Constant Pop-Ups:

seanw · 2023/11/05

Good morning

I'm getting a constant pop up Image attached along with the 2 logs as requested. When I clicked on it messed my browser up

How can I attach the documents? I can't see anything on the toolbar?

Kind regards
Shaun

seanw · 2023/11/06

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023
Ran by shaun (administrator) on SHAUNS (PC Specialist LTD Amd Am4 Gen3) (05-11-2023 10:35:20)
Running from C:\Users\shaun\OneDrive\Desktop\FRST64.exe
Loaded Profiles: shaun & DevToolsUser
Platform: Microsoft Windows 10 Home Version 22H2 19045.3570 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <23>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Windows\System32\AsusUpdateCheck.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4e58e7ac1d277d04\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3562_none_7e0523f67c93b82a\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4102117297-3069910682-886804730-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4102117297-3069910682-886804730-1002\...\Run: [MicrosoftEdgeAutoLaunch_8391C8DABDE3FE8ACDF82827036E5B07] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891768 2023-11-02] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon TS3400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDGF.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3400 series: C:\WINDOWS\system32\CNMLMGF.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\...\AppCompatFlags\Custom\IronStorm.exe: [{6e146097-dd92-4d2e-a489-96a724ec38a0}.sdb] -> gogironstorm
HKLM\Software\...\AppCompatFlags\InstalledSDB\{6e146097-dd92-4d2e-a489-96a724ec38a0}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{6e146097-dd92-4d2e-a489-96a724ec38a0}.sdb [2023-04-11]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3985E3C7-1E47-4BED-B388-286967B64A31} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {4FF0CB69-BB7A-426C-9054-1E7807664EC8} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\shaun\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-05-07] (ESET, spol. s r.o. -> ESET)
Task: {5E5A56EA-22B1-4990-A668-727215A545BF} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-4102117297-3069910682-886804730-1002 => C:\Users\shaun\AppData\Local\Programs\Messenger\MessengerHelper.exe [2265336 2023-10-09] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {4BAAB838-070D-4975-B91A-9A1DC1F9FC57} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {74DC79C8-0CB8-4019-B48B-C73276AF9211} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {283CF66E-76DF-4DEB-BF92-614EAD123773} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218080 2023-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C3143AC-D7B0-4166-A68E-D1F1097FBE0F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218080 2023-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {52300AFF-561B-4161-ABF4-F2C385F3464C} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {F9A1D753-531B-4798-B30D-8550C12FAE89} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B5DB2FC0-975F-4E6B-910E-682C01A45221} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC5992F8-4EEE-42DD-B6CA-BD39C91B5367} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {737D6F89-1235-4FDB-B204-5CF4CDC5C330} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F69C7A39-D82B-4535-BB60-4AEF8445B114} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4F5841BC-E405-46B2-A519-B5CB56C0F962} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A4318822-7177-4ACA-82F9-4FB499F124A5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {29938914-760C-4CC8-BEA0-7AF026CA872B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E72A38C2-C996-4FF0-A3AF-F80A4BC7BE3D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8DAA3779-15D7-484A-A600-7567592DFCA8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1D0F78C8-9B7C-431A-B958-73711DAE7503} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A2A2D0E7-9461-47CA-B23C-D880AC32183E} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1786745E-47D3-4215-8627-13F15F68093F} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9CF7140F-EBE7-47E7-8B5B-4D1B1CA311BF} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2C1E306-BA32-433E-8498-B758C7CAD5D2} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4102117297-3069910682-886804730-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {45496569-6F59-4DB0-865E-E08719C3DC90} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4102117297-3069910682-886804730-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-28] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{88937d45-8152-4058-a9c4-29ea7914cd6c}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-05]
Edge Notifications: Default -> hxxps://macaroons.co.in
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-11-04]
Edge Extension: (Adblock for youtube™) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ddbpoacccdcekgacaphdlpgjjbfnjfmb [2023-09-08]
Edge Extension: (Google Docs Offline) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-10]
Edge Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2023-11-04]
Edge Extension: (Edge relevant text changes) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-13]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-04-05]
Edge Extension: (Dictionary Extension) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mibedapgehhbeliiebcombkimidojbjl [2022-06-03]
Edge Extension: (Webmail Ad Blocker) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mlhnkbkckpjokodfbhlaeoeelmndflnm [2023-10-27]
Edge Profile: C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-11-04]
Edge Extension: (Google Docs Offline) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-11-04]
Edge Extension: (Edge relevant text changes) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-11-04]
Edge Extension: (Dictionary Extension) - C:\Users\shaun\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\mibedapgehhbeliiebcombkimidojbjl [2023-11-04]

FireFox:
========
FF DefaultProfile: ne04h037.default
FF ProfilePath: C:\Users\shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ne04h037.default [2023-04-24]
FF ProfilePath: C:\Users\shaun\AppData\Roaming\Mozilla\Firefox\Profiles\7trvzngs.default-release [2023-11-05]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-10-09] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [768408 2023-11-04] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-08-20] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12876472 2023-11-04] (Microsoft Corporation -> Microsoft Corporation)
S4 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [10933864 2023-08-19] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2022-11-27] (EasyAntiCheat Oy -> Epic Games, Inc)
S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
S4 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncHelper.exe [3516832 2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2348000 2023-09-26] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7173088 2023-08-12] (GOG sp. z o.o -> GOG.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\OneDriveUpdaterService.exe [3853840 2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2023-08-02] (Even Balance, Inc. -> )
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15413680 2023-05-24] (ADLICE -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4e58e7ac1d277d04\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4e58e7ac1d277d04\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 MpKslbb68265b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8BDE727B-0F52-4801-B630-715516D104F5}\MpKslDrv.sys [263560 2023-11-05] (Microsoft Windows -> Microsoft Corporation)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [29392 2023-08-14] () [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-10-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572712 2023-10-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-05 10:34 - 2023-11-05 10:34 - 002383872 _____ (Farbar) C:\Users\shaun\Downloads\Unconfirmed 748020.crdownload
2023-11-05 09:39 - 2023-11-05 09:39 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2023-11-05 09:39 - 2023-11-05 09:39 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2023-11-05 09:26 - 2023-11-05 09:26 - 000041920 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2023-11-04 19:50 - 2023-11-04 19:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-10-23 07:04 - 2023-10-23 07:04 - 000016059 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-10-23 06:59 - 2023-10-23 06:59 - 000000000 ___HD C:\$WinREAgent
2023-10-22 18:04 - 2023-10-22 18:04 - 000000000 ___HD C:\$SysReset
2023-10-16 10:09 - 2023-10-22 18:20 - 000000000 ____D C:\ProgramData\UCheck
2023-10-16 10:09 - 2023-10-22 18:20 - 000000000 ____D C:\Program Files\UCheck
2023-10-12 21:27 - 2023-10-22 18:20 - 000000000 ____D C:\Program Files\One Photo Viewer
2023-10-12 20:26 - 2023-10-12 20:26 - 000000000 ____D C:\Users\shaun\OneDrive\Documents\Battlefield 3
2023-10-09 06:02 - 2023-10-09 06:02 - 000000000 ____D C:\ProgramData\PLUG
2023-10-08 19:22 - 2023-10-08 19:22 - 000000000 ____D C:\Program Files\RUXIM

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-05 10:35 - 2021-07-31 08:21 - 000000000 ____D C:\FRST
2023-11-05 10:19 - 2023-06-22 12:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-11-05 09:34 - 2022-02-19 16:29 - 000000871 _____ C:\Users\shaun\Desktop\JRT.txt
2023-11-05 09:34 - 2021-12-04 23:04 - 000000000 ____D C:\ProgramData\NVIDIA
2023-11-05 09:20 - 2021-12-12 16:35 - 000000000 ____D C:\Users\shaun\AppData\Local\CrashDumps
2023-11-05 09:14 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-11-05 08:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-11-04 20:19 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-11-04 20:16 - 2023-06-22 13:46 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-04 20:16 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2023-11-04 20:15 - 2021-12-05 15:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-11-04 20:14 - 2022-06-09 09:56 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-04 20:09 - 2023-08-14 17:29 - 000000000 ____D C:\Users\shaun\Downloads\bf1942-v1.612-retail-patched
2023-11-04 20:09 - 2023-07-07 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Painkiller Black [GOG.com]
2023-11-04 20:09 - 2023-06-22 12:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-04 20:09 - 2023-06-22 09:06 - 000000000 ____D C:\Users\DevToolsUser
2023-11-04 20:09 - 2023-05-28 11:36 - 000000000 ____D C:\ProgramData\RogueKiller
2023-11-04 20:09 - 2022-11-26 18:41 - 000000000 ____D C:\Users\shaun\AppData\Local\Electronic Arts
2023-11-04 20:09 - 2022-11-26 18:41 - 000000000 ____D C:\ProgramData\EA Desktop
2023-11-04 20:09 - 2022-11-26 18:41 - 000000000 ____D C:\Program Files\Electronic Arts
2023-11-04 20:09 - 2022-11-26 18:34 - 000000000 ____D C:\Users\shaun\AppData\Local\EpicGamesLauncher
2023-11-04 20:09 - 2022-11-26 18:33 - 000000000 ____D C:\Program Files (x86)\Epic Games
2023-11-04 20:09 - 2021-12-19 12:12 - 000000000 ____D C:\ProgramData\Epic
2023-11-04 20:09 - 2021-12-05 15:22 - 000000000 ____D C:\ProgramData\Package Cache
2023-11-04 20:09 - 2021-12-05 12:13 - 000000000 ____D C:\Program Files (x86)\Steam
2023-11-04 20:09 - 2021-12-04 23:04 - 000807280 _____ C:\WINDOWS\system32\wpbbin.exe
2023-11-04 20:09 - 2021-12-04 23:04 - 000768408 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2023-11-04 20:09 - 2021-06-28 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-11-04 20:09 - 2021-06-16 01:04 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-04 20:09 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\registration
2023-11-04 20:08 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-11-04 20:07 - 2019-12-07 09:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-11-04 20:03 - 2023-06-02 10:51 - 000000000 ____D C:\Users\shaun\AppData\Local\Malwarebytes
2023-11-04 19:50 - 2021-12-12 16:17 - 000000000 ____D C:\Program Files\Malwarebytes
2023-11-03 15:42 - 2021-12-04 23:19 - 000000000 ____D C:\Users\shaun\AppData\Local\ElevatedDiagnostics
2023-11-03 12:01 - 2021-12-05 15:23 - 000000000 ____D C:\Users\shaun\AppData\Roaming\Microsoft\Word
2023-11-03 09:22 - 2021-12-04 23:15 - 000000000 ____D C:\Users\shaun\AppData\Local\Packages
2023-10-31 20:08 - 2023-09-14 09:57 - 000000000 ____D C:\Users\shaun\AppData\Local\Messenger
2023-10-31 20:08 - 2023-06-22 09:06 - 000000000 ____D C:\Users\shaun
2023-10-31 20:03 - 2023-09-14 09:57 - 000000000 ____D C:\Users\shaun\AppData\Roaming\Messenger
2023-10-31 19:31 - 2023-06-22 12:18 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-10-28 05:39 - 2023-06-22 12:18 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-28 05:39 - 2023-06-22 12:18 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-10-27 14:49 - 2023-05-19 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein II - The New Colossus [GOG.com]
2023-10-27 14:08 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-10-25 17:48 - 2021-12-04 23:19 - 000000000 ____D C:\Users\shaun\AppData\Local\D3DSCache
2023-10-24 05:35 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-10-23 18:35 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-10-23 18:34 - 2023-06-22 12:14 - 000472352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-10-23 18:33 - 2023-06-22 08:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2023-10-23 18:33 - 2023-06-22 08:52 - 000000000 ____D C:\WINDOWS\en-GB
2023-10-23 18:33 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-10-23 18:33 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\IME
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-10-23 18:33 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-10-23 18:33 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\servicing
2023-10-23 07:08 - 2019-12-07 09:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-10-23 07:08 - 2019-12-07 09:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-10-23 07:08 - 2019-12-07 09:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-10-23 07:04 - 2023-06-22 12:15 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-10-23 06:30 - 2021-12-07 09:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-10-23 06:29 - 2021-12-07 09:27 - 181553176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-10-22 18:41 - 2022-10-13 18:33 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-10-22 18:22 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files\Windows Portable Devices
2023-10-22 18:22 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2023-10-22 18:22 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2023-10-22 18:22 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2023-10-22 18:22 - 2019-12-07 09:51 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2023-10-22 18:22 - 2019-12-07 09:51 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2023-10-22 18:22 - 2019-12-07 09:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2023-10-22 18:22 - 2019-12-07 09:50 - 000000000 ____D C:\WINDOWS\addins
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 __RSD C:\WINDOWS\Media
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\Nui
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemApps
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\ras
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\IME
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\icsxml
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\ias
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\downlevel
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\ContainerSettingsProviders
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\L2Schemas
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\IdentityCRL
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Cursors
2023-10-22 18:22 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Common Files\Services
2023-10-22 18:20 - 2023-09-14 09:57 - 000000000 ____D C:\Users\shaun\AppData\Local\messenger-updater
2023-10-22 18:20 - 2023-05-28 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-10-22 18:20 - 2023-05-28 11:36 - 000000000 ____D C:\Program Files\RogueKiller
2023-10-22 18:20 - 2022-11-26 07:48 - 000000000 ____D C:\Users\shaun\AppData\Roaming\discord
2023-10-22 18:20 - 2022-11-26 07:48 - 000000000 ____D C:\Users\shaun\AppData\Local\Discord
2023-10-22 18:20 - 2022-10-26 20:10 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-10-22 18:20 - 2022-05-31 16:19 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2023-10-22 18:20 - 2021-11-20 09:55 - 000000000 ____D C:\Users\shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-10-22 18:20 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\schemas
2023-10-22 18:20 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Globalization
2023-10-22 18:20 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Containers
2023-10-22 18:20 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Branding
2023-10-22 18:20 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Windows Security
2023-10-22 18:20 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-10-22 18:18 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Web
2023-10-22 18:18 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Vss
2023-10-22 18:15 - 2022-05-31 16:18 - 000000000 ____D C:\ProgramData\GOG.com
2023-10-22 18:15 - 2021-12-05 15:23 - 000000000 ____D C:\Users\shaun\AppData\Roaming\Microsoft\Office
2023-10-21 16:17 - 2021-06-18 13:14 - 000000000 ___RD C:\Users\shaun\OneDrive
2023-10-18 17:30 - 2022-03-02 20:17 - 000000000 ____D C:\Users\shaun\OneDrive\Documents\Ireland June 2011 and Summer 2011
2023-10-18 17:30 - 2021-11-11 19:32 - 000000000 ____D C:\Users\shaun\OneDrive\Documents\SHAUN BACK UP OLD PC
2023-10-18 17:30 - 2021-10-24 15:28 - 000000000 ____D C:\Users\shaun\OneDrive\Documents\RUTHS WEDDING
2023-10-18 17:29 - 2022-03-02 20:17 - 000000000 ____D C:\Users\shaun\OneDrive\Documents\IRELAND 2010
2023-10-16 10:13 - 2022-11-26 07:48 - 000000000 ____D C:\Users\shaun\AppData\Local\SquirrelTemp
2023-10-11 18:32 - 2021-12-12 16:58 - 000000000 ____D C:\Users\shaun\AppData\Roaming\Microsoft\Excel

==================== Files in the root of some directories ========

2023-04-14 14:49 - 2023-04-14 14:49 - 000004608 _____ () C:\Users\shaun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-11-28 09:08 - 2023-06-28 21:21 - 000007666 _____ () C:\Users\shaun\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

seanw · 2023/11/06

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023
Ran by shaun (05-11-2023 10:36:02)
Running from C:\Users\shaun\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3570 (X64) (2023-06-22 13:39:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4102117297-3069910682-886804730-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4102117297-3069910682-886804730-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-4102117297-3069910682-886804730-1004 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-4102117297-3069910682-886804730-501 - Limited - Disabled)
shaun (S-1-5-21-4102117297-3069910682-886804730-1002 - Administrator - Enabled) => C:\Users\shaun
WDAGUtilityAccount (S-1-5-21-4102117297-3069910682-886804730-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20360 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Brothers in Arms: Earned in Blood™ (HKLM-x32\...\1239584357_is1) (Version: 1.03 - GOG.com)
Discord (HKU\S-1-5-21-4102117297-3069910682-886804730-1002\...\Discord) (Version: 1.0.9007 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.4.0.5517 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{d784aa79-3dac-45df-b52b-70303fb90b62}) (Version: 13.4.0.5517 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{20235E2B-1E9F-473D-A215-B2467F1F06E3}) (Version: 1.3.51.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.71.2 - GOG.com)
gogironstorm (HKLM\...\{6e146097-dd92-4d2e-a489-96a724ec38a0}.sdb) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Messenger (HKU\S-1-5-21-4102117297-3069910682-886804730-1002\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 197.0.525091618 - Facebook, Inc.)
Microsoft .NET Host - 6.0.9 (x64) (HKLM\...\{C30ABA3F-32C0-43D1-B3B8-9AEFD58A15D9}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.5 (x64) (HKLM\...\{3E6CCD41-6B96-47BD-8E1E-D7B593CEE976}) (Version: 48.23.40665 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.9 (x64) (HKLM\...\{FD10B803-97FD-4867-9753-8784BC35D2F8}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.5 (x64) (HKLM\...\{089A177D-98AE-4195-A115-D3C45613B875}) (Version: 48.23.40665 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.5 (x64) (HKLM-x32\...\{20645d8e-11cd-4c42-b936-87f07a6f18be}) (Version: 6.0.5.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.9 (x64) (HKLM\...\{0B4F742D-2D47-4E95-B756-402822D31C48}) (Version: 48.39.47157 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.44 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.16924.20124 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.169.0813.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.9 (x64) (HKLM\...\{C1CD2FC1-92E6-4DE2-89D8-6D309881856F}) (Version: 48.39.47171 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.9 (x64) (HKLM-x32\...\{569b351b-451b-48db-a2c7-7beb63411666}) (Version: 6.0.9.31620 - Microsoft Corporation)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 537.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20078 - Microsoft Corporation) Hidden
Painkiller Black (HKLM-x32\...\1207658715_is1) (Version: 1.64 lang update - GOG.com)
RogueKiller version 15.10.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.10.0.0 - Adlice Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wolfenstein II: The Freedom Chronicles - Episode 0 (HKLM-x32\...\1428926823_is1) (Version: 6.5.0.1331 - GOG.com)
Wolfenstein II: The Freedom Chronicles - Episode 1 (HKLM-x32\...\1948521423_is1) (Version: 6.5.0.1331 - GOG.com)
Wolfenstein II: The Freedom Chronicles - Episode 2 (HKLM-x32\...\2104100206_is1) (Version: 6.5.0.1331 - GOG.com)
Wolfenstein II: The Freedom Chronicles - Episode 3 (HKLM-x32\...\1797971986_is1) (Version: 6.5.0.1331 - GOG.com)
Wolfenstein II: The New Colossus (HKLM-x32\...\1847884051_is1) (Version: 6.5.0.1331 - GOG.com)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-10-22] ()
ASUS Grid (Beta) -> C:\Program Files\WindowsApps\B9ECED6F.133F79A42C6_1.0.14.0_x64__qmba6cd70vzyy [2023-11-04] (ASUSTeK COMPUTER INC.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-11-04] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4102117297-3069910682-886804730-1002_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4102117297-3069910682-886804730-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4e58e7ac1d277d04\nvshext.dll [2023-09-14] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [VIDC.VP31] => vp31vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\shaun\Desktop\Google Docs.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat (No File)
Shortcut: C:\Users\shaun\Desktop\Google Sheets.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat (No File)
Shortcut: C:\Users\shaun\Desktop\Google Slides.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat (No File)

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\shaun\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-12-05 06:57 - 2022-06-03 17:37 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4102117297-3069910682-886804730-1002\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4102117297-3069910682-886804730-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "CodecPackTrayMenu.lnk"
HKU\S-1-5-21-4102117297-3069910682-886804730-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8391C8DABDE3FE8ACDF82827036E5B07"
HKU\S-1-5-21-4102117297-3069910682-886804730-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{655C79AB-A091-41DF-BA26-F3C364E1741A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{4A4F3107-38E9-4666-9C15-0500BAFF8568}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8099C0D4-5889-413F-AE1D-01D8E18046B0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{43A25200-3B5F-472E-9543-412B240D6CDC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E33B40DA-1317-4468-A85D-6E937D78D561}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{3A0A8E2C-7B76-4646-AC36-0293E292CB44}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{4269B2DC-D7FA-4EC8-A7A1-D1E479A52595}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E811B680-11E8-42A5-975D-D9BF4AB1453A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E66CA1DF-BC88-474D-B014-105A5FE0F751}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E7BD57F9-BE26-4874-BC66-2B40109201DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{F5A7CCC5-AF76-4520-AE0C-B602E366BAB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{0F88253A-6EE3-40CD-8E10-3F09BDBC9DDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9406FF1D-1F2D-4D60-A625-F5958540283B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{95F9CA1A-9B5C-46B1-ADAA-A9855A41798A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9F8AA3C6-BD15-4DF1-BC61-4C113659AD55}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{EA31242B-4858-48DC-9962-EECC55F4B0CC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F14F9BB7-0B46-4627-A4DC-8964DF62AF63}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6334ED32-C7D0-4A67-ACC9-6536776F86F6}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [UDP Query User{5F4C43A5-47D9-4C71-AFA0-5F3498C6E29E}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{4D87F583-4771-4B38-90E5-FC8C4A7CD508}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{CAC74664-C1E6-4A20-B016-63081A18A23C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D967C0C8-73CE-437B-9CD8-FF139D422A5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9E36E9F8-1738-49EA-906E-735D9B0888B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A0311244-5226-4128-96BB-03E3C33BE8D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36A4634A-CE29-4F97-A655-F6462827EC70}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B42B95D2-EEE0-49C7-9167-C1F29D8FB1F6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{781D9416-9C99-4541-A778-9D720958B835}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A69E5562-D0BB-4F41-BB1B-8FF1CB329554}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{F2294BFD-34AE-4599-B0BD-A3CEEEE06841}C:\program files (x86)\gog galaxy\games\painkiller black\bin\editor\paineditor.exe] => (Block) C:\program files (x86)\gog galaxy\games\painkiller black\bin\editor\paineditor.exe (People Can Fly) [File not signed]
FirewallRules: [UDP Query User{008F373D-3F4B-4C62-A957-D51FCBA0CF29}C:\program files (x86)\gog galaxy\games\painkiller black\bin\editor\paineditor.exe] => (Block) C:\program files (x86)\gog galaxy\games\painkiller black\bin\editor\paineditor.exe (People Can Fly) [File not signed]
FirewallRules: [{496EF87B-EE34-442F-AA83-BDD10F076159}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{9BA9896B-CCAB-4097-8C62-4F67C48F66DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{1B3BEE26-097C-482C-9C1D-10CE636A88AB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{15E50772-472E-4670-B62A-921C5E71D4AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{C8005E69-3E42-49EC-A0A7-B01A30225EF8}C:\program files (x86)\gog galaxy\games\brothers in arms - earned in blood\system\eib.exe] => (Block) C:\program files (x86)\gog galaxy\games\brothers in arms - earned in blood\system\eib.exe (Gearbox Software) [File not signed]
FirewallRules: [UDP Query User{62CD8FD7-EB9D-431B-BBFE-0F0C841D6D74}C:\program files (x86)\gog galaxy\games\brothers in arms - earned in blood\system\eib.exe] => (Block) C:\program files (x86)\gog galaxy\games\brothers in arms - earned in blood\system\eib.exe (Gearbox Software) [File not signed]
FirewallRules: [{A20FEA8E-E731-4AE0-A2EE-06E14B0EFDBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{C1C238B8-C6B8-4AE2-84B2-6C9FF8BB1B12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [TCP Query User{35A122F2-0B74-4440-BFF7-29AFB31FA574}C:\program files (x86)\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [UDP Query User{90D0EE2A-D3A0-4119-AA83-D26967F3D8F7}C:\program files (x86)\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{67C6C52D-349D-44D6-97FF-640D5E5C9BDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Caliber\CaliberStart.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{A8715440-EFA5-4998-8022-75F087E73F3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Caliber\CaliberStart.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{EB288920-6A9D-499A-88A9-A4495FACA496}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

27-10-2023 14:08:00 Windows Modules Installer
03-11-2023 15:06:28 Scheduled Checkpoint
04-11-2023 19:30:37 Revo Uninstaller Pro's restore point - ZipTech
04-11-2023 19:32:09 JRT Pre-Junkware Removal
04-11-2023 20:07:02 Restore Operation
05-11-2023 09:33:41 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (11/05/2023 09:20:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msedge.exe, version: 119.0.2151.44, time stamp: 0x6542eaf6
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3570, time stamp: 0xda674bb7
Exception code: 0xe0000008
Fault offset: 0x000000000002cf19
Faulting process ID: 0x974
Faulting application start time: 0x01da0fc47634479a
Faulting application path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: a695d926-3498-4245-8bc4-353db248e2ff
Faulting package full name:
Faulting package-relative application ID:

Error: (11/04/2023 08:09:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3576,R,98) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0022E.log.

Error: (11/04/2023 07:42:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/04/2023 07:41:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070005, Access is denied.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/04/2023 07:41:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/04/2023 07:36:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 23.169.813.1, time stamp: 0x73e38614
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3570, time stamp: 0xda674bb7
Exception code: 0xe06d7363
Fault offset: 0x000000000002cf19
Faulting process ID: 0x2504
Faulting application start time: 0x01da0f56240538bd
Faulting application path: C:\Program Files\Microsoft OneDrive\OneDrive.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 01452e94-07f7-4ecb-af89-59bff8731986
Faulting package full name:
Faulting package-relative application ID:

Error: (11/04/2023 07:31:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (11/04/2023 07:30:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c37709f4-ea63-456e-af1b-70392bf36763}

System errors:
=============
Error: (11/05/2023 09:33:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (11/05/2023 09:33:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (11/04/2023 08:12:00 PM) (Source: DCOM) (EventID: 10000) (User: SHAUNS)
Description: Unable to start a DCOM Server: {628ACE20-B77A-456F-A88D-547DB6CEEDD5}. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files (x86)\Microsoft\Edge\Application\118.0.2088.76\notification_helper.exe" -Embedding

Error: (11/04/2023 08:09:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (11/04/2023 08:09:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

Error: (11/04/2023 08:09:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:17:05 on ‎03/‎11/‎2023 was unexpected.

Error: (11/04/2023 07:33:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (11/04/2023 07:33:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Windows Defender:
================
Date: 2023-11-04 17:35:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-11-03 15:30:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-11-02 17:38:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-11-01 18:10:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-10-30 18:02:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-11-04 20:09:48
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

Date: 2023-10-22 19:23:51
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

Date: 2023-10-22 19:13:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.399.1136.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23090.2007
Error code: 0x8007045b
Error description: A system shutdown is in progress.

Date: 2023-09-04 15:36:50
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

CodeIntegrity:
===============
Date: 2023-11-05 09:14:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-10-22 19:23:24
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\hidusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-10-22 19:23:22
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\ks.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-10-22 19:23:22
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\portcls.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3103 06/17/2020
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B450-F GAMING
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 39%
Total physical RAM: 16313.63 MB
Available physical RAM: 9874.14 MB
Total Virtual: 18745.63 MB
Available Virtual: 9772.45 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:464.89 GB) (Free:102 GB) (Model: Samsung SSD 970 EVO Plus 500GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.5 GB) (Free:883.51 GB) (Model: ST1000DM010-2EP102) NTFS

\\?\Volume{ef234ed0-31f1-485c-8252-cbdd8e3f253b}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{c76b7495-d02c-4590-bf4d-07983fe90c78}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A8774649)

Partition: GPT.

==================== End of Addition.txt =======================

seanw · 2023/11/06

I can't post the screengrab of the pop-up, so here is some info:

Wording:
Virus and threat defender
Windows defender summary
Windows defender find 5 threat since your last summary.
Your device was scanned 5 times

Site
maccaroons.co.in

Option:
delete viruses

PeteC · 2023/11/06

In ther absence of Broni I suggest you run Malwarebytes

seanw · 2023/11/06

Hi Pete

I have and nothing showed up

Thanks
Sean

PeteC · 2023/11/07

Regrettably Broni is no longer with us - https://www.windowsbbs.com/threads/broni-was-last-seen-2023-06-16.113507/#post-670318

seanw · 2023/11/07

Sorry pete?

Steve R Jones · 2023/11/08

seanw said: ↑

Sorry pete?
Click to expand...

Our Malware removal expert whos name is BRONI, passed away recently.

We aren't sure if we'll be able to find someone to read your log files.

seanw · 2023/11/15

I am so sorry to here this sad news

Log in or Sign up

Constant Pop-Ups:

seanw Well-Known Member Thread Starter

seanw Well-Known Member Thread Starter

seanw Well-Known Member Thread Starter

seanw Well-Known Member Thread Starter

PeteC SuperGeek Staff

seanw Well-Known Member Thread Starter

PeteC SuperGeek Staff

seanw Well-Known Member Thread Starter

Steve R Jones SuperGeek Staff

seanw Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Constant Pop-Ups:

seanw Well-Known Member Thread Starter

seanw Well-Known Member Thread Starter

seanw Well-Known Member Thread Starter

seanw Well-Known Member Thread Starter

PeteC SuperGeek Staff

seanw Well-Known Member Thread Starter

PeteC SuperGeek Staff

seanw Well-Known Member Thread Starter

Steve R Jones SuperGeek Staff

seanw Well-Known Member Thread Starter

Share This Page

Useful Searches