![93 :?:](./images/smilies/93.gif)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by kkory (administrator) on ERAZER (MEDION ERAZER P6705 MD61366) (13-04-2024 20:27:10)
Running from C:\Users\kkory\Desktop\FRST64 (1).exe
Loaded Profiles: kkory
Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.863.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(C:\Program Files (x86)\Hotkey\HkeyTray.exe ->) (CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(C:\Program Files (x86)\Hotspot Shield\12.7.4\bin\cmw_srv.exe ->) (Pango LLC -> Aura Inc.) C:\Program Files (x86)\Hotspot Shield\12.7.4\bin\x64\hydra.exe
(C:\Program Files (x86)\Hotspot Shield\12.7.4\bin\cmw_srv.exe ->) (Pango LLC -> Pango Inc.) C:\Program Files (x86)\Hotspot Shield\12.7.4\bin\hsscp.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe <12>
(DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(explorer.exe ->) (Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\kkory\AppData\Roaming\Dashlane\Dashlane.exe
(explorer.exe ->) (Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\kkory\AppData\Roaming\Dashlane\DashlanePlugin.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(explorer.exe ->) (SatoshiLabs, s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HotkeyService.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxCUIService.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (Pango LLC -> Pango Inc.) C:\Program Files (x86)\Hotspot Shield\12.7.4\bin\cmw_srv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c60facea9c32a6cb\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(svchost.exe ->) () [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2414.8.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c60facea9c32a6cb\RtkAudUService64.exe [3380320 2021-11-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [196264 2023-12-18] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11551624 2024-04-02] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe [60206368 2024-04-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe [60206368 2024-04-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45285792 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49958368 2022-02-01] (Google LLC -> )
HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe [60206368 2024-04-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Run: [CCleanerBrowserAutoLaunch_D2D76A179AA5841703A5894B40D9ACEC] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3152936 2024-03-27] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Run: [Dashlane] => C:\Users\kkory\AppData\Roaming\Dashlane\Dashlane.exe [321208 2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Run: [DashlanePlugin] => C:\Users\kkory\AppData\Roaming\Dashlane\DashlanePlugin.exe [342200 2021-12-31] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Run: [MicrosoftEdgeAutoLaunch_884EAE3E5A5FE139B4997A97185AD15E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3105727912-594040118-960013747-1008\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe [60206368 2024-04-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe [60206368 2024-04-06] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MP495 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA9.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP495 series: C:\Windows\system32\CNMLMA9.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP495 series XPS: C:\Windows\system32\CNMXLMA9.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\122.0.24525.131\Installer\chrmstp.exe [2024-04-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\123.0.6312.122\Installer\chrmstp.exe [2024-04-12] (Google LLC -> Google LLC)
Startup: C:\Users\kkory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IQTray.lnk [2020-03-05]
ShortcutTarget: IQTray.lnk -> C:\Program Files (x86)\IQ Option\IQTray.exe (No File)
Startup: C:\Users\kkory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startKProxyAgentService.bat [2020-06-26] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2021-03-10]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7BD878FF-01A1-46BB-9614-21BAE4F10A61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {58967889-2773-4A9E-BC38-CE9C75C3BA4B} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3152936 2024-03-27] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {EAE08967-48BE-47AC-B7D3-5E0EB275FFFC} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3152936 2024-03-27] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {51E88D40-5FA9-4FB8-A559-F9B352F9051B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {255D2277-E0C5-43AD-938E-4CF9C267D686} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "736aa1e6-fd4d-4fcc-bfb5-af17c0f99001" --version "6.22.10977" --silent
Task: {FD95B1B4-32B9-4E5D-9239-8ADCAFB742B1} - System32\Tasks\CCleanerSkipUAC - kkory => C:\Program Files\CCleaner\CCleaner.exe [39024544 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {2D6D483E-3408-498B-859E-5D99752445F1} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {3205A799-A4CB-4AF7-84BF-688364853953} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {52FE885A-FBE9-4C5C-84F9-CCAE623F4C15} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5381288 2024-04-11] (Microsoft Windows -> Microsoft Corporation)
Task: {3DD3EA61-19D0-4DA0-9B81-AB2C7384A835} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AC43218A-3135-446F-B8A2-62C02C73B002} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7098CE39-47C5-4E66-9C76-9E62627C6272} - System32\Tasks\HkeyTrayLaunch => C:\Program Files (x86)\Hotkey\HkeyTray.exe [1111040 2018-05-12] () [File not signed]
Task: {6E1ACF2E-5FCB-4D5F-AB1A-6B6262372EA6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DBFB576-EE16-45E7-BC6A-441FDD91E267} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {3003D761-E7EA-4072-859B-F0E0404C45D8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFD602A6-73EC-4675-9D8F-C1B34F6B32EE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {83519125-4FCC-49E8-8ECA-D0D4F0C9F465} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168488 2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E620131-179E-4583-BBFD-E57E93B20717} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [514280 2024-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D5D284C-4AD2-47B4-A37F-9C31A9C5BE61} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [732064 2023-05-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {5A612F5B-288F-4E46-8BC8-5BFA8B3ADD18} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [469952 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvContainer\-d "C:\Program Files (x86)\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {124592E7-41D7-4487-B9C3-E3FE0CDFF27A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8A096E42-A566-40D7-90EC-C8FF1075379F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0E0F574B-8DDB-4215-BB7B-6799780D962E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [976832 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {EB9374FB-BD8F-42E0-A1F4-F1EDE56D865F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {010A9D2A-4903-4CD0-955C-86D8E9366A4D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A2843AB3-FD54-459E-AD69-065C5884C183} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C139BC4F-8150-4447-9833-79B9DC82B1EA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3105727912-594040118-960013747-1007] => 196.17.115.110:32462
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{25a12aac-557c-4bc9-bcf9-a25cd5688c2a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8290d2fc-eea1-43c1-8d98-3626713cf5ef}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8290d2fc-eea1-43c1-8d98-3626713cf5ef}: [DhcpDomain] home
Tcpip\..\Interfaces\{b93ba750-e308-490c-b28d-fc464d9f95b4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b93ba750-e308-490c-b28d-fc464d9f95b4}: [DhcpDomain] home
Tcpip\..\Interfaces\{b93ba750-e308-490c-b28d-fc464d9f95b4}\244584572653A4538364: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b93ba750-e308-490c-b28d-fc464d9f95b4}\244584572653A4538364: [DhcpDomain] home
Tcpip\..\Interfaces\{b93ba750-e308-490c-b28d-fc464d9f95b4}\B4F627B69637: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{b93ba750-e308-490c-b28d-fc464d9f95b4}\B4F627B69637: [DhcpDomain] home
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\kkory\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-13]
Edge Extension: (Google Docs Offline) - C:\Users\kkory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-01]
Edge Extension: (Edge relevant text changes) - C:\Users\kkory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (ESET Browser Privacy & Security) - C:\Users\kkory\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkapkmklnmidbbgjaipbgpcnbomnaakc [2024-02-16]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]
FireFox:
========
FF DefaultProfile: 3a4n9brn.default
FF ProfilePath: C:\Users\kkory\AppData\Roaming\Mozilla\Firefox\Profiles\89tqj0ay.default-release-1 [2024-02-15]
FF NetworkProxy: Mozilla\Firefox\Profiles\89tqj0ay.default-release-1 -> backup.ftp", ""
FF ProfilePath: C:\Users\kkory\AppData\Roaming\Mozilla\Firefox\Profiles\3a4n9brn.default [2024-02-15]
FF ProfilePath: C:\Users\kkory\AppData\Roaming\Mozilla\Firefox\Profiles\9aemdc9u.default-release [2024-02-15]
FF NetworkProxy: Mozilla\Firefox\Profiles\9aemdc9u.default-release -> backup.ftp", "196.17.179.182"
FF Extension: (Simple Translate) - C:\Users\kkory\AppData\Roaming\Mozilla\Firefox\Profiles\9aemdc9u.default-release\Extensions\simple-translate@sienori.xpi [2023-03-05]
FF Extension: (MetaMask) - C:\Users\kkory\AppData\Roaming\Mozilla\Firefox\Profiles\9aemdc9u.default-release\Extensions\webextension@metamask.io.xpi [2023-07-15]
FF Extension: (Video DownloadHelper) - C:\Users\kkory\AppData\Roaming\Mozilla\Firefox\Profiles\9aemdc9u.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-07-15]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-04-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-04-18] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-3105727912-594040118-960013747-1008: @zoom.us/ZoomVideoPlugin -> C:\Users\volko\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-03-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2024-04-13]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default [2024-04-13]
CHR Notifications: Default -> hxxps://adsforcomputercity.com; hxxps://blogs.systweak.com; hxxps://meet.google.com; hxxps://ocsnext.ebay.co.uk; hxxps://ocsnext.ebay.com; hxxps://ocsnext.ebay.ie; hxxps://ororo.tv; hxxps://www.binance.com
CHR HomePage: Default -> hxxp://search.ominent.com/ws/?source=9f1d0980&tbp=homepage&toolbarid=base&u=de90796f00000000000024fd52a98d92
CHR StartupUrls: Default -> "hxxp://search.ominent.com/ws/?source=9f1d0980&tbp=homepage&toolbarid=base&u=de90796f00000000000024fd52a98d92","hxxps://www.google.com/","hxxps://encrypted.google.com"
CHR Extension: (Free Download Manager) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2024-04-09]
CHR Extension: (Station Wallet) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiifbnbfobpmeekipheeijimdpnlpgpp [2024-03-26]
CHR Extension: (Chrome Currency Converter) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbfhidldjknonaihbalghlebaijealk [2021-11-19]
CHR Extension: (Jungle Scout) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckjlihkmgolmgkchbpiponapgjenaoa [2024-04-11]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-04-09]
CHR Extension: (Easync Product ID Grab Tool for Drop Shipping) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\cailnmbnfboealffnempgplnfcjoibgb [2023-07-11]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-04-09]
CHR Extension: (Pushbullet) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2023-03-29]
CHR Extension: (Add to Amazon Wish List) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2019-12-02]
CHR Extension: (Trust Wallet) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjidjbpglichdcondbcbdnbeeppgdph [2024-04-09]
CHR Extension: (Video Downloader Professional) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2024-04-11]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2019-12-02]
CHR Extension: (Dashlane — Password Manager) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2024-04-13]
CHR Extension: (BNB Chain Wallet) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbohimaelbohpjbbldcngcnapndodjp [2024-04-09]
CHR Extension: (Google Docs Offline) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-04-11]
CHR Extension: (Ninja Download Manager) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklhnpfkcfpkjcihhjbgmhgkcajamlmd [2019-12-02]
CHR Extension: (Smart LG TV Remote Controller) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\icokofncdmhjjncknidajbngmbfphpia [2023-01-18]
CHR Extension: (AutoPagerize) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2020-11-14]
CHR Extension: (Earth) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2019-12-02]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-04-11]
CHR Extension: (Google Hangouts) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-15]
CHR Extension: (Helium 10) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmehopjdpcckochcggncklnlmikcbnb [2024-04-11]
CHR Extension: (MetaMask) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-04-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Video Cutter) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodkcjollmmjidmcnhloaoahmciabnai [2019-12-02]
CHR Extension: (AIO Search) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhijjefkkokfaiffkcemldacdabpeei [2020-12-08]
CHR Extension: (ESET Browser Privacy & Security) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Default\Extensions\oombnmpbbhbakfpfgdflaajkhicgfaam [2024-02-14]
CHR Profile: C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-19]
CHR Extension: (Application launcher for Drive (by Google)) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kkory\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-19]
CHR Profile: C:\Users\kkory\AppData\Local\Google\Chrome\User Data\System Profile [2024-04-13]
CHR HKU\S-1-5-21-3105727912-594040118-960013747-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\122.0.24525.131\elevation_service.exe [1753208 2024-03-27] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081248 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221280 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
S3 Dashlane Vpn Service; C:\Program Files (x86)\Dashlane\VPN\Service\VpnService.exe [325120 2020-02-26] (Dashlane USA, Inc. -> AnchorFree Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-04-02] (Dropbox, Inc -> Dropbox, Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [271272 2018-04-04] (Dolby Laboratories, Inc. -> )
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [2539384 2023-12-18] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3890064 2023-12-18] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3890064 2023-12-18] (ESET, spol. s r.o. -> ESET)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [414664 2018-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
R2 hshld_12.7.4; C:\Program Files (x86)\Hotspot Shield\12.7.4\bin\cmw_srv.exe [258576 2024-02-22] (Pango LLC -> Pango Inc.)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [34304 2017-12-25] (CLEVO CO.) [File not signed]
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-06-15] (AnchorFree Inc -> The OpenVPN Project)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2023-01-29] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2023-01-29] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [215616 2023-12-09] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [120032 2023-12-09] (ESET, spol. s r.o. -> ESET)
R1 edevmonm; C:\WINDOWS\System32\DRIVERS\edevmonm.sys [122664 2023-12-09] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [16336 2022-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [254344 2023-12-09] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [55528 2023-12-09] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81824 2023-12-09] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [124168 2023-12-09] (ESET, spol. s r.o. -> ESET)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 HKKbdFltr; C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys [43960 2018-03-30] (Insyde Software Corp. -> Insyde Software Corp.)
R3 HKMouFltr; C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys [42936 2018-04-03] (Insyde Software Corp. -> Insyde Software Corp.)
S3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2020-04-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 hsstap; C:\WINDOWS\System32\drivers\hsstap.sys [39424 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Pango)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [89088 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Pango Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-13 20:26 - 2024-04-13 20:26 - 000000000 ____D C:\Users\kkory\Desktop\FRST-OlderVersion
2024-04-13 20:25 - 2024-04-13 20:25 - 000787200 _____ C:\WINDOWS\system32\perfh019.dat
2024-04-13 20:25 - 2024-04-13 20:25 - 000731458 _____ C:\WINDOWS\system32\perfh005.dat
2024-04-13 20:25 - 2024-04-13 20:25 - 000161804 _____ C:\WINDOWS\system32\perfc019.dat
2024-04-13 20:25 - 2024-04-13 20:25 - 000155518 _____ C:\WINDOWS\system32\perfc005.dat
2024-04-12 21:43 - 2024-04-12 21:43 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs
2024-04-11 19:35 - 2024-04-11 19:35 - 000024320 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-11 19:35 - 2024-04-11 19:35 - 000024320 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-11 19:28 - 2024-04-11 19:32 - 000000000 ___HD C:\$WinREAgent
2024-04-05 00:25 - 2024-04-05 00:25 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-03 20:34 - 2024-04-03 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-04-02 12:02 - 2024-04-02 12:02 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-13 20:27 - 2024-02-14 00:12 - 000039863 _____ C:\Users\kkory\Desktop\FRST.txt
2024-04-13 20:27 - 2019-12-11 06:29 - 000000000 ____D C:\FRST
2024-04-13 20:26 - 2024-02-14 00:09 - 002394112 _____ (Farbar) C:\Users\kkory\Desktop\FRST64 (1).exe
2024-04-13 20:25 - 2023-01-29 19:55 - 002649632 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-13 20:25 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-04-13 20:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-13 20:20 - 2019-12-02 16:21 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-13 20:19 - 2020-02-26 21:00 - 000000000 ____D C:\Users\kkory\AppData\Roaming\Dropbox
2024-04-13 20:19 - 2020-02-26 20:59 - 000000000 ____D C:\Users\kkory\AppData\Local\Dropbox
2024-04-13 20:18 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-13 20:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-13 20:18 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-13 20:18 - 2019-12-02 18:12 - 000000000 ____D C:\ProgramData\Packages
2024-04-13 20:18 - 2019-12-02 16:34 - 000000000 ____D C:\Program Files\CCleaner
2024-04-13 20:18 - 2019-12-02 13:57 - 000000000 ___RD C:\Users\kkory\OneDrive
2024-04-13 20:18 - 2019-12-02 13:50 - 000000000 __SHD C:\Users\kkory\IntelGraphicsProfiles
2024-04-13 20:18 - 2019-12-02 13:50 - 000000000 ____D C:\Users\kkory\AppData\Local\Packages
2024-04-13 20:18 - 2018-05-15 13:17 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-13 20:17 - 2023-01-29 19:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-13 20:17 - 2023-01-29 19:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-13 20:17 - 2020-11-05 06:33 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-13 17:45 - 2022-02-10 05:48 - 000000000 ____D C:\Users\kkory\AppData\Local\CrashDumps
2024-04-12 22:02 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-12 22:02 - 2020-03-13 13:35 - 000000000 ___HD C:\OneDriveTemp
2024-04-12 22:01 - 2023-01-29 19:51 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3105727912-594040118-960013747-1007
2024-04-12 22:01 - 2023-01-29 19:51 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3105727912-594040118-960013747-1007
2024-04-12 22:01 - 2020-11-05 03:47 - 000002383 _____ C:\Users\kkory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-12 21:47 - 2023-01-29 19:46 - 000000000 ____D C:\Users\kkory
2024-04-12 21:47 - 2022-05-07 06:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-04-12 21:47 - 2019-12-02 16:21 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-12 21:47 - 2019-12-02 16:21 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-04-12 21:44 - 2023-03-14 15:34 - 000000000 ____D C:\WINDOWS\Minidump
2024-04-12 21:44 - 2023-01-29 19:43 - 000529816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-12 21:43 - 2023-10-14 05:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-04-12 21:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-12 21:42 - 2018-12-30 06:21 - 003282458 ____N C:\WINDOWS\Minidump\041224-13125-01.dmp
2024-04-12 00:49 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-04-11 19:39 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-11 19:35 - 2023-01-29 19:44 - 003213824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-11 18:16 - 2020-04-28 18:29 - 000000000 ____D C:\Users\kkory\AppData\Local\D3DSCache
2024-04-10 21:11 - 2022-07-10 02:06 - 000000000 ____D C:\Users\kkory\Desktop\UBER
2024-04-10 18:47 - 2019-12-02 18:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-10 18:46 - 2019-12-03 01:24 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-10 18:40 - 2019-12-02 18:19 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-06 14:07 - 2020-07-04 00:30 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-06 14:07 - 2020-07-04 00:30 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-06 03:29 - 2021-09-14 11:22 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-04-06 03:29 - 2021-09-14 11:22 - 000002012 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-04-06 03:29 - 2021-09-14 11:22 - 000002012 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-04-06 03:29 - 2021-09-14 11:22 - 000002000 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-04-06 03:29 - 2020-10-31 13:06 - 000002048 _____ C:\Users\kkory\Desktop\Google Drive.lnk
2024-04-05 00:25 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-04 00:01 - 2023-01-29 19:51 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 00:01 - 2023-01-29 19:51 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-03 20:34 - 2020-02-26 20:59 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-04-02 20:02 - 2023-01-29 19:51 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-02 20:02 - 2022-10-11 14:41 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-04-02 20:02 - 2022-10-11 14:41 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-04-02 18:02 - 2020-06-15 19:32 - 000002391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2024-04-02 18:02 - 2020-06-15 19:32 - 000002356 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2024-04-02 18:02 - 2020-06-15 19:32 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2024-03-28 21:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-03-26 22:04 - 2022-09-14 05:59 - 000000000 ____D C:\Users\kkory\AppData\Roaming\com.adobe.dunamis
2024-03-14 06:31 - 2022-09-20 18:59 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-03-14 06:30 - 2022-05-07 11:09 - 000000000 ____D C:\WINDOWS\en-GB
2024-03-14 06:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-14 06:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-03-14 06:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-14 06:30 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by kkory (13-04-2024 20:28:18)
Running from C:\Users\kkory\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2023-01-29 18:52:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3105727912-594040118-960013747-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3105727912-594040118-960013747-503 - Limited - Disabled)
Guest (S-1-5-21-3105727912-594040118-960013747-501 - Limited - Disabled)
kkory (S-1-5-21-3105727912-594040118-960013747-1007 - Administrator - Enabled) => C:\Users\kkory
volko (S-1-5-21-3105727912-594040118-960013747-1008 - Limited - Enabled) => C:\Users\volko
WDAGUtilityAccount (S-1-5-21-3105727912-594040118-960013747-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 24.001.20643 - Adobe)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Binance 1.49.0 (HKLM\...\Binance) (Version: 1.49.0 - BinanceTech)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.22 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 122.0.24525.131 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
ControlCenter2.0 v1.0.23 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 1.0.23 - Control Center)
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.7013 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.7013 - CyberLink Corp.)
Dashlane (HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\Dashlane) (Version: 6.2148.0.52031 - Dashlane, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 196.4.6900 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
ESET Security (HKLM\...\{6D46484B-0BE2-4060-9CD3-FA87ED960ED9}) (Version: 17.0.16.0 - ESET, spol. s r.o.)
Free Auto Clicker 4.1.6 (HKLM-x32\...\Free Auto Clicker_is1) (Version: - FreeAutoClicker Co., Ltd.)
GCI (remove only) (HKLM-x32\...\GCI) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.122 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 89.0.2.0 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
Hotspot Shield 12.7.4 (HKLM-x32\...\{7c830047-ae7f-4492-9990-6be463931b83}) (Version: 12.7.4.12196 - Pango Inc.)
Hotspot Shield 12.7.4 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-49251197F2C7}) (Version: 12.7.4.12196 - Pango Inc.) Hidden
Hotspot Shield 12.7.4 (HKLM-x32\...\HotspotShield) (Version: 12.7.4 - Pango Inc.) Hidden
HotspotShield TAP-Windows 9.24.4 (HKLM\...\HotspotShield TAP-Windows) (Version: 9.24.4 - Pango Inc.) Hidden
Intel(R) Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.364 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B4F59074-915E-4DFE-BFD6-1B415B37AE2F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{ED204DD8-2982-4B22-B077-0F70024D5FEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{4B1DEC5C-ED0A-4DD1-ADB2-FD1117FF94D7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5017 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{64A94A93-B0C4-4B16-8CDC-FDB06E8CC306}) (Version: 16.0.2.1086 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000050-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.50.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E6F800A9-64D3-4E93-8E8E-AB53E21D4840}) (Version: 20.50.0.1450 - Intel Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM\...\{24DAC3F9-B4BF-437E-BB30-8BCBAAB2DFA6}) (Version: 1.9.100.41172 - Intel Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
Life App Explorer (HKU\S-1-5-21-3105727912-594040118-960013747-1008\...\Host App Service) (Version: 0.273.2.684 - SweetLabs) <==== ATTENTION
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.65 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\OneDriveSetup.exe) (Version: 24.065.0331.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3105727912-594040118-960013747-1008\...\OneDriveSetup.exe) (Version: 21.050.0310.0001 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{9F513024-FFAD-4466-8CF0-5348389196B8}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{C521A8D8-511F-43DF-B789-7DD0B3F7363B}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.15.26706 (HKLM\...\{F106B700-BFF8-3065-B305-14D36AD40539}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.15.26706 (HKLM\...\{C77195A4-CEB8-38EE-BDD6-C46CB459EF6E}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 113.0.2 (x64 en-GB)) (Version: 113.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
NVIDIA 3D Vision Driver 389.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 389.27 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 389.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 389.27 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenOffice 4.1.13 (HKLM-x32\...\{10DD5C14-3B1E-44D9-9CE6-82DCE24EAD17}) (Version: 4.113.9810 - Apache Software Foundation)
Parrot Software Update Tool (HKLM-x32\...\Parrot Flash Update Wizard) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.21304 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8433 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.31.0 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SupportAPP (HKLM\...\{0000A0AB-3A12-1EF4-A21C-9ADE1843AB04}) (Version: 1.1 - )
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
Trezor Suite 24.2.4 (HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\978be57b-9286-5cd7-a60b-54c81352a986) (Version: 24.2.4 - SatoshiLabs)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Wondershare Filmora X(Build 10.0.0.94) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-3105727912-594040118-960013747-1007\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-3105727912-594040118-960013747-1008\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-03-15] ()
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-02] (AMZN Mobile LLC.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-04-11] (INTEL CORP) [Startup Task]
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2023-05-07] (Canon Inc.)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-03-21] (Microsoft Corporation)
Dolby Audio Premium -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudioPremium_2.1001.237.0_x64__rz1tebttyb220 [2018-05-15] (Dolby Laboratories)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2024-04-03] (Dropbox Inc.)
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2024-04-09] (Sparse Package)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-17] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corp.)
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_2.7.1181.0_x86__8wekyb3d8bbwe [2024-02-06] (Microsoft Studios)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.5.2130.0_x64__8wekyb3d8bbwe [2024-03-16] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_4.5.2151.0_x64__8wekyb3d8bbwe [2024-03-20] (Microsoft Studios)
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.9.3291.0_x64__8wekyb3d8bbwe [2024-04-05] (Microsoft Studios)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-14] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24031.69.0_x64__cw5n1h2txyewy [2024-04-10] (Microsoft Windows) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-07] (Microsoft Corporation)
Plus500 -> C:\Program Files\WindowsApps\Plus500.Plus500_5.0.1.0_neutral__pssm8hpqmkeyc [2024-04-06] (Plus500)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.30.259.0_x64__dt26b99r8h8gj [2023-10-16] (Realtek Semiconductor Corp)
TradingView -> C:\Program Files\WindowsApps\TradingView.Desktop_2.7.1.5365_x64__n534cwy3pjxzj [2023-12-14] (TradingView, Inc.) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-03-16] (Microsoft Corporation)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2414.8.0_x64__cv1g1gvanyjgm [2024-04-13] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-14] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3105727912-594040118-960013747-1007_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => D:\dropbox\Dropbox [2020-03-09 20:02]
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-12-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-12-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.71.0.dll [2024-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxDTCM.dll [2018-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2023-12-18] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\kkory\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\kkory\Desktop\Karel - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\kkory\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\da40509940297948\Binance Wallet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhbohimaelbohpjbbldcngcnapndodjp
ShortcutWithArgument: C:\Users\kkory\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2020-12-03 04:31 - 2016-07-21 11:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-12-03 04:31 - 2017-09-12 11:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 000114176 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\_ctypes.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000172544 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\_elementtree.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 002255872 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\_hashlib.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000032256 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\_multiprocessing.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000046080 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\_psutil_windows.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000047616 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\_socket.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 002825216 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\_ssl.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000026112 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\_yappi.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000080896 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\bz2.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000015872 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\common.time34.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000007680 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\hashobjs_ext.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000301568 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\PIL._imaging.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000168448 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\pyexpat.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 001084416 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\pysqlite2._sqlite.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000548864 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\pythoncom27.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 000137728 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\pywintypes27.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 000010752 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\select.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000020992 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\thumbnails_ext.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000689664 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\unicodedata.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000119808 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\usb_ext.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000128512 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32api.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000438784 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32com.shell.shell.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000011776 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32crypt.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000023040 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32event.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000149504 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32file.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000223232 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32gui.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000048128 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32inet.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000029696 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32pdh.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000027648 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32pipe.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000044032 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32process.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000020480 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32profile.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000136192 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32security.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000026624 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\win32ts.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000034304 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\windows.conditional.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000037888 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\windows.connectivity.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000071680 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\windows.device_monitor.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000103936 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\windows.volumes.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000019968 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\windows.winwrap.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 001325056 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wx._controls_.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 001489408 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wx._core_.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 001007104 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wx._gdi_.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000103424 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wx._html2.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 000916992 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wx._misc_.pyd
2024-04-13 20:18 - 2024-04-13 20:18 - 001039872 _____ () [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wx._windows_.pyd
2019-12-05 20:25 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2023-11-20 15:56 - 2023-11-20 15:56 - 005855744 _____ (ESET, spol. s r.o. -> ESET) [File not signed] C:\Program Files\ESET\ESET Security\Modules\em045_64\1087\em045_64.dll
2023-01-29 19:45 - 2018-04-18 01:25 - 000760032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2023-01-29 19:45 - 2018-04-18 01:25 - 000874880 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2023-01-29 19:45 - 2018-04-18 01:25 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\python27.dll
2018-05-15 13:40 - 2016-10-11 14:52 - 002061824 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\Hotkey\audio10ec.dll
2018-05-15 13:40 - 2007-12-03 12:33 - 000204800 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\Hotkey\DataAddress.dll
2018-05-15 13:40 - 2016-10-11 21:01 - 002037248 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\Hotkey\powerlife.dll
2020-12-03 04:31 - 2017-09-12 11:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wxbase30u_net_vc90_x64.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wxbase30u_vc90_x64.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wxmsw30u_adv_vc90_x64.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wxmsw30u_core_vc90_x64.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wxmsw30u_html_vc90_x64.dll
2024-04-13 20:18 - 2024-04-13 20:18 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\kkory\AppData\Local\Temp\_MEI133322\wxmsw30u_webview_vc90_x64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3105727912-594040118-960013747-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3105727912-594040118-960013747-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3105727912-594040118-960013747-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3105727912-594040118-960013747-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3105727912-594040118-960013747-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\OEM\wallpaper.jpg
HKU\S-1-5-21-3105727912-594040118-960013747-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{69C6944F-BB6A-4693-92B8-DEC956A828BD}] => (Allow) C:\Users\kkory\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{33F7D764-3F91-4136-8275-2531680FE485}] => (Allow) C:\Users\kkory\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FF521DBB-2741-42AB-84DB-2416F7163EE9}] => (Allow) C:\Users\kkory\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{EE230E68-54A8-4707-B748-368E946CEC1C}] => (Block) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{5BB1A6D3-96E4-40B8-B185-3A6AE4BE765D}] => (Block) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{21FE19C2-03AF-4908-BE0B-53385383DE89}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{CEF5335B-7D79-421C-B435-D1767F40DDD3}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{2EE74B42-9357-4378-B0C1-6D071CC872F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8B855546-1355-4A88-A84C-5DED2C7D29B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A7D2AB1A-5A3A-46E2-A8BE-D6931715F38C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C2C67445-0E2D-4594-BC55-F68CB0D949D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{26161BEE-861A-4333-8211-690ECCE5BE80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{346F28D5-A10C-43F6-BB45-E4F0F6DB2813}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{97901FFE-E76A-4233-B731-7B2624E7F617}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F85C894C-6656-47A8-9C0C-7DCFBBD1F2B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E2E7E1CF-DD4F-46FB-B1D1-A605B6B402F3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{10580E1F-3460-4685-A8E1-B54A9B04EC90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{947016BF-5B07-469B-BBEB-60805C9317DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3A8C932E-4093-42AF-AA83-70D963C8DB15}] => (Allow) C:\Users\kkory\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2AE92FDD-8522-409A-BC71-7A27D9C49123}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ECDA591C-98FE-4AE6-B66E-70B4F428B8DD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6C631C6-12EC-4709-B33A-B675D499C1D4}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FirewallRules: [{0A6BA62D-8C3E-4BFE-BB47-4E5C151F3978}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{6710629D-EDB7-4604-AEEF-98252BE5506D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{411CD160-D555-454B-AEAA-A750229AC740}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C09FA358-26A1-4E4A-A471-4F2CCC139EBA}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{398EB311-260E-4F7D-9A9A-BCCE60C3B0EC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D726E1F-F1F6-4B5C-8AB8-FDB761FE6233}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64D97E7A-1E91-44C3-9E76-9743021DC4C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{939FCFB6-F3B7-45DE-9DE0-632270CACF27}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D5470D0-3F8A-4FE5-8315-FB2DBF197826}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
13-04-2024 18:07:01 Windows Update
13-04-2024 18:07:16 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/13/2024 08:19:14 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (04/13/2024 08:19:14 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (04/13/2024 08:19:14 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (04/13/2024 08:19:14 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (04/13/2024 08:19:13 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (04/13/2024 08:18:37 PM) (Source: SecurityCenter) (EventID: 19) (User: )
Description: The Windows Security Center Service was unable to load instances of AntiVirusProduct from datastore.
Error: (04/13/2024 08:18:37 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: The Windows Security Center Service was unable to load instances of FirewallProduct from datastore.
Error: (04/12/2024 10:51:36 PM) (Source: Application Error) (EventID: 1000) (User: ERAZER)
Description: Faulting application name: AuxSwitch.exe, version: 1.0.0.1, time stamp: 0x580db540
Faulting module name: AuxSwitch.exe, version: 1.0.0.1, time stamp: 0x580db540
Exception code: 0xc0000409
Fault offset: 0x00020713
Faulting process ID: 0x0x476c
Faulting application start time: 0x0x1da8d2394886273
Faulting application path: C:\Program Files (x86)\Hotkey\AuxSwitch.exe
Faulting module path: C:\Program Files (x86)\Hotkey\AuxSwitch.exe
Report ID: 2ac94a08-1444-459a-8c1a-c7f8ce950f2f
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (04/13/2024 08:17:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:40:40 on 13/04/2024 was unexpected.
Error: (04/12/2024 09:44:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated with the following error:
%%17000
Error: (04/12/2024 09:44:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA Telemetry Container service terminated with the following error:
A generic command executable returned a result that indicates failure.
Error: (04/12/2024 09:44:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hshld_12.7.4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/12/2024 09:43:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The igccservice service terminated with the following error:
An exception occurred in the service when handling the control request.
Error: (04/12/2024 09:43:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PowerBiosServer service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (04/12/2024 09:43:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (04/12/2024 09:42:59 PM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x0000009f (0x0000000000000003, 0xffffe789c36606d0, 0xffff93055ba5f6f8, 0xffffe789cccf9ba0)C:\WINDOWS\Minidump\041224-13125-01.dmpc12156d0-5c49-44d8-a824-c784db4a7fc5
CodeIntegrity:
===============
Date: 2024-04-13 20:28:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.
Date: 2024-04-13 20:21:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1.07.06RGM3_00029 07/19/2018
Motherboard: MEDION N857EX1M
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 71%
Total physical RAM: 8039.17 MB
Available physical RAM: 2315.06 MB
Total Virtual: 18791.17 MB
Available Virtual: 11373.17 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:235.65 GB) (Free:60.75 GB) (Model: HFS256GD9TNG-62A0A) NTFS
Drive d: (Korkis) (Fixed) (Total:608.54 GB) (Free:489.26 GB) (Model: ST1000LM048-2E7172) NTFS
Drive e: (Recover) (Fixed) (Total:30 GB) (Free:8.36 GB) (Model: ST1000LM048-2E7172) NTFS
Drive v: (Ekaterina) (Fixed) (Total:292.97 GB) (Free:83.85 GB) (Model: ST1000LM048-2E7172) NTFS
\\?\Volume{3d8c99c1-4fe5-4d69-82ba-1ff1b76f4b23}\ () (Fixed) (Total:0.73 GB) (Free:0.08 GB) NTFS
\\?\Volume{19296e25-2ee8-4718-8f47-e034656efa50}\ () (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{45b6ca81-8f35-417c-a8a9-c2d392409a18}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DA9D6057)
Partition: GPT.
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: DA9D6048)
Partition: GPT.
==================== End of Addition.txt =======================