [2013-05-15] (Evernote)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.5.1.406_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_1.0.12289.2_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.1.134.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Jamie's Recipes -> C:\Program Files\WindowsApps\Zolmo.JamiesRecipes_1.1.0.5_x64__40cj6885yhw56 [2019-01-13] (Zolmo)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_1.1.3.0_neutral__stfe6vwa9jnbp [2013-05-15] (AMZN Mobile LLC)
Merriam-Webster Dictionary -> C:\Program Files\WindowsApps\D22CCC44.Merriam-WebsterDictionary_1.0.1.1_neutral__mbv6ra3y34fnr [2019-01-13] (Merriam-Webster, Inc.)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.1.139.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_1.6.1012.2_x64__a2t3txkz9j1jw [2013-05-15] (MAGIX)
News -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.5.1.409_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.0.0.114_x86__v68kp9n051hdp [2013-05-15] (Symantec Corporation)
Photos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation)
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.0.0.173_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Studios)
S Camera -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SCamera_1.0.1303.23432_x86__h7cwzt5medr84 [2019-01-13] (CYBERLINKCOM)
S Gallery -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SGallery_1.0.1303.23432_x86__h7cwzt5medr84 [2019-01-13] (CYBERLINKCOM)
S Player -> C:\Program Files\WindowsApps\CyberLinkCorp.ss.SPlayer_1.0.1029.12634_x86__h7cwzt5medr84 [2019-01-13] (CYBERLINKCOM)
Samsung Story -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungStory_1.0.0.21_neutral__3c1yjt4zspk6g [2019-01-13] (Samsung Electronics CO., LTD)
Shark Dash -> C:\Program Files\WindowsApps\GAMELOFTSA.SharkDash_1.3.6.0_x64__0pp20fcewvvtj [2013-05-15] (GAMELOFT SA)
SkyDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation)
Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.5.1.249_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_1.0.0.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Studios)
Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.5.1.248_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.1.134.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.5.1.245_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation -> EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation -> EldoS Corporation)
ShellServiceObjects: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} => C:\windows\system32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation -> EldoS Corporation)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} => C:\windows\SysWow64\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation -> EldoS Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {96BD7E24-1E55-4222-9B70-7ECAFC7E96E6} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation -> EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-05-07] () [File not signed]
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-05-07] () [File not signed]
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation -> EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {96BD7E24-1E55-4222-9B70-7ECAFC7E96E6} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation -> EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation -> EldoS Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-05-07] () [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-05-07] () [File not signed]
ContextMenuHandlers2: [BitcasaExtension] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-05-07] () [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-11-26] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.49.0.dll [2021-09-26] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-05-07] () [File not signed]
ContextMenuHandlers6: [BitcasaExtension] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-05-07] () [File not signed]
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-06-07] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-17] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2013-05-15 05:57 - 2013-05-07 14:18 - 001645056 _____ () [File not signed] C:\Program Files\Bitcasa\bitcasaui.dll
2013-05-15 05:57 - 2013-05-07 14:10 - 000154112 _____ () [File not signed] C:\Program Files\Bitcasa\ExplorerMenu.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com/
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKU\S-1-5-21-584704260-4262202810-3377494693-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKU\S-1-5-21-584704260-4262202810-3377494693-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-584704260-4262202810-3377494693-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-05-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-05-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-05-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL => No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-05-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-05-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-05-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL No File
2020-05-14 21:09 - 2020-05-15 22:59 - 000000504 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Condusiv Technologies\IntelliMemory\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-584704260-4262202810-3377494693-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
DNS Servers: 192.168.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Everything"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\Run: => "Parsec.App.0"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-584704260-4262202810-3377494693-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{90F52605-6F6C-4E32-A34D-91F996317A9B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Wireless Display -> Intel Corporation)
FirewallRules: [{87CF4FE0-332D-4316-ABD0-35C3A0FF5333}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
FirewallRules: [{667762A3-C96F-47DA-8A84-5AB93F2A6C7E}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe (CONDUSIV TECHNOLOGIES -> Condusiv Technologies)
FirewallRules: [{9EF0A3DB-283A-4587-82CA-80EAF48A8E8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B91EE00-3127-43DC-8CC2-DC312BEF45A6}] => (Allow) LPort=2869
FirewallRules: [{519114AF-088A-431D-8BD8-BD585C04089E}] => (Allow) LPort=1900
FirewallRules: [{49D2019D-F476-4E08-AA81-82B42C40491B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{066169AB-151A-42E5-9BA3-9B596BC50E3C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{39114508-EA6C-4A1A-BE82-270133BBE355}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8CA249A9-04FD-44D8-B83B-BCAE8B828868}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B0B3A0F-DC65-4782-A137-447C6BC250BD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EC3D9884-6888-4C56-A361-31E96E2F147E}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{20EED6F3-B6AF-472F-B5D1-216EF1D307D6}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe (MetaQuotes Ltd. -> MetaQuotes Software Corp.)
FirewallRules: [{71AD46CA-2E89-4DD0-B82E-E1D7F2F0AD91}] => (Allow) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C3A77BBB-127B-49BC-A436-F054847BE895}] => (Allow) C:\Users\Joshua\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{69A6F5B6-8265-4491-B161-98F7C6160DB1}] => (Allow) C:\WINDOWS\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [{90834475-301C-4AC1-8EC0-2C65EED34CC8}] => (Allow) C:\WINDOWS\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [TCP Query User{01E20F7A-CBFC-4952-82CD-1468C0C146D7}C:\users\joshua\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B62CC582-695B-4BAF-9681-674F1201D524}C:\users\joshua\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshua\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{868D64AD-6D94-450B-8234-66F67B3B10BB}C:\users\joshua\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\joshua\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B116E7FC-1030-4131-84E9-87A4FBC109B9}C:\users\joshua\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\joshua\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC81D7CB-7192-4730-BCEB-06816D739B0E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{D25D0451-45DF-4011-99B4-D89F633506EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{85227191-057A-4BD8-B3A6-CCCD675D4251}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F91636D-EDD1-4D67-ABBB-83E679BCC3E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4B1EC2B-64CA-4183-AF9A-E51BF32A01D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{22EFBBDF-FA8F-431D-8447-692881C19091}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A000179-13C8-464D-8A10-25C461A04C3C}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E66F5E28-84D1-4A66-BEE0-7E3E5D4D9173}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F970037A-4730-4F1A-B919-C9004572E7B2}] => (Allow) C:\Users\Joshua\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{216968A7-C83B-44DF-A96E-7798E6949B57}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{711A6560-9E16-4E5A-BB0D-F5BF52F5AD4B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
Check "VSS" service
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (10/08/2021 12:53:03 AM) (Source: AviraSecurity) (EventID: 0) (User: )
Description: Failed to process session change. System.AggregateException: One or more errors occurred. ---> System.IO.FileNotFoundException: Could not find file 'C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Avira.Spotlight.Service.CertificateTools.FilesLocker.LockAll()
at Avira.Spotlight.Service.Program.<>c.<.cctor>b__16_0()
at System.Threading.Tasks.Task.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Thre...
Error: (10/07/2021 11:21:36 PM) (Source: AviraSecurity) (EventID: 0) (User: )
Description: Failed to process session change. System.AggregateException: One or more errors occurred. ---> System.IO.FileNotFoundException: Could not find file 'C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Avira.Spotlight.Service.CertificateTools.FilesLocker.LockAll()
at Avira.Spotlight.Service.Program.<>c.<.cctor>b__16_0()
at System.Threading.Tasks.Task.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Thre...
Error: (10/07/2021 10:57:56 PM) (Source: AviraSecurity) (EventID: 0) (User: )
Description: Failed to process session change. System.AggregateException: One or more errors occurred. ---> System.IO.FileNotFoundException: Could not find file 'C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Avira.Spotlight.Service.CertificateTools.FilesLocker.LockAll()
at Avira.Spotlight.Service.Program.<>c.<.cctor>b__16_0()
at System.Threading.Tasks.Task.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Thre...
Error: (10/07/2021 03:31:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (10/07/2021 03:29:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - Microsoft Office Professional Plus 2016 - en-us; Error = 0x8007043c).
Error: (10/07/2021 03:20:28 AM) (Source: AviraSecurity) (EventID: 0) (User: )
Description: Failed to process session change. System.AggregateException: One or more errors occurred. ---> System.IO.FileNotFoundException: Could not find file 'C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Avira.Spotlight.Service.CertificateTools.FilesLocker.LockAll()
at Avira.Spotlight.Service.Program.<>c.<.cctor>b__16_0()
at System.Threading.Tasks.Task.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Thre...
Error: (10/07/2021 03:12:54 AM) (Source: AviraSecurity) (EventID: 0) (User: )
Description: Failed to process session change. System.AggregateException: One or more errors occurred. ---> System.IO.FileNotFoundException: Could not find file 'C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Avira.Spotlight.Service.CertificateTools.FilesLocker.LockAll()
at Avira.Spotlight.Service.Program.<>c.<.cctor>b__16_0()
at System.Threading.Tasks.Task.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Thre...
Error: (10/07/2021 03:11:15 AM) (Source: AviraSecurity) (EventID: 0) (User: )
Description: Failed to process session change. System.AggregateException: One or more errors occurred. ---> System.IO.FileNotFoundException: Could not find file 'C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Avira.Spotlight.Service.CertificateTools.FilesLocker.LockAll()
at Avira.Spotlight.Service.Program.<>c.<.cctor>b__16_0()
at System.Threading.Tasks.Task.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Thre...
System errors:
=============
Error: (10/08/2021 04:31:35 PM) (Source: DCOM) (EventID: 10005) (User: JOSHUA)
Description: DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (10/08/2021 04:31:35 PM) (Source: DCOM) (EventID: 10005) (User: JOSHUA)
Description: DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{F087771F-D74F-4C1A-BB8A-E16ACA9124EA}
Error: (10/08/2021 04:31:35 PM) (Source: DCOM) (EventID: 10005) (User: JOSHUA)
Description: DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{6D18AD12-BDE3-4393-B311-099C346E6DF9}
Error: (10/08/2021 04:31:35 PM) (Source: DCOM) (EventID: 10005) (User: JOSHUA)
Description: DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{03CA98D6-FF5D-49B8-ABC6-03DD84127020}
Error: (10/08/2021 04:31:35 PM) (Source: DCOM) (EventID: 10005) (User: JOSHUA)
Description: DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{659CDEA7-489E-11D9-A9CD-000D56965251}
Error: (10/08/2021 04:31:35 PM) (Source: DCOM) (EventID: 10005) (User: JOSHUA)
Description: DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{BB6DF56B-CACE-11DC-9992-0019B93A3A84}
Error: (10/08/2021 04:31:35 PM) (Source: DCOM) (EventID: 10005) (User: JOSHUA)
Description: DCOM got error "1068" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{1ECCA34C-E88A-44E3-8D6A-8921BDE9E452}
Error: (10/08/2021 04:29:06 PM) (Source: DCOM) (EventID: 10005) (User: JOSHUA)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Windows Defender:
================
Date: 2020-06-28 15:25:35.722
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-06-28 15:05:57.225
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-06-27 23:43:52.111
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible.
Signature version: 1.143.2273.0;1.143.2273.0
Engine version: 1.1.9103.0
==================== Memory info ===========================
BIOS: American Megatrends Inc. P05ADH.017.140421.SH 04/21/2014
Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP870Z5E-X01SG
Processor: Intel® Core™ i7-3635QM CPU @ 2.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16270.85 MB
Available physical RAM: 13843.89 MB
Total Virtual: 21887.86 MB
Available Virtual: 17542.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:906.75 GB) (Free:498.71 GB) NTFS
\\?\Volume{04019bb1-5a19-4c47-89de-0aa797f7094a}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.15 GB) NTFS
\\?\Volume{4e6ca826-c9d0-4133-abcf-eb8ac2d6a3e4}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{458c433c-8be5-4452-8ae8-fba159c3ddaa}\ (SAMSUNG_REC2) (Fixed) (Total:22.51 GB) (Free:0.95 GB) NTFS
\\?\Volume{5f020086-fab9-4a71-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.4 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E84F988D)
Partition: GPT.
==================== End of Addition.txt =======================
Edited by Chris Cosgrove, 08 October 2021 - 04:26 AM. Duplicated topic deleted.