| |
| |||||||
Alles rund um Windows: Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert?Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
27.11.2023, 20:17
| #1 |
| |  Problem: Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert? Bin während meiner Recherche auf das Forum aufmerksam geworden. Ich habe merkwürdige Sachen auf meinem Laptop beobachtet, kann allerdings nicht einschätzen, ob das durch einen Virus verursacht wurde. Der Screen wurde plötzlich schwarz, das Internet wurde in einem Augenblick plötzlich sehr langsam, An-und Abmeldung scheinen mir langsamer geworden zu sein, Surfen funktioniert nicht immer reibungslos. Außerdem habe ich gerade bei der Anmeldung bemerkt, dass sich das CMD Fenster mehrfach ganz kurz geöffnet hat und sofort wieder zuging. Ich habe das System mit Malwarebytes und RogueKiller gescannt. Es wurde nichts gefunden. Für den frst log habe ich viel zu wenig Ahnung. Ich weiß beispielsweise nicht, warum eine Erweiterung für Chrome gefunden wurde, wenn ich Chrome gar nicht installiert habe. Gleiches gilt für den Firefox. Wundert mich als unwissenden Nutzer. Bin sehr dankbar für eine Einschätzung der Ergebnisse von frst. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by bseve (administrator) on LAPTOP-DBF6PCMD (Dynabook Inc. SATELLITE PRO C40-G-109) (27-11-2023 19:16:08)
Running from C:\Users\Maslina\Downloads\FRST64.exe
Loaded Profiles: bseve
Platform: Microsoft Windows 10 Pro Education Version 22H2 19045.3693 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Avast Software\Avast\AvLaunch.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (5E8CAF4E-19CA-4DD9-B24C-ED3D89361853 -> Dynabook Inc.) C:\Program Files\WindowsApps\7906AAC0.dynabookSupportUtility_1.1.4.0_x64__nvaxck9xhg5vg\dynabook Support Utility\dynabookSupportUtilityHost.exe
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvLaunch.exe
(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_24b5eb49ea57c0a4\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_24b5eb49ea57c0a4\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_dd349ca1e8d98184\LMS.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c52b34f1b30918c5\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\AgentService.exe
(services.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c51a65fb5ec70f9d\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3684_none_7dfc270e7c9a3a0b\TiWorker.exe
(svchost.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe
(svchost.exe ->) (Skype Software Sarl -> ) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(svchost.exe ->) (Skype Software Sarl -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [366488 2023-11-26] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [465120 2020-08-19] (Express Vpn LLC -> ExpressVPN)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\Run: [MicrosoftEdgeAutoLaunch_FC1CA27929C988F6D051E170E9C0442B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44529568 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\Run: [MicrosoftEdgeAutoLaunch_2971F37554576828C45809786ABAFBDF] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44529568 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Maslina\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Maslina\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" [65185712 2023-11-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Maslina\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2023-11-25] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Maslina\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2023-11-27] () <==== ATTENTION [zero byte File/Folder]
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {97508EDC-878F-46C7-9537-2E3FD80B42AE} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5043608 2023-11-26] (Avast Software s.r.o. -> AVAST Software)
Task: {A23663D7-099A-45D0-AFD9-429D9FF8A812} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-11-26] (Avast Software s.r.o. -> Avast Software)
Task: {3E1D607E-13AF-48C6-8C83-BBA3E409903E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {49FC2B51-DC22-45F3-B31D-CE0A04412C9B} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "26275bdb-04db-4f2c-a1e2-cfd11b8b11df" --version "6.18.10838" --silent
Task: {4ED9E86A-7A8B-4B10-B02E-04D7E3C572B6} - System32\Tasks\CCleanerSkipUAC - bseve => C:\Program Files\CCleaner\CCleaner.exe [37546912 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {D973A38D-76BB-4FB3-94D3-547D033F9F65} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22764936 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEEC1E03-2D53-4F27-B5D8-EA278A20A1D1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22764936 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F977EAE-1BF8-4CD2-A5B1-24FFE3468EF1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118128 2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFF78479-7E6E-40E8-995C-752B6085A291} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118128 2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F358D704-2D64-4F21-8EAD-2D6D6F6CFF3F} - System32\Tasks\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask => {82aa0895-198a-4c1b-b2d1-c16894218afb} C:\Windows\System32\unifiedconsent.dll [278016 2023-11-26] (Microsoft Windows -> Microsoft Corporation)
Task: {98CB6CCF-0F3C-4E0B-A301-8101B7A1AD42} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-26] (Microsoft Windows -> Microsoft Corporation)
Task: {18B51DC4-D017-4FF6-91BD-0607C749E039} - System32\Tasks\MiniTool ShadowMaker => C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe [1033024 2023-10-23] (MiniTool Software Limited -> )
Task: {49DCFB95-1896-407F-A2CA-D87976E8BEF7} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {BE161B24-06A3-40A0-A237-767481BF483B} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c51a65fb5ec70f9d\RtkAudUService64.exe [1249848 2021-03-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {E36E1EAE-E6F9-4E22-BDDF-B83308BE8DC8} - System32\Tasks\WinZip Preloader => C:\Program Files\WinZip\WzPreloader.exe [131968 2020-09-27] (Corel Corporation -> WinZip Computing)
Task: {3E58C6BA-7B5D-488C-91F2-3D7C268B39E4} - System32\Tasks\WinZip UN => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-27] (Corel Corporation -> Corel Corporation)
Task: {48666F48-12D5-4004-95DC-08780680793A} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-27] (Corel Corporation -> Corel Corporation)
Task: {A4742E07-E52C-44C4-8A5A-6D5B486B29DF} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-27] (Corel Corporation -> Corel Corporation)
Task: {33338EC6-91BE-4695-8EF5-0C985490FAD7} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-27] (Corel Corporation -> Corel Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4f612f0e-e2ae-4c52-845a-92933457c4ae}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\bseve\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-26]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\bseve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-11-26]
Edge Extension: (Google Docs Offline) - C:\Users\bseve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-11-25]
Edge Extension: (Edge relevant text changes) - C:\Users\bseve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-11-25]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9003928 2023-11-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [735640 2023-11-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2282904 2023-11-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1140120 2023-11-26] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-11-26] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853384 2020-10-05] (Microsoft Corporation -> Microsoft Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-08-19] (Express Vpn LLC -> ExpressVPN)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-11-25] (Malwarebytes Inc. -> Malwarebytes)
R2 MTAgentService; C:\Program Files\MiniTool ShadowMaker\AgentService.exe [732992 2023-10-23] (MiniTool Software Limited -> )
R2 MTSchedulerService; C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe [225088 2023-10-23] (MiniTool Software Limited -> )
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16036272 2023-11-03] (ADLICE -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534584 2023-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [31528 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [240688 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [393904 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [297984 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [96072 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [26616 2023-11-26] (Microsoft Windows Early Launch Anti-Malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39752 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [276856 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [561888 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [105352 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [80528 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [952856 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [710144 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [213296 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [319672 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2020-08-19] (ExprsVPN LLC -> ExpressVPN)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-11-25] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188008 2023-11-26] (Malwarebytes Inc. -> Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
R3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [52904 2020-08-19] (ExprsVPN LLC -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-27 19:09 - 2023-11-27 19:09 - 000001425 _____ C:\Users\bseve\Desktop\MBAM271123.txt
2023-11-27 19:05 - 2023-11-27 19:05 - 000000000 ____D C:\Users\bseve\AppData\Local\mbam
2023-11-27 17:46 - 2023-11-27 18:55 - 000000000 ____D C:\ProgramData\RogueKiller
2023-11-27 17:46 - 2023-11-27 17:46 - 000054208 _____ C:\Windows\system32\Drivers\truesight.sys
2023-11-27 17:46 - 2023-11-27 17:46 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-11-27 17:46 - 2023-11-27 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-11-27 17:45 - 2023-11-27 17:46 - 000000000 ____D C:\Program Files\RogueKiller
2023-11-27 17:37 - 2023-11-27 17:44 - 047819824 _____ (Adlice Software ) C:\Users\Maslina\Downloads\RogueKiller_setup.exe
2023-11-27 16:52 - 2023-11-27 16:52 - 000000000 ____D C:\Users\bseve\AppData\Local\system_backup_gui
2023-11-27 16:46 - 2023-11-27 16:53 - 000000000 ____D C:\Users\bseve\AppData\Local\WinZip
2023-11-27 16:46 - 2023-11-27 16:51 - 000000000 ____D C:\Users\bseve\Documents\treesizefree-portable
2023-11-26 18:20 - 2023-11-26 18:20 - 000188008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-11-26 18:19 - 2023-11-26 18:19 - 000000085 _____ C:\Windows\wininit.ini
2023-11-26 17:58 - 2023-11-26 17:58 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\HTML Help
2023-11-26 17:26 - 2023-11-26 17:26 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2023-11-26 17:21 - 2023-11-26 18:19 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2023-11-26 17:20 - 2023-11-26 17:20 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\bseve\Downloads\spybotsd-2.9.85.5 (1).exe
2023-11-26 17:14 - 2023-11-26 17:15 - 000000000 ____D C:\AdwCleaner
2023-11-26 17:14 - 2023-11-26 17:14 - 008791352 _____ (Malwarebytes) C:\Users\bseve\Downloads\adwcleaner.exe
2023-11-26 16:59 - 2023-11-26 16:59 - 000000000 ____D C:\Users\bseve\AppData\Local\Avast Software
2023-11-26 16:39 - 2023-11-26 16:39 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Avast Software
2023-11-26 16:39 - 2023-11-26 16:39 - 000000000 ____D C:\Users\bseve\AppData\Local\CEF
2023-11-26 16:33 - 2023-11-26 16:35 - 000024833 _____ C:\Users\Maslina\Downloads\Addition.txt
2023-11-26 16:17 - 2023-11-27 19:17 - 000021681 _____ C:\Users\Maslina\Downloads\FRST.txt
2023-11-26 16:16 - 2023-11-27 19:16 - 000000000 ____D C:\FRST
2023-11-26 16:16 - 2023-11-26 16:16 - 000000000 ____D C:\Users\Maslina\Downloads\FRST-OlderVersion
2023-11-26 16:15 - 2023-11-26 16:16 - 002383872 _____ (Farbar) C:\Users\Maslina\Downloads\FRST64.exe
2023-11-26 15:32 - 2023-11-26 15:32 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-11-26 14:59 - 2023-11-26 11:28 - 000313240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2023-11-26 14:53 - 2023-11-26 15:00 - 000000000 ____D C:\Windows\SystemTemp
2023-11-26 14:53 - 2023-11-26 14:53 - 000000000 ____D C:\Windows\system32\Drivers\mde
2023-11-26 14:33 - 2023-11-27 19:17 - 000000000 ____D C:\Users\bseve\AppData\Roaming\QtProject
2023-11-26 14:32 - 2023-11-26 14:32 - 000003074 _____ C:\Windows\system32\Tasks\MiniTool ShadowMaker
2023-11-26 14:32 - 2023-11-26 14:32 - 000000993 _____ C:\Users\Public\Desktop\MiniTool ShadowMaker.lnk
2023-11-26 14:32 - 2023-11-26 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker
2023-11-26 14:32 - 2021-03-26 11:07 - 003600896 _____ C:\Windows\system32\pwNative.exe
2023-11-26 14:32 - 2021-03-26 11:07 - 000019152 _____ C:\Windows\system32\pwdrvio.sys
2023-11-26 14:32 - 2021-03-26 11:07 - 000012504 _____ C:\Windows\system32\pwdspio.sys
2023-11-26 14:31 - 2023-11-26 14:31 - 000003276 _____ C:\Windows\system32\Tasks\MiniToolPartitionWizard
2023-11-26 14:31 - 2023-11-26 14:31 - 000001039 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk
2023-11-26 14:31 - 2023-11-26 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2023-11-26 14:30 - 2023-11-27 16:53 - 000000000 ____D C:\Program Files\MiniTool ShadowMaker
2023-11-26 14:30 - 2023-11-26 14:33 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2023-11-26 14:28 - 2023-11-26 14:28 - 003253368 _____ (MiniTool Software Limited ) C:\Users\Maslina\Downloads\pw-free-online.exe
2023-11-26 14:28 - 2023-11-26 14:28 - 003253368 _____ (MiniTool Software Limited ) C:\Users\Maslina\Downloads\pw-free-online (1).exe
2023-11-26 14:23 - 2023-11-26 14:23 - 000016059 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-11-26 12:21 - 2023-11-26 12:21 - 000034356 _____ C:\Users\bseve\Documents\cc_20231126_122140.reg
2023-11-26 12:05 - 2023-11-26 12:05 - 000000000 ___HD C:\$WinREAgent
2023-11-26 11:54 - 2023-11-27 16:47 - 000001021 _____ C:\Users\bseve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSizeFree.lnk
2023-11-26 11:54 - 2023-11-26 11:54 - 000001027 _____ C:\Users\Maslina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSizeFree.lnk
2023-11-26 11:53 - 2023-11-26 12:04 - 000000000 ____D C:\Users\Maslina\Downloads\treesizefree-portable
2023-11-26 11:52 - 2023-11-26 12:00 - 000000000 ____D C:\Users\Maslina\AppData\Local\WinZip
2023-11-26 11:52 - 2023-11-26 11:53 - 016760573 _____ C:\Users\Maslina\Downloads\treesizefree-portable.zip
2023-11-26 11:52 - 2023-11-26 11:52 - 000000000 ____D C:\ProgramData\UniqueId
2023-11-26 11:31 - 2023-11-26 11:31 - 000000000 ____D C:\Users\Maslina\AppData\Local\Avast Software
2023-11-26 11:30 - 2023-11-26 14:59 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2023-11-26 11:30 - 2023-11-26 14:59 - 000002087 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2023-11-26 11:30 - 2023-11-26 11:30 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Avast Software
2023-11-26 11:30 - 2023-11-26 11:30 - 000000000 ____D C:\Users\Maslina\AppData\Local\CEF
2023-11-26 11:29 - 2023-11-26 11:29 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2023-11-26 11:28 - 2023-11-27 16:51 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2023-11-26 11:28 - 2023-11-26 11:28 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-11-26 11:27 - 2023-11-26 11:27 - 000000000 ____D C:\Program Files\Avast Software
2023-11-26 11:26 - 2023-11-26 18:20 - 000000000 ____D C:\ProgramData\Avast Software
2023-11-26 11:26 - 2023-11-26 11:26 - 000263576 _____ (AVAST Software) C:\Users\Maslina\Downloads\avast_free_antivirus_setup_online.exe
2023-11-26 10:45 - 2023-11-26 10:45 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\MMC
2023-11-26 10:35 - 2023-11-26 10:35 - 000000000 ____D C:\Users\bseve\AppData\Local\ElevatedDiagnostics
2023-11-26 10:04 - 2023-11-27 19:15 - 000000000 ____D C:\Users\bseve\AppData\Local\Malwarebytes
2023-11-26 04:45 - 2023-11-26 14:53 - 000000000 ___SD C:\Windows\system32\AppV
2023-11-26 04:45 - 2023-11-26 14:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-11-26 04:45 - 2023-11-26 04:45 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2023-11-26 04:45 - 2023-11-26 04:45 - 000000000 ____D C:\Windows\RemotePackages
2023-11-26 04:45 - 2023-11-25 12:56 - 000000000 ____D C:\Windows\CSC
2023-11-26 04:38 - 2023-11-26 04:38 - 000000046 _____ C:\Windows\RicaOption.ini
2023-11-26 04:38 - 2023-11-25 23:14 - 000000000 ____D C:\Windows\Panther
2023-11-25 23:20 - 2023-11-26 15:16 - 000000000 ____D C:\Users\Maslina\AppData\Local\CrashDumps
2023-11-25 23:19 - 2023-11-25 23:19 - 000001528 _____ C:\Users\bseve\Documents\startup.txt
2023-11-25 23:13 - 2023-11-26 18:18 - 000000000 ____D C:\Program Files\CCleaner
2023-11-25 23:13 - 2023-11-26 10:31 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-11-25 23:13 - 2023-11-26 10:02 - 000000666 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-11-25 23:13 - 2023-11-25 23:45 - 000003380 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-11-25 23:13 - 2023-11-25 23:13 - 000002904 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - bseve
2023-11-25 23:13 - 2023-11-25 23:13 - 000000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2023-11-25 23:13 - 2023-11-25 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-11-25 23:11 - 2023-11-25 23:11 - 060967624 _____ (Piriform Software Ltd) C:\Users\Maslina\Downloads\ccsetup617.exe
2023-11-25 23:10 - 2023-11-25 23:10 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\Spelling
2023-11-25 23:01 - 2023-11-27 19:00 - 000000000 ____D C:\Users\Maslina\AppData\Local\Malwarebytes
2023-11-25 23:01 - 2023-11-25 23:01 - 000000000 ____D C:\Users\Maslina\AppData\Local\mbam
2023-11-25 23:00 - 2023-11-25 23:00 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-11-25 23:00 - 2023-11-25 23:00 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-11-25 22:59 - 2023-11-25 22:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-11-25 22:59 - 2023-11-25 22:59 - 000000000 ____D C:\Program Files\Malwarebytes
2023-11-25 22:57 - 2023-11-25 23:15 - 000000000 ____D C:\Users\Maslina\AppData\Local\Publishers
2023-11-25 22:57 - 2023-11-25 22:57 - 002606880 _____ (Malwarebytes) C:\Users\Maslina\Downloads\mbsetup.exe
2023-11-25 22:57 - 2023-11-25 22:57 - 000000000 ____D C:\Users\Maslina\AppData\Local\Comms
2023-11-25 22:55 - 2023-11-27 17:10 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-494448607-1303044631-3617626462-1002
2023-11-25 22:54 - 2023-11-27 17:10 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-494448607-1303044631-3617626462-1002
2023-11-25 22:54 - 2023-11-26 11:29 - 000000000 ____D C:\Users\Maslina\AppData\Local\D3DSCache
2023-11-25 22:54 - 2023-11-25 22:54 - 000000000 ___RD C:\Users\Maslina\OneDrive
2023-11-25 22:52 - 2023-11-27 17:10 - 000002396 _____ C:\Users\Maslina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-25 22:52 - 2023-11-27 16:59 - 000000000 __SHD C:\Users\Maslina\IntelGraphicsProfiles
2023-11-25 22:52 - 2023-11-26 15:05 - 000002359 _____ C:\Users\Maslina\Desktop\Microsoft Edge.lnk
2023-11-25 22:52 - 2023-11-25 23:20 - 000000000 ____D C:\Users\Maslina\AppData\Local\Packages
2023-11-25 22:52 - 2023-11-25 22:54 - 000000000 ____D C:\Users\Maslina
2023-11-25 22:52 - 2023-11-25 22:53 - 000000000 ____D C:\Users\Maslina\AppData\Local\Intel
2023-11-25 22:52 - 2023-11-25 22:52 - 000000020 ___SH C:\Users\Maslina\ntuser.ini
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___SD C:\Users\Maslina\AppData\Roaming\Microsoft\SystemCertificates
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___SD C:\Users\Maslina\AppData\Roaming\Microsoft\Protect
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___SD C:\Users\Maslina\AppData\Roaming\Microsoft\Crypto
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___SD C:\Users\Maslina\AppData\Roaming\Microsoft\Credentials
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___RD C:\Users\Maslina\3D Objects
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\Windows
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\Vault
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\Network
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Adobe
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\LocalLow\Intel
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Local\VirtualStore
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Local\ConnectedDevicesPlatform
2023-11-25 22:36 - 2021-09-02 06:21 - 000309688 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2023-11-25 22:36 - 2021-09-02 06:21 - 000257072 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2023-11-25 22:36 - 2021-09-02 06:21 - 000173080 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2023-11-25 22:36 - 2021-09-02 06:21 - 000148368 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2023-11-25 22:36 - 2021-09-02 06:20 - 001859640 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-11-25 22:36 - 2021-09-02 06:20 - 001859640 _____ C:\Windows\system32\vulkaninfo.exe
2023-11-25 22:36 - 2021-09-02 06:20 - 001440304 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-11-25 22:36 - 2021-09-02 06:20 - 001440304 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-11-25 22:36 - 2021-09-02 06:20 - 001102328 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-11-25 22:36 - 2021-09-02 06:20 - 001102328 _____ C:\Windows\system32\vulkan-1.dll
2023-11-25 22:36 - 2021-09-02 06:20 - 000956432 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-11-25 22:36 - 2021-09-02 06:20 - 000956432 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-11-25 22:31 - 2023-11-25 22:31 - 000000000 ____D C:\Users\bseve\AppData\Local\Comms
2023-11-25 22:29 - 2023-11-25 22:30 - 000000000 ____D C:\Windows\system32\MRT
2023-11-25 22:24 - 2023-11-25 22:24 - 000000000 ____D C:\Windows\Firmware
2023-11-25 22:23 - 2023-11-26 16:12 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-11-25 22:14 - 2023-11-25 22:15 - 000000000 ____D C:\Users\bseve\AppData\Local\Publishers
2023-11-25 22:12 - 2023-11-26 15:03 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-11-25 22:06 - 2023-11-26 10:17 - 000000000 ____D C:\Users\bseve\AppData\Local\D3DSCache
2023-11-25 22:05 - 2023-11-25 22:05 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\Spelling
2023-11-25 22:05 - 2023-11-25 22:05 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\MMC
2023-11-25 22:04 - 2023-11-25 22:04 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-494448607-1303044631-3617626462-1001
2023-11-25 22:04 - 2023-11-25 22:04 - 000000000 ___RD C:\Users\bseve\OneDrive
2023-11-25 22:04 - 2023-11-25 22:04 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\InputMethod
2023-11-25 22:03 - 2023-11-25 22:03 - 000000000 ____D C:\Users\bseve\AppData\LocalLow\Intel
2023-11-25 22:02 - 2023-11-27 19:15 - 000000000 __SHD C:\Users\bseve\IntelGraphicsProfiles
2023-11-25 22:02 - 2023-11-27 16:57 - 000000000 ____D C:\Users\bseve\AppData\Local\Packages
2023-11-25 22:02 - 2023-11-26 16:27 - 000002359 _____ C:\Users\bseve\Desktop\Microsoft Edge.lnk
2023-11-25 22:02 - 2023-11-25 22:13 - 000000000 ____D C:\Users\bseve\AppData\Local\ConnectedDevicesPlatform
2023-11-25 22:02 - 2023-11-25 22:03 - 000000000 ____D C:\Users\bseve\AppData\Local\Intel
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ___SD C:\Users\bseve\AppData\Roaming\Microsoft\Crypto
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ___RD C:\Users\bseve\3D Objects
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\Vault
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Adobe
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ____D C:\Users\bseve\AppData\Local\VirtualStore
2023-11-25 22:00 - 2023-11-25 22:04 - 000002374 _____ C:\Users\bseve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-25 22:00 - 2023-11-25 22:04 - 000000000 ____D C:\Users\bseve
2023-11-25 22:00 - 2023-11-25 22:03 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\Windows
2023-11-25 22:00 - 2023-11-25 22:00 - 000000020 ___SH C:\Users\bseve\ntuser.ini
2023-11-25 22:00 - 2023-11-25 22:00 - 000000000 ___SD C:\Users\bseve\AppData\Roaming\Microsoft\SystemCertificates
2023-11-25 22:00 - 2023-11-25 22:00 - 000000000 ___SD C:\Users\bseve\AppData\Roaming\Microsoft\Protect
2023-11-25 22:00 - 2023-11-25 22:00 - 000000000 ___SD C:\Users\bseve\AppData\Roaming\Microsoft\Credentials
2023-11-25 21:57 - 2023-11-25 21:57 - 000000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft\SystemCertificates
2023-11-25 12:56 - 2023-11-25 12:56 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Vault
2023-11-25 12:56 - 2023-11-25 12:56 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Network
2023-11-25 12:55 - 2023-11-25 21:59 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2023-11-25 12:55 - 2023-11-25 12:56 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Intel
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Crypto
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Spelling
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\LocalLow\Intel
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2023-11-25 12:54 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows
2023-11-25 12:54 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0
2023-11-25 12:54 - 2023-11-25 12:54 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini
2023-11-25 12:54 - 2023-11-25 12:54 - 000000000 _SHDL C:\Documents and Settings
2023-11-25 12:54 - 2023-11-25 12:54 - 000000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Protect
2023-11-25 12:54 - 2023-11-25 12:54 - 000000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Credentials
2023-11-25 12:39 - 2023-11-25 12:52 - 000022863 _____ C:\Windows\diagwrn.xml
2023-11-25 12:39 - 2023-11-25 12:52 - 000022863 _____ C:\Windows\diagerr.xml
2023-11-25 12:39 - 2023-11-25 12:39 - 000000206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IOLO.url
2023-11-25 12:39 - 2023-11-25 12:39 - 000000206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.url
2023-11-25 12:38 - 2023-11-25 12:54 - 000002432 _____ C:\Windows\system32\Tasks\WinZip UN
2023-11-25 12:38 - 2023-11-25 12:54 - 000002364 _____ C:\Windows\system32\Tasks\WinZip Preloader
2023-11-25 12:38 - 2023-11-25 12:38 - 000000000 ____D C:\Windows\OEM
2023-11-25 12:37 - 2023-11-26 11:52 - 000000000 ____D C:\ProgramData\WinZip
2023-11-25 12:37 - 2023-11-25 22:18 - 000000000 ____D C:\ProgramData\Dynabook
2023-11-25 12:37 - 2023-11-25 12:54 - 000002710 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 2
2023-11-25 12:37 - 2023-11-25 12:54 - 000002708 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 3
2023-11-25 12:37 - 2023-11-25 12:54 - 000002708 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 1
2023-11-25 12:37 - 2023-11-25 12:37 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2023-11-25 12:37 - 2023-11-25 12:37 - 000002171 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2023-11-25 12:37 - 2023-11-25 12:37 - 000002098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2023-11-25 12:37 - 2023-11-25 12:37 - 000000214 _____ C:\Users\Public\Desktop\Dynabook Services.url
2023-11-25 12:37 - 2023-11-25 12:37 - 000000000 ____D C:\ProgramData\Package Cache
2023-11-25 12:37 - 2023-11-25 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2023-11-25 12:37 - 2023-11-25 12:37 - 000000000 ____D C:\ProgramData\ExpressVPN
2023-11-25 12:37 - 2023-11-25 12:37 - 000000000 ____D C:\Program Files\WinZip
2023-11-25 12:37 - 2023-11-25 12:37 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2023-11-25 12:36 - 2023-11-25 22:16 - 000000000 ____D C:\ProgramData\Packages
2023-11-25 12:35 - 2023-11-25 12:35 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-11-25 12:32 - 2023-11-27 16:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-11-25 12:32 - 2023-11-25 12:32 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-11-25 12:29 - 2023-11-25 22:26 - 000003366 _____ C:\Windows\system32\Tasks\RtkAudUService64_BG
2023-11-25 12:27 - 2023-11-25 12:27 - 000000000 ____D C:\ProgramData\RealtekLAN
2023-11-25 12:26 - 2023-11-25 22:54 - 000000000 ____D C:\ProgramData\Intel
2023-11-25 12:25 - 2023-11-26 18:20 - 000000000 ____D C:\Intel
2023-11-25 12:25 - 2023-11-25 12:25 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2023-11-25 12:17 - 2023-11-26 15:00 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-25 12:16 - 2023-11-25 21:59 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-11-25 12:16 - 2023-11-25 21:59 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-11-25 11:47 - 2023-11-25 12:54 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-494448607-1303044631-3617626462-500
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-27 19:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-11-27 16:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-11-27 16:52 - 2021-01-14 05:19 - 003854352 _____ C:\Windows\system32\PerfStringBackup.INI
2023-11-27 16:52 - 2020-05-12 04:07 - 000492788 _____ C:\Windows\system32\perfh011.dat
2023-11-27 16:52 - 2020-05-12 04:07 - 000137288 _____ C:\Windows\system32\perfc011.dat
2023-11-27 16:52 - 2020-05-12 04:03 - 000471280 _____ C:\Windows\system32\perfh006.dat
2023-11-27 16:52 - 2020-05-12 04:03 - 000083826 _____ C:\Windows\system32\perfc006.dat
2023-11-27 16:52 - 2020-05-12 04:00 - 000443008 _____ C:\Windows\system32\perfh00B.dat
2023-11-27 16:52 - 2020-05-12 04:00 - 000085860 _____ C:\Windows\system32\perfc00B.dat
2023-11-27 16:52 - 2020-05-12 03:57 - 000456664 _____ C:\Windows\system32\perfh014.dat
2023-11-27 16:52 - 2020-05-12 03:57 - 000081484 _____ C:\Windows\system32\perfc014.dat
2023-11-27 16:52 - 2020-05-12 03:54 - 000719274 _____ C:\Windows\system32\perfh01D.dat
2023-11-27 16:52 - 2020-05-12 03:54 - 000149998 _____ C:\Windows\system32\perfc01D.dat
2023-11-27 16:52 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-11-26 18:20 - 2021-01-14 22:12 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-26 18:20 - 2021-01-14 22:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-11-26 18:19 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-11-26 17:33 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-11-26 16:27 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-11-26 16:21 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-11-26 14:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-11-26 14:58 - 2021-01-14 22:12 - 000533536 _____ C:\Windows\system32\FNTCACHE.DAT
2023-11-26 14:54 - 2020-05-12 04:07 - 000000000 ____D C:\Windows\SysWOW64\ja
2023-11-26 14:54 - 2020-05-12 04:03 - 000000000 ____D C:\Windows\SysWOW64\da
2023-11-26 14:54 - 2020-05-12 04:00 - 000000000 ____D C:\Windows\SysWOW64\fi
2023-11-26 14:54 - 2020-05-12 03:57 - 000000000 ____D C:\Windows\SysWOW64\no
2023-11-26 14:54 - 2020-05-12 03:54 - 000000000 ____D C:\Windows\SysWOW64\sv
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2023-11-26 14:53 - 2021-01-14 22:23 - 000000000 ____D C:\Windows\system32\Sysprep
2023-11-26 14:53 - 2020-05-12 04:07 - 000000000 ____D C:\Windows\system32\ja
2023-11-26 14:53 - 2020-05-12 04:03 - 000000000 ____D C:\Windows\system32\da
2023-11-26 14:53 - 2020-05-12 04:00 - 000000000 ____D C:\Windows\system32\fi
2023-11-26 14:53 - 2020-05-12 03:57 - 000000000 ____D C:\Windows\system32\no
2023-11-26 14:53 - 2020-05-12 03:54 - 000000000 ____D C:\Windows\system32\sv
2023-11-26 14:53 - 2020-05-12 03:51 - 000000000 ____D C:\Windows\system32\Drivers\en-GB
2023-11-26 14:53 - 2020-05-12 03:51 - 000000000 ____D C:\Windows\en-GB
2023-11-26 14:53 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-26 14:53 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-26 14:53 - 2019-12-07 10:50 - 000000000 ____D C:\Windows\system32\OpenSSH
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemApps
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\DiagTrack
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-26 14:53 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2023-11-26 14:45 - 2019-12-07 10:52 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-11-26 14:45 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-11-26 14:45 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-11-26 14:21 - 2021-01-14 05:16 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-11-26 10:02 - 2021-01-14 22:12 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-11-26 04:45 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\security
2023-11-26 04:45 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\schemas
2023-11-26 04:45 - 2019-12-07 10:10 - 000820736 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\ddputils.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000287744 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ManagedEventLogging.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000280064 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\appvetwsharedperformance.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\AppvClientEventLog.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditNativeSnapIn.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000214016 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CmUtil.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smbdirect.sys
2023-11-26 04:45 - 2019-12-07 10:10 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\fveprompt.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000147439 _____ C:\Windows\SysWOW64\gpedit.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000147439 _____ C:\Windows\system32\gpedit.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\ddptrace.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000137736 _____ (Microsoft Corporation) C:\Windows\system32\iotstartup.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000120458 _____ C:\Windows\system32\secpol.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\baaupdate.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpolmsg.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\PackageInspector.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmlib.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\srmlib.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\srmtrace.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncController.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Common.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\ddp_ps.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmtrace.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppCore.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\UevAppMonitor.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CabUtil.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.EventLogMessages.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000043566 _____ C:\Windows\SysWOW64\rsop.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000043566 _____ C:\Windows\system32\rsop.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\UevAgentPolicyGenerator.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\srm_ps.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\qwinsta.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\msg.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\quser.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Management.WmiAccess.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Management.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppData.WinRT.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NcaApi.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncCommon.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Common.WinRT.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.LocalSyncProvider.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm_ps.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\RemoteAppLifetimeManagerProxyStub.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernSync.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\UevTemplateBaselineGenerator.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\UevTemplateConfigItemGenerator.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\BdeSysprep.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SmbSyncProvider.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\assignedaccessproviderevents.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.MonitorSyncProvider.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncConditions.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.SecureAssessment.Diagnostics.dll
2023-11-26 04:40 - 2021-01-14 22:11 - 000000002 _____ C:\Windows\system32\Drivers\PREINSTALL_na_SATELLITE PRO C40-G-109_TIH0550200A.MRK
2023-11-26 04:38 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2023-11-26 04:31 - 2021-01-14 22:10 - 000000000 ____D C:\Dynabook
2023-11-26 04:31 - 2019-12-07 10:18 - 000000000 ____D C:\Windows\Setup
2023-11-25 22:52 - 2021-01-14 05:15 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-11-25 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2023-11-25 22:02 - 2021-01-14 22:23 - 000000000 ____D C:\Windows\SysWOW64\sysprep
2023-11-25 12:56 - 2019-12-07 10:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-11-25 12:52 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-11-25 12:36 - 2021-01-14 22:11 - 000000000 ____D C:\Program Files\Dynabook
2023-11-25 12:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
2023-11-25 12:32 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-11-25 12:10 - 2019-12-07 10:52 - 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-11-25 11:58 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
--- --- --- [CODE]Additional FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by bseve (27-11-2023 19:19:45)
Running from C:\Users\Maslina\Downloads
Microsoft Windows 10 Pro Education Version 22H2 19045.3693 (X64) (2023-11-25 11:54:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-494448607-1303044631-3617626462-500 - Administrator - Disabled)
bseve (S-1-5-21-494448607-1303044631-3617626462-1001 - Administrator - Enabled) => C:\Users\bseve
DefaultAccount (S-1-5-21-494448607-1303044631-3617626462-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-494448607-1303044631-3617626462-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-494448607-1303044631-3617626462-501 - Limited - Disabled)
Maslina (S-1-5-21-494448607-1303044631-3617626462-1002 - Limited - Enabled) => C:\Users\Maslina
WDAGUtilityAccount (S-1-5-21-494448607-1303044631-3617626462-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.11.6090 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 6.18 - Piriform)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8468D8835}) (Version: 7.12.1.4 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{ebd248cd-b3ef-4e14-b91a-d626fa5c392a}) (Version: 7.12.1.4 - ExpressVPN)
Malwarebytes version 4.6.6.294 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.6.294 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13127.20616 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.8 - MiniTool Software Limited)
MiniTool ShadowMaker PW Edition (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 4.3 - MiniTool Software Limited)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
RogueKiller Version 15.13.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.13.0.0 - Adlice Software)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.30781.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
dynabook Manual -> C:\Program Files\WindowsApps\7906AAC0.TOSHIBAManual_1.0.10.0_x86__nvaxck9xhg5vg [2023-11-25] (Dynabook Inc.)
dynabook Support Utility -> C:\Program Files\WindowsApps\7906AAC0.dynabookSupportUtility_1.1.4.0_x64__nvaxck9xhg5vg [2023-11-26] (Dynabook Inc.) [Startup Task]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5237.0_x64__8j3eq9eme6ctt [2023-11-26] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-11-25] (INTEL CORP)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.10420.5165.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.37.21681.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.20.238.0_x64__dt26b99r8h8gj [2023-11-25] (Realtek Semiconductor Corp)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2023-11-26] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-11-26] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-11-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-11-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-27] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-11-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-11-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-27] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-11-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-11-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-27] (Corel Corporation -> WinZip Computing)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\bseve\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [144]
AlternateDataStreams: C:\Users\bseve\Downloads\spybotsd-2.9.85.5 (1).exe:MBAM.Zone.Identifier [131]
AlternateDataStreams: C:\Users\Maslina\Downloads\avast_free_antivirus_setup_online.exe:MBAM.Zone.Identifier [209]
AlternateDataStreams: C:\Users\Maslina\Downloads\ccsetup617.exe:MBAM.Zone.Identifier [166]
AlternateDataStreams: C:\Users\Maslina\Downloads\pw-free-online.exe:MBAM.Zone.Identifier [170]
AlternateDataStreams: C:\Users\Maslina\Downloads\RogueKiller_setup.exe:MBAM.Zone.Identifier [224]
AlternateDataStreams: C:\Users\Maslina\Downloads\treesizefree-portable.zip:MBAM.Zone.Identifier [177]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-494448607-1303044631-3617626462-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dynabook\Dynabook_Option3.jpg
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dynabook\Dynabook_Option3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "MTPW"
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_FC1CA27929C988F6D051E170E9C0442B"
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_2971F37554576828C45809786ABAFBDF"
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6698EEFC-00CE-4E7E-BD90-9E60AE6C483C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A280B084-9AF6-40CD-AE62-705747E443D0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C1541C5-8DA3-4F42-AF12-9F1E3D151588}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{02DBCF0C-2512-4DA2-A3AD-C08D42CA9E1F}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{AD992903-B8DC-4693-8252-44971C947622}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{E5908B57-E24A-4515-980E-CC503BFA63EE}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
==================== Restore Points =========================
26-11-2023 12:05:26 Windows Modules Installer
26-11-2023 16:14:06 Windows Modules Installer
26-11-2023 16:15:55 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/26/2023 06:19:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDFSSvc.exe, version: 2.9.85.231, time stamp: 0x63ebb1a4
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3693, time stamp: 0x64ee7a9c
Exception code: 0x0eedfade
Fault offset: 0x0013f932
Faulting process ID: 0x14e8
Faulting application start time: 0x01da2085c993fac4
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 2aee7fc9-ab00-43a5-b759-32f549098b43
Faulting package full name:
Faulting package-relative application ID:
Error: (11/26/2023 04:21:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.11.2023.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 928
Start Time: 01da207b967b8fa3
Termination Time: 4294967295
Application Path: C:\Users\Maslina\Downloads\FRST64.exe
Report Id: 447b01a3-2bff-4079-a84f-de459fe62702
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (11/26/2023 02:30:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDXHelper.exe, version: 16.0.13127.20616, time stamp: 0x5f7d2cd5
Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x5f445bf7
Exception code: 0xc0000005
Fault offset: 0x00015228
Faulting process ID: 0x44bc
Faulting application start time: 0x01da206c86043d71
Faulting application path: C:\Program Files (x86)\Microsoft Office\Root\Office16\SDXHelper.exe
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll
Report ID: 97f5bbb7-013f-4f2e-8847-afb1361d2681
Faulting package full name:
Faulting package-relative application ID:
Error: (11/26/2023 11:25:26 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3684_none_7dfc270e7c9a3a0b\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80010108).
Error: (11/26/2023 10:27:32 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (11/25/2023 11:39:42 PM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (6316,R,98) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb0002C.log.
Error: (11/25/2023 11:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDXHelper.exe, version: 16.0.13127.20616, time stamp: 0x5f7d2cd5
Faulting module name: mso20win32client.dll, version: 0.0.0.0, time stamp: 0x5f445bf7
Exception code: 0xc0000005
Fault offset: 0x00015228
Faulting process ID: 0x648
Faulting application start time: 0x01da1fec560e4b73
Faulting application path: C:\Program Files (x86)\Microsoft Office\Root\Office16\SDXHelper.exe
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso20win32client.dll
Report ID: de358f2c-36b0-4482-80bf-33180357e7a7
Faulting package full name:
Faulting package-relative application ID:
Error: (11/25/2023 10:13:02 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-DBF6PCMD$ via https://INTC-KeyId-9aaf591ee263caae10f57ba04fa8d1dd6613f9eb.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(31ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
System errors:
=============
Error: (11/26/2023 03:16:40 PM) (Source: DCOM) (EventID: 10000) (User: LAPTOP-DBF6PCMD)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (11/26/2023 02:59:27 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {a70ff94f-570b-4979-ba5c-e59c9feab61b} to channel Microsoft-Windows-WinINet/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
Error: (11/26/2023 02:57:31 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a pre-shutdown control.
Error: (11/26/2023 02:55:20 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (11/26/2023 02:55:20 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (11/26/2023 02:32:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The MTSchedulerService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (11/26/2023 02:32:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The MTAgentService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (11/26/2023 11:38:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Feature update to Windows 10, version 22H2.
Windows Defender:
================Event[0]:
Date: 2023-11-26 10:37:37
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.303.25.0;1.303.25.0
Engine version: 1.1.16400.2
Date: 2023-11-26 10:37:36
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.401.1187.0;1.401.1187.0
Engine version: 1.1.23100.2009
Date: 2023-11-26 10:27:31
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.
CodeIntegrity:
===============
Date: 2023-11-27 17:09:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. CN16SV117 11/03/2021
Motherboard: Dynabook Inc. DBIIP303
Processor: Intel(R) Celeron(R) CPU 5205U @ 1.90GHz
Percentage of memory in use: 80%
Total physical RAM: 3961.05 MB
Available physical RAM: 772.73 MB
Total Virtual: 5921.19 MB
Available Virtual: 673.59 MB
==================== Drives ================================
Drive c: (TIH0550200A) (Fixed) (Total:106.2 GB) (Free:50.95 GB) (Model: PHISON 128GB SSD) NTFS
\\?\Volume{c30857e5-6e43-446f-83ff-5f5faad8fe6f}\ (WinRE) (Fixed) (Total:0.97 GB) (Free:0.39 GB) NTFS
\\?\Volume{48ede880-76aa-11eb-8485-5c857e4c304c}\ (HDDRECOVERY) (Fixed) (Total:11.79 GB) (Free:0.99 GB) FAT32
\\?\Volume{21505616-9db4-4376-8aa7-ae987dfb326f}\ (ESP) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
--- --- --- Hier noch die Ergebnisse von Malwarebytes und RogueKiller Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 27.11.23
Scan-Zeit: 19:05
Protokolldatei: 944c4a80-8d4f-11ee-832e-5c857e4c304c.json
-Softwaredaten-
Version: 4.6.6.294
Komponentenversion: 1.0.2201
Version des Aktualisierungspakets: 1.0.77771
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.3693)
CPU: x64
Dateisystem: NTFS
Benutzer: LAPTOP-DBF6PCMD\Maslina
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 259771
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 2 Min., 50 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Program : RogueKiller Anti-Malware
Version : 15.13.0.0
x64 : Yes
Program Date : Nov 3 2023
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19045) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Maslina
User is Admin : Yes
Date : 2023/11/27 17:55:58
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 4147
Found items : 0
Total scanned : 69606
Signatures Version : 20231127_125432
Truesight Driver : Yes
Updates Count : 2
Arguments : -minimize
************************* Warnings *************************
(29:4425) C:\Windows\System32, LONG_FOLDER_SCAN
[+] path : C:\Windows\System32
[+] message : LONG_FOLDER_SCAN
[+] int1 : 29
[+] int2 : 4425
************************* Updates *************************
WinZip 25.0 (64-bit), version 25.0.14273
[+] Available Version : 28.0.15620
[+] Size : 512 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinZip\
ExpressVPN (32-bit), version 7.12.1.4
[+] Available Version : 12.64.0.8
[+] Size : 241 MB
[+] Wow6432 : Yes
[+] Portable : No
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
|
|
27.11.2023, 20:21
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert? Anleitung / Hilfe Leider sieht man auch hier wieder die typischen Laienfehler:
__________________Zitat:
 Alles umgehend deinstallieren.
__________________ |
|
27.11.2023, 20:42
| #3 | |
| | Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert? DetailsZitat:
Alles gerade deinstalliert. Erneut gescannt. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by bseve (administrator) on LAPTOP-DBF6PCMD (Dynabook Inc. SATELLITE PRO C40-G-109) (27-11-2023 20:32:43)
Running from C:\Users\Maslina\Downloads\FRST64.exe
Loaded Profiles: defaultuser0 & bseve & Maslina
Platform: Microsoft Windows 10 Pro Education Version 22H2 19045.3693 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(5E8CAF4E-19CA-4DD9-B24C-ED3D89361853 -> Dynabook Inc.) C:\Program Files\WindowsApps\7906AAC0.dynabookSupportUtility_1.1.4.0_x64__nvaxck9xhg5vg\dynabook Support Utility\dynabookSupportUtility.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <28>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_24b5eb49ea57c0a4\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_24b5eb49ea57c0a4\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_dd349ca1e8d98184\LMS.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c52b34f1b30918c5\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\AgentService.exe
(services.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c51a65fb5ec70f9d\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Skype Software Sarl -> ) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(svchost.exe ->) (Skype Software Sarl -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\Run: [MicrosoftEdgeAutoLaunch_FC1CA27929C988F6D051E170E9C0442B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\Run: [MicrosoftEdgeAutoLaunch_2971F37554576828C45809786ABAFBDF] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-16] (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {D973A38D-76BB-4FB3-94D3-547D033F9F65} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22764936 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEEC1E03-2D53-4F27-B5D8-EA278A20A1D1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22764936 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F977EAE-1BF8-4CD2-A5B1-24FFE3468EF1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118128 2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFF78479-7E6E-40E8-995C-752B6085A291} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118128 2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F358D704-2D64-4F21-8EAD-2D6D6F6CFF3F} - System32\Tasks\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask => {82aa0895-198a-4c1b-b2d1-c16894218afb} C:\Windows\System32\unifiedconsent.dll [278016 2023-11-26] (Microsoft Windows -> Microsoft Corporation)
Task: {98CB6CCF-0F3C-4E0B-A301-8101B7A1AD42} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-26] (Microsoft Windows -> Microsoft Corporation)
Task: {18B51DC4-D017-4FF6-91BD-0607C749E039} - System32\Tasks\MiniTool ShadowMaker => C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe [1033024 2023-10-23] (MiniTool Software Limited -> )
Task: {49DCFB95-1896-407F-A2CA-D87976E8BEF7} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {BE161B24-06A3-40A0-A237-767481BF483B} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c51a65fb5ec70f9d\RtkAudUService64.exe [1249848 2021-03-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {E36E1EAE-E6F9-4E22-BDDF-B83308BE8DC8} - System32\Tasks\WinZip Preloader => "C:\Program Files\WinZip\WzPreloader.exe" (No File)
Task: {3E58C6BA-7B5D-488C-91F2-3D7C268B39E4} - System32\Tasks\WinZip UN => "C:\Program Files\WinZip\WZUpdateNotifier.exe" -show (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4f612f0e-e2ae-4c52-845a-92933457c4ae}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\bseve\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-26]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\bseve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-11-26]
Edge Extension: (Google Docs Offline) - C:\Users\bseve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-11-25]
Edge Extension: (Edge relevant text changes) - C:\Users\bseve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-11-25]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853384 2020-10-05] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9343840 2023-11-25] (Malwarebytes Inc. -> Malwarebytes)
R2 MTAgentService; C:\Program Files\MiniTool ShadowMaker\AgentService.exe [732992 2023-10-23] (MiniTool Software Limited -> )
R2 MTSchedulerService; C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe [225088 2023-10-23] (MiniTool Software Limited -> )
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16036272 2023-11-03] (ADLICE -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534584 2023-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-11-25] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188008 2023-11-26] (Malwarebytes Inc. -> Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-27 20:27 - 2023-11-27 20:27 - 000000000 ____D C:\Users\bseve\AppData\Local\PeerDistRepub
2023-11-27 19:09 - 2023-11-27 19:09 - 000001425 _____ C:\Users\Maslina\Downloads\MBAM271123.txt
2023-11-27 19:05 - 2023-11-27 19:05 - 000000000 ____D C:\Users\bseve\AppData\Local\mbam
2023-11-27 17:46 - 2023-11-27 18:55 - 000000000 ____D C:\ProgramData\RogueKiller
2023-11-27 17:46 - 2023-11-27 17:46 - 000054208 _____ C:\Windows\system32\Drivers\truesight.sys
2023-11-27 17:46 - 2023-11-27 17:46 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-11-27 17:46 - 2023-11-27 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-11-27 17:45 - 2023-11-27 17:46 - 000000000 ____D C:\Program Files\RogueKiller
2023-11-27 17:37 - 2023-11-27 17:44 - 047819824 _____ (Adlice Software ) C:\Users\Maslina\Downloads\RogueKiller_setup.exe
2023-11-27 16:52 - 2023-11-27 16:52 - 000000000 ____D C:\Users\bseve\AppData\Local\system_backup_gui
2023-11-27 16:46 - 2023-11-27 16:53 - 000000000 ____D C:\Users\bseve\AppData\Local\WinZip
2023-11-27 16:46 - 2023-11-27 16:51 - 000000000 ____D C:\Users\bseve\Documents\treesizefree-portable
2023-11-26 18:20 - 2023-11-26 18:20 - 000188008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-11-26 18:19 - 2023-11-26 18:19 - 000000085 _____ C:\Windows\wininit.ini
2023-11-26 17:58 - 2023-11-26 17:58 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\HTML Help
2023-11-26 17:26 - 2023-11-26 17:26 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2023-11-26 17:21 - 2023-11-26 18:19 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2023-11-26 17:20 - 2023-11-26 17:20 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\bseve\Downloads\spybotsd-2.9.85.5 (1).exe
2023-11-26 17:14 - 2023-11-26 17:15 - 000000000 ____D C:\AdwCleaner
2023-11-26 17:14 - 2023-11-26 17:14 - 008791352 _____ (Malwarebytes) C:\Users\bseve\Downloads\adwcleaner.exe
2023-11-26 16:59 - 2023-11-26 16:59 - 000000000 ____D C:\Users\bseve\AppData\Local\Avast Software
2023-11-26 16:39 - 2023-11-26 16:39 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Avast Software
2023-11-26 16:39 - 2023-11-26 16:39 - 000000000 ____D C:\Users\bseve\AppData\Local\CEF
2023-11-26 16:33 - 2023-11-27 19:21 - 000024234 _____ C:\Users\Maslina\Downloads\Addition.txt
2023-11-26 16:17 - 2023-11-27 20:33 - 000013623 _____ C:\Users\Maslina\Downloads\FRST.txt
2023-11-26 16:16 - 2023-11-27 20:33 - 000000000 ____D C:\FRST
2023-11-26 16:16 - 2023-11-26 16:16 - 000000000 ____D C:\Users\Maslina\Downloads\FRST-OlderVersion
2023-11-26 16:15 - 2023-11-26 16:16 - 002383872 _____ (Farbar) C:\Users\Maslina\Downloads\FRST64.exe
2023-11-26 15:32 - 2023-11-26 15:32 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-11-26 14:59 - 2023-11-26 11:28 - 000313240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2023-11-26 14:53 - 2023-11-26 15:00 - 000000000 ____D C:\Windows\SystemTemp
2023-11-26 14:53 - 2023-11-26 14:53 - 000000000 ____D C:\Windows\system32\Drivers\mde
2023-11-26 14:33 - 2023-11-27 19:17 - 000000000 ____D C:\Users\bseve\AppData\Roaming\QtProject
2023-11-26 14:32 - 2023-11-26 14:32 - 000003074 _____ C:\Windows\system32\Tasks\MiniTool ShadowMaker
2023-11-26 14:32 - 2023-11-26 14:32 - 000000993 _____ C:\Users\Public\Desktop\MiniTool ShadowMaker.lnk
2023-11-26 14:32 - 2023-11-26 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker
2023-11-26 14:32 - 2021-03-26 11:07 - 003600896 _____ C:\Windows\system32\pwNative.exe
2023-11-26 14:32 - 2021-03-26 11:07 - 000019152 _____ C:\Windows\system32\pwdrvio.sys
2023-11-26 14:32 - 2021-03-26 11:07 - 000012504 _____ C:\Windows\system32\pwdspio.sys
2023-11-26 14:31 - 2023-11-26 14:31 - 000003276 _____ C:\Windows\system32\Tasks\MiniToolPartitionWizard
2023-11-26 14:31 - 2023-11-26 14:31 - 000001039 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk
2023-11-26 14:31 - 2023-11-26 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2023-11-26 14:30 - 2023-11-27 16:53 - 000000000 ____D C:\Program Files\MiniTool ShadowMaker
2023-11-26 14:30 - 2023-11-26 14:33 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2023-11-26 14:28 - 2023-11-26 14:28 - 003253368 _____ (MiniTool Software Limited ) C:\Users\Maslina\Downloads\pw-free-online.exe
2023-11-26 14:28 - 2023-11-26 14:28 - 003253368 _____ (MiniTool Software Limited ) C:\Users\Maslina\Downloads\pw-free-online (1).exe
2023-11-26 14:23 - 2023-11-26 14:23 - 000016059 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-11-26 12:21 - 2023-11-26 12:21 - 000034356 _____ C:\Users\bseve\Documents\cc_20231126_122140.reg
2023-11-26 12:05 - 2023-11-26 12:05 - 000000000 ___HD C:\$WinREAgent
2023-11-26 11:54 - 2023-11-27 16:47 - 000001021 _____ C:\Users\bseve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSizeFree.lnk
2023-11-26 11:54 - 2023-11-26 11:54 - 000001027 _____ C:\Users\Maslina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSizeFree.lnk
2023-11-26 11:53 - 2023-11-26 12:04 - 000000000 ____D C:\Users\Maslina\Downloads\treesizefree-portable
2023-11-26 11:52 - 2023-11-26 11:53 - 016760573 _____ C:\Users\Maslina\Downloads\treesizefree-portable.zip
2023-11-26 11:52 - 2023-11-26 11:52 - 000000000 ____D C:\ProgramData\UniqueId
2023-11-26 11:31 - 2023-11-26 11:31 - 000000000 ____D C:\Users\Maslina\AppData\Local\Avast Software
2023-11-26 11:30 - 2023-11-26 11:30 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Avast Software
2023-11-26 11:30 - 2023-11-26 11:30 - 000000000 ____D C:\Users\Maslina\AppData\Local\CEF
2023-11-26 11:28 - 2023-11-26 11:28 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-11-26 11:27 - 2023-11-26 11:27 - 000000000 ____D C:\Program Files\Avast Software
2023-11-26 11:26 - 2023-11-27 20:27 - 000000000 ____D C:\ProgramData\Avast Software
2023-11-26 11:26 - 2023-11-26 11:26 - 000263576 _____ (AVAST Software) C:\Users\Maslina\Downloads\avast_free_antivirus_setup_online.exe
2023-11-26 10:45 - 2023-11-26 10:45 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\MMC
2023-11-26 10:35 - 2023-11-26 10:35 - 000000000 ____D C:\Users\bseve\AppData\Local\ElevatedDiagnostics
2023-11-26 10:04 - 2023-11-27 19:15 - 000000000 ____D C:\Users\bseve\AppData\Local\Malwarebytes
2023-11-26 04:45 - 2023-11-26 14:53 - 000000000 ___SD C:\Windows\system32\AppV
2023-11-26 04:45 - 2023-11-26 14:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-11-26 04:45 - 2023-11-26 04:45 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2023-11-26 04:45 - 2023-11-26 04:45 - 000000000 ____D C:\Windows\RemotePackages
2023-11-26 04:45 - 2023-11-25 12:56 - 000000000 ____D C:\Windows\CSC
2023-11-26 04:38 - 2023-11-26 04:38 - 000000046 _____ C:\Windows\RicaOption.ini
2023-11-26 04:38 - 2023-11-25 23:14 - 000000000 ____D C:\Windows\Panther
2023-11-25 23:20 - 2023-11-26 15:16 - 000000000 ____D C:\Users\Maslina\AppData\Local\CrashDumps
2023-11-25 23:19 - 2023-11-25 23:19 - 000001528 _____ C:\Users\bseve\Documents\startup.txt
2023-11-25 23:11 - 2023-11-25 23:11 - 060967624 _____ (Piriform Software Ltd) C:\Users\Maslina\Downloads\ccsetup617.exe
2023-11-25 23:10 - 2023-11-25 23:10 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\Spelling
2023-11-25 23:01 - 2023-11-27 19:23 - 000000000 ____D C:\Users\Maslina\AppData\Local\Malwarebytes
2023-11-25 23:01 - 2023-11-25 23:01 - 000000000 ____D C:\Users\Maslina\AppData\Local\mbam
2023-11-25 23:00 - 2023-11-25 23:00 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-11-25 23:00 - 2023-11-25 23:00 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-11-25 22:59 - 2023-11-25 22:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-11-25 22:59 - 2023-11-25 22:59 - 000000000 ____D C:\Program Files\Malwarebytes
2023-11-25 22:57 - 2023-11-25 23:15 - 000000000 ____D C:\Users\Maslina\AppData\Local\Publishers
2023-11-25 22:57 - 2023-11-25 22:57 - 002606880 _____ (Malwarebytes) C:\Users\Maslina\Downloads\mbsetup.exe
2023-11-25 22:57 - 2023-11-25 22:57 - 000000000 ____D C:\Users\Maslina\AppData\Local\Comms
2023-11-25 22:55 - 2023-11-27 17:10 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-494448607-1303044631-3617626462-1002
2023-11-25 22:54 - 2023-11-27 17:10 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-494448607-1303044631-3617626462-1002
2023-11-25 22:54 - 2023-11-26 11:29 - 000000000 ____D C:\Users\Maslina\AppData\Local\D3DSCache
2023-11-25 22:54 - 2023-11-25 22:54 - 000000000 ___RD C:\Users\Maslina\OneDrive
2023-11-25 22:52 - 2023-11-27 20:23 - 000000000 ____D C:\Users\Maslina\AppData\Local\Packages
2023-11-25 22:52 - 2023-11-27 19:23 - 000000000 __SHD C:\Users\Maslina\IntelGraphicsProfiles
2023-11-25 22:52 - 2023-11-27 17:10 - 000002396 _____ C:\Users\Maslina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-25 22:52 - 2023-11-26 15:05 - 000002359 _____ C:\Users\Maslina\Desktop\Microsoft Edge.lnk
2023-11-25 22:52 - 2023-11-25 22:54 - 000000000 ____D C:\Users\Maslina
2023-11-25 22:52 - 2023-11-25 22:53 - 000000000 ____D C:\Users\Maslina\AppData\Local\Intel
2023-11-25 22:52 - 2023-11-25 22:52 - 000000020 ___SH C:\Users\Maslina\ntuser.ini
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___SD C:\Users\Maslina\AppData\Roaming\Microsoft\SystemCertificates
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___SD C:\Users\Maslina\AppData\Roaming\Microsoft\Protect
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___SD C:\Users\Maslina\AppData\Roaming\Microsoft\Crypto
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___SD C:\Users\Maslina\AppData\Roaming\Microsoft\Credentials
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ___RD C:\Users\Maslina\3D Objects
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\Windows
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\Vault
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Microsoft\Network
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Roaming\Adobe
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\LocalLow\Intel
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Local\VirtualStore
2023-11-25 22:52 - 2023-11-25 22:52 - 000000000 ____D C:\Users\Maslina\AppData\Local\ConnectedDevicesPlatform
2023-11-25 22:36 - 2021-09-02 06:21 - 000309688 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2023-11-25 22:36 - 2021-09-02 06:21 - 000257072 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2023-11-25 22:36 - 2021-09-02 06:21 - 000173080 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2023-11-25 22:36 - 2021-09-02 06:21 - 000148368 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2023-11-25 22:36 - 2021-09-02 06:20 - 001859640 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-11-25 22:36 - 2021-09-02 06:20 - 001859640 _____ C:\Windows\system32\vulkaninfo.exe
2023-11-25 22:36 - 2021-09-02 06:20 - 001440304 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-11-25 22:36 - 2021-09-02 06:20 - 001440304 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-11-25 22:36 - 2021-09-02 06:20 - 001102328 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-11-25 22:36 - 2021-09-02 06:20 - 001102328 _____ C:\Windows\system32\vulkan-1.dll
2023-11-25 22:36 - 2021-09-02 06:20 - 000956432 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-11-25 22:36 - 2021-09-02 06:20 - 000956432 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-11-25 22:31 - 2023-11-25 22:31 - 000000000 ____D C:\Users\bseve\AppData\Local\Comms
2023-11-25 22:29 - 2023-11-25 22:30 - 000000000 ____D C:\Windows\system32\MRT
2023-11-25 22:24 - 2023-11-25 22:24 - 000000000 ____D C:\Windows\Firmware
2023-11-25 22:23 - 2023-11-26 16:12 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-11-25 22:14 - 2023-11-25 22:15 - 000000000 ____D C:\Users\bseve\AppData\Local\Publishers
2023-11-25 22:12 - 2023-11-26 15:03 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-11-25 22:06 - 2023-11-26 10:17 - 000000000 ____D C:\Users\bseve\AppData\Local\D3DSCache
2023-11-25 22:05 - 2023-11-25 22:05 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\Spelling
2023-11-25 22:05 - 2023-11-25 22:05 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\MMC
2023-11-25 22:04 - 2023-11-25 22:04 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-494448607-1303044631-3617626462-1001
2023-11-25 22:04 - 2023-11-25 22:04 - 000000000 ___RD C:\Users\bseve\OneDrive
2023-11-25 22:04 - 2023-11-25 22:04 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\InputMethod
2023-11-25 22:03 - 2023-11-25 22:03 - 000000000 ____D C:\Users\bseve\AppData\LocalLow\Intel
2023-11-25 22:02 - 2023-11-27 19:15 - 000000000 __SHD C:\Users\bseve\IntelGraphicsProfiles
2023-11-25 22:02 - 2023-11-27 16:57 - 000000000 ____D C:\Users\bseve\AppData\Local\Packages
2023-11-25 22:02 - 2023-11-26 16:27 - 000002359 _____ C:\Users\bseve\Desktop\Microsoft Edge.lnk
2023-11-25 22:02 - 2023-11-25 22:13 - 000000000 ____D C:\Users\bseve\AppData\Local\ConnectedDevicesPlatform
2023-11-25 22:02 - 2023-11-25 22:03 - 000000000 ____D C:\Users\bseve\AppData\Local\Intel
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ___SD C:\Users\bseve\AppData\Roaming\Microsoft\Crypto
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ___RD C:\Users\bseve\3D Objects
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\Vault
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Adobe
2023-11-25 22:02 - 2023-11-25 22:02 - 000000000 ____D C:\Users\bseve\AppData\Local\VirtualStore
2023-11-25 22:00 - 2023-11-25 22:04 - 000002374 _____ C:\Users\bseve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-25 22:00 - 2023-11-25 22:04 - 000000000 ____D C:\Users\bseve
2023-11-25 22:00 - 2023-11-25 22:03 - 000000000 ____D C:\Users\bseve\AppData\Roaming\Microsoft\Windows
2023-11-25 22:00 - 2023-11-25 22:00 - 000000020 ___SH C:\Users\bseve\ntuser.ini
2023-11-25 22:00 - 2023-11-25 22:00 - 000000000 ___SD C:\Users\bseve\AppData\Roaming\Microsoft\SystemCertificates
2023-11-25 22:00 - 2023-11-25 22:00 - 000000000 ___SD C:\Users\bseve\AppData\Roaming\Microsoft\Protect
2023-11-25 22:00 - 2023-11-25 22:00 - 000000000 ___SD C:\Users\bseve\AppData\Roaming\Microsoft\Credentials
2023-11-25 21:57 - 2023-11-25 21:57 - 000000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft\SystemCertificates
2023-11-25 12:56 - 2023-11-25 12:56 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Vault
2023-11-25 12:56 - 2023-11-25 12:56 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Network
2023-11-25 12:55 - 2023-11-25 21:59 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2023-11-25 12:55 - 2023-11-25 12:56 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Intel
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Crypto
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Spelling
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\LocalLow\Intel
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2023-11-25 12:55 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2023-11-25 12:54 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows
2023-11-25 12:54 - 2023-11-25 12:55 - 000000000 ____D C:\Users\defaultuser0
2023-11-25 12:54 - 2023-11-25 12:54 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini
2023-11-25 12:54 - 2023-11-25 12:54 - 000000000 _SHDL C:\Documents and Settings
2023-11-25 12:54 - 2023-11-25 12:54 - 000000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Protect
2023-11-25 12:54 - 2023-11-25 12:54 - 000000000 ___SD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Credentials
2023-11-25 12:39 - 2023-11-25 12:52 - 000022863 _____ C:\Windows\diagwrn.xml
2023-11-25 12:39 - 2023-11-25 12:52 - 000022863 _____ C:\Windows\diagerr.xml
2023-11-25 12:39 - 2023-11-25 12:39 - 000000206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IOLO.url
2023-11-25 12:39 - 2023-11-25 12:39 - 000000206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.url
2023-11-25 12:38 - 2023-11-25 12:54 - 000002432 _____ C:\Windows\system32\Tasks\WinZip UN
2023-11-25 12:38 - 2023-11-25 12:54 - 000002364 _____ C:\Windows\system32\Tasks\WinZip Preloader
2023-11-25 12:38 - 2023-11-25 12:38 - 000000000 ____D C:\Windows\OEM
2023-11-25 12:37 - 2023-11-25 22:18 - 000000000 ____D C:\ProgramData\Dynabook
2023-11-25 12:37 - 2023-11-25 12:37 - 000000214 _____ C:\Users\Public\Desktop\Dynabook Services.url
2023-11-25 12:36 - 2023-11-25 22:16 - 000000000 ____D C:\ProgramData\Packages
2023-11-25 12:35 - 2023-11-25 12:35 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-11-25 12:35 - 2023-11-25 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-11-25 12:32 - 2023-11-27 16:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-11-25 12:32 - 2023-11-25 12:32 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-11-25 12:29 - 2023-11-25 22:26 - 000003366 _____ C:\Windows\system32\Tasks\RtkAudUService64_BG
2023-11-25 12:27 - 2023-11-25 12:27 - 000000000 ____D C:\ProgramData\RealtekLAN
2023-11-25 12:26 - 2023-11-25 22:54 - 000000000 ____D C:\ProgramData\Intel
2023-11-25 12:25 - 2023-11-26 18:20 - 000000000 ____D C:\Intel
2023-11-25 12:25 - 2023-11-25 12:25 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2023-11-25 12:17 - 2023-11-26 15:00 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-25 12:16 - 2023-11-25 21:59 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-11-25 12:16 - 2023-11-25 21:59 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-11-25 11:47 - 2023-11-25 12:54 - 000002854 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-494448607-1303044631-3617626462-500
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-27 20:23 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-11-27 20:23 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-11-27 16:52 - 2021-01-14 05:19 - 003854352 _____ C:\Windows\system32\PerfStringBackup.INI
2023-11-27 16:52 - 2020-05-12 04:07 - 000492788 _____ C:\Windows\system32\perfh011.dat
2023-11-27 16:52 - 2020-05-12 04:07 - 000137288 _____ C:\Windows\system32\perfc011.dat
2023-11-27 16:52 - 2020-05-12 04:03 - 000471280 _____ C:\Windows\system32\perfh006.dat
2023-11-27 16:52 - 2020-05-12 04:03 - 000083826 _____ C:\Windows\system32\perfc006.dat
2023-11-27 16:52 - 2020-05-12 04:00 - 000443008 _____ C:\Windows\system32\perfh00B.dat
2023-11-27 16:52 - 2020-05-12 04:00 - 000085860 _____ C:\Windows\system32\perfc00B.dat
2023-11-27 16:52 - 2020-05-12 03:57 - 000456664 _____ C:\Windows\system32\perfh014.dat
2023-11-27 16:52 - 2020-05-12 03:57 - 000081484 _____ C:\Windows\system32\perfc014.dat
2023-11-27 16:52 - 2020-05-12 03:54 - 000719274 _____ C:\Windows\system32\perfh01D.dat
2023-11-27 16:52 - 2020-05-12 03:54 - 000149998 _____ C:\Windows\system32\perfc01D.dat
2023-11-27 16:52 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-11-26 18:20 - 2021-01-14 22:12 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-26 18:20 - 2021-01-14 22:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-11-26 18:19 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-11-26 17:33 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-11-26 16:27 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-11-26 16:21 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-11-26 14:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-11-26 14:58 - 2021-01-14 22:12 - 000533536 _____ C:\Windows\system32\FNTCACHE.DAT
2023-11-26 14:54 - 2020-05-12 04:07 - 000000000 ____D C:\Windows\SysWOW64\ja
2023-11-26 14:54 - 2020-05-12 04:03 - 000000000 ____D C:\Windows\SysWOW64\da
2023-11-26 14:54 - 2020-05-12 04:00 - 000000000 ____D C:\Windows\SysWOW64\fi
2023-11-26 14:54 - 2020-05-12 03:57 - 000000000 ____D C:\Windows\SysWOW64\no
2023-11-26 14:54 - 2020-05-12 03:54 - 000000000 ____D C:\Windows\SysWOW64\sv
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2023-11-26 14:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2023-11-26 14:53 - 2021-01-14 22:23 - 000000000 ____D C:\Windows\system32\Sysprep
2023-11-26 14:53 - 2020-05-12 04:07 - 000000000 ____D C:\Windows\system32\ja
2023-11-26 14:53 - 2020-05-12 04:03 - 000000000 ____D C:\Windows\system32\da
2023-11-26 14:53 - 2020-05-12 04:00 - 000000000 ____D C:\Windows\system32\fi
2023-11-26 14:53 - 2020-05-12 03:57 - 000000000 ____D C:\Windows\system32\no
2023-11-26 14:53 - 2020-05-12 03:54 - 000000000 ____D C:\Windows\system32\sv
2023-11-26 14:53 - 2020-05-12 03:51 - 000000000 ____D C:\Windows\system32\Drivers\en-GB
2023-11-26 14:53 - 2020-05-12 03:51 - 000000000 ____D C:\Windows\en-GB
2023-11-26 14:53 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-26 14:53 - 2019-12-07 10:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-26 14:53 - 2019-12-07 10:50 - 000000000 ____D C:\Windows\system32\OpenSSH
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemApps
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\DiagTrack
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-26 14:53 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-26 14:53 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2023-11-26 14:45 - 2019-12-07 10:52 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-11-26 14:45 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-11-26 14:45 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-11-26 14:21 - 2021-01-14 05:16 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-11-26 10:02 - 2021-01-14 22:12 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-11-26 04:45 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\security
2023-11-26 04:45 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\schemas
2023-11-26 04:45 - 2019-12-07 10:10 - 000820736 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\ddputils.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000287744 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ManagedEventLogging.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000280064 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\appvetwsharedperformance.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\AppvClientEventLog.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditNativeSnapIn.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000214016 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CmUtil.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smbdirect.sys
2023-11-26 04:45 - 2019-12-07 10:10 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\fveprompt.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000147439 _____ C:\Windows\SysWOW64\gpedit.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000147439 _____ C:\Windows\system32\gpedit.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\ddptrace.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000137736 _____ (Microsoft Corporation) C:\Windows\system32\iotstartup.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000120458 _____ C:\Windows\system32\secpol.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\baaupdate.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpolmsg.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\PackageInspector.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmlib.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\srmlib.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\srmtrace.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncController.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Common.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\ddp_ps.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmtrace.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppCore.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\UevAppMonitor.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.CabUtil.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.EventLogMessages.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000043566 _____ C:\Windows\SysWOW64\rsop.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000043566 _____ C:\Windows\system32\rsop.msc
2023-11-26 04:45 - 2019-12-07 10:10 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\UevAgentPolicyGenerator.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\srm_ps.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\qwinsta.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\msg.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\quser.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Management.WmiAccess.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Management.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernAppData.WinRT.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NcaApi.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncCommon.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.Common.WinRT.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.LocalSyncProvider.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm_ps.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\RemoteAppLifetimeManagerProxyStub.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.ModernSync.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\UevTemplateBaselineGenerator.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\UevTemplateConfigItemGenerator.exe
2023-11-26 04:45 - 2019-12-07 10:10 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\BdeSysprep.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SmbSyncProvider.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\assignedaccessproviderevents.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.MonitorSyncProvider.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Uev.SyncConditions.dll
2023-11-26 04:45 - 2019-12-07 10:10 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.SecureAssessment.Diagnostics.dll
2023-11-26 04:40 - 2021-01-14 22:11 - 000000002 _____ C:\Windows\system32\Drivers\PREINSTALL_na_SATELLITE PRO C40-G-109_TIH0550200A.MRK
2023-11-26 04:38 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2023-11-26 04:31 - 2021-01-14 22:10 - 000000000 ____D C:\Dynabook
2023-11-26 04:31 - 2019-12-07 10:18 - 000000000 ____D C:\Windows\Setup
2023-11-25 22:52 - 2021-01-14 05:15 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-11-25 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2023-11-25 22:02 - 2021-01-14 22:23 - 000000000 ____D C:\Windows\SysWOW64\sysprep
2023-11-25 12:56 - 2019-12-07 10:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2023-11-25 12:52 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-11-25 12:36 - 2021-01-14 22:11 - 000000000 ____D C:\Program Files\Dynabook
2023-11-25 12:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\spool
2023-11-25 12:32 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-11-25 12:10 - 2019-12-07 10:52 - 000020908 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-11-25 11:58 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by bseve (27-11-2023 20:36:20)
Running from C:\Users\Maslina\Downloads
Microsoft Windows 10 Pro Education Version 22H2 19045.3693 (X64) (2023-11-25 11:54:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-494448607-1303044631-3617626462-500 - Administrator - Disabled)
bseve (S-1-5-21-494448607-1303044631-3617626462-1001 - Administrator - Enabled) => C:\Users\bseve
DefaultAccount (S-1-5-21-494448607-1303044631-3617626462-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-494448607-1303044631-3617626462-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-494448607-1303044631-3617626462-501 - Limited - Disabled)
Maslina (S-1-5-21-494448607-1303044631-3617626462-1002 - Limited - Enabled) => C:\Users\Maslina
WDAGUtilityAccount (S-1-5-21-494448607-1303044631-3617626462-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Malwarebytes version 4.6.6.294 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.6.294 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13127.20616 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.8 - MiniTool Software Limited)
MiniTool ShadowMaker PW Edition (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 4.3 - MiniTool Software Limited)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
RogueKiller Version 15.13.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.13.0.0 - Adlice Software)
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.30781.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
dynabook Manual -> C:\Program Files\WindowsApps\7906AAC0.TOSHIBAManual_1.0.10.0_x86__nvaxck9xhg5vg [2023-11-25] (Dynabook Inc.)
dynabook Support Utility -> C:\Program Files\WindowsApps\7906AAC0.dynabookSupportUtility_1.1.4.0_x64__nvaxck9xhg5vg [2023-11-26] (Dynabook Inc.) [Startup Task]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5237.0_x64__8j3eq9eme6ctt [2023-11-26] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-11-25] (INTEL CORP)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.10420.5165.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.37.21681.0_x64__8wekyb3d8bbwe [2023-11-25] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.20.238.0_x64__dt26b99r8h8gj [2023-11-25] (Realtek Semiconductor Corp)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2023-11-26] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-11-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-11-25] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\bseve\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [144]
AlternateDataStreams: C:\Users\bseve\Downloads\spybotsd-2.9.85.5 (1).exe:MBAM.Zone.Identifier [131]
AlternateDataStreams: C:\Users\Maslina\Downloads\avast_free_antivirus_setup_online.exe:MBAM.Zone.Identifier [209]
AlternateDataStreams: C:\Users\Maslina\Downloads\ccsetup617.exe:MBAM.Zone.Identifier [166]
AlternateDataStreams: C:\Users\Maslina\Downloads\pw-free-online.exe:MBAM.Zone.Identifier [170]
AlternateDataStreams: C:\Users\Maslina\Downloads\RogueKiller_setup.exe:MBAM.Zone.Identifier [224]
AlternateDataStreams: C:\Users\Maslina\Downloads\treesizefree-portable.zip:MBAM.Zone.Identifier [177]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-25] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-494448607-1303044631-3617626462-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dynabook\Dynabook_Option3.jpg
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dynabook\Dynabook_Option3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "MTPW"
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-494448607-1303044631-3617626462-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_FC1CA27929C988F6D051E170E9C0442B"
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_2971F37554576828C45809786ABAFBDF"
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-494448607-1303044631-3617626462-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6698EEFC-00CE-4E7E-BD90-9E60AE6C483C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A280B084-9AF6-40CD-AE62-705747E443D0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD992903-B8DC-4693-8252-44971C947622}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{E5908B57-E24A-4515-980E-CC503BFA63EE}] => (Allow) C:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
==================== Restore Points =========================
26-11-2023 12:05:26 Windows Modules Installer
26-11-2023 16:14:06 Windows Modules Installer
26-11-2023 16:15:55 Windows Modules Installer
27-11-2023 20:24:49 ExpressVPN
27-11-2023 20:28:00 Removed WinZip 25.0.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/27/2023 08:28:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (11/27/2023 08:28:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Firewall Service since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (11/27/2023 08:28:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (11/27/2023 08:28:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (11/27/2023 08:28:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswVmm.
System Error:
The system cannot find the file specified.
.
Error: (11/27/2023 08:28:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.
System Error:
The system cannot find the file specified.
.
Error: (11/27/2023 08:28:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.
System Error:
The system cannot find the file specified.
.
Error: (11/27/2023 08:28:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRvrt.
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (11/26/2023 03:16:40 PM) (Source: DCOM) (EventID: 10000) (User: LAPTOP-DBF6PCMD)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (11/26/2023 02:59:27 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {a70ff94f-570b-4979-ba5c-e59c9feab61b} to channel Microsoft-Windows-WinINet/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
Error: (11/26/2023 02:57:31 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a pre-shutdown control.
Error: (11/26/2023 02:55:20 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (11/26/2023 02:55:20 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (11/26/2023 02:32:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The MTSchedulerService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (11/26/2023 02:32:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The MTAgentService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (11/26/2023 11:38:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Feature update to Windows 10, version 22H2.
Windows Defender:
================Event[0]:
Date: 2023-11-26 10:37:37
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.303.25.0;1.303.25.0
Engine version: 1.1.16400.2
Date: 2023-11-26 10:37:36
Description:
Microsoft Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.401.1187.0;1.401.1187.0
Engine version: 1.1.23100.2009
Date: 2023-11-26 10:27:31
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.
CodeIntegrity:
===============
Date: 2023-11-27 17:09:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. CN16SV117 11/03/2021
Motherboard: Dynabook Inc. DBIIP303
Processor: Intel(R) Celeron(R) CPU 5205U @ 1.90GHz
Percentage of memory in use: 86%
Total physical RAM: 3961.05 MB
Available physical RAM: 535.92 MB
Total Virtual: 5551.8 MB
Available Virtual: 999.23 MB
==================== Drives ================================
Drive c: (TIH0550200A) (Fixed) (Total:106.2 GB) (Free:52.04 GB) (Model: PHISON 128GB SSD) NTFS
\\?\Volume{c30857e5-6e43-446f-83ff-5f5faad8fe6f}\ (WinRE) (Fixed) (Total:0.97 GB) (Free:0.39 GB) NTFS
\\?\Volume{48ede880-76aa-11eb-8485-5c857e4c304c}\ (HDDRECOVERY) (Fixed) (Total:11.79 GB) (Free:0.99 GB) FAT32
\\?\Volume{21505616-9db4-4376-8aa7-ae987dfb326f}\ (ESP) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
|
|
27.11.2023, 20:56
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lösung: Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert? Ich verschiebe nach Windows, da es hier nicht um Schädlinge geht.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.11.2023, 21:02
| #5 | |
   | Wie Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert?Zitat:
__________________ Windows 10 64 Pro 22H2 |
|
27.11.2023, 21:14
| #6 |
| | Wo Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert? Lösung! @schlawack Die Windows Pro Version war bereits auf dem Rechner drauf. Wurde so mit dem Laptop im Laden verkauft. @cosinus Freut mich, dass es nicht um Schädlinge geht. Danke für die Hilfe! Habe noch eine kurze Frage. Frst hat drei \\?\Volume gelistet. Ich habe unter HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices key. nachgeschaut. Dort ist \??\Volume{bbcb41fd-8c66-11ee-bc9b-5c857e4c304c} aufgeführt. Muss ich mir deswegen Sorgen machen oder ist das im grünen Bereich? Geändert von OEM (27.11.2023 um 21:22 Uhr) |
|
27.11.2023, 23:16
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert?Zitat:
Malwarebytes und RK fanden nichts, ich schrieb, dass es nicht um Schädlinge geht. Trotzdem gehst du das Log selbst durch und hast immer noch irgendwelche Zweifel. Muss man das verstehen? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Schwarzer Bildschirm, CMD Fenster geht auf und zu, langsames Internet - Windows 10 Rechner infiziert? |
| .dll, administrator, avast, bildschirm, browser, defender, desktop, firewall, google, infiziert, internet, langsam, log, mozilla, realtek, registry, schwarzer bildschirm, services.exe, software, surfen, svchost.exe, system, updates, virus, windows |
Linear-Darstellung
