Someone Apparently Clicked Email Link

Someone clicked on a link in an email, apparently, at which point the computer started blinking an X and making a lot of noises (I wasn't there.) They called the hackers to get instructions on getting the noise to stop, and followed them. The computer seems to be running ok, actually.


The first time I ran Farbar, Bitdefender found a trojan, subsequent times it hasn't, also it had a messsage about not updating properly or something? This scan is the first I ran, before running an antivirus scan, only turned up one issue and had protected password stuff? Let me know if you need an updated scan.


I believe it's been getting hacked, previously, so there could be other issues




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.03.2024
Ran by Weber (administrator) on WEBER-PC (LENOVO 2958) (21-03-2024 18:10:51)
Running from C:\Users\Weber\Downloads\FRST64.exe
Loaded Profiles: Weber
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
(C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <40>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\safepay\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe [1067296 2024-02-21] (Bitdefender SRL -> Bitdefender)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\...\Run: [MicrosoftEdgeAutoLaunch_B6B68E08E4B04146192FBC846279B27E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4060608 2024-03-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON WorkForce 545 Series 64MonitorBA: C:\windows\system32\E_YLMHWA.DLL [120320 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.112\Installer\chrmstp.exe [2024-03-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A8FADF9-EE4D-4B8A-8760-B49A75D2E77C} - System32\Tasks\{3828ED39-DDD8-4913-804A-E188D75149B9} => C:\Windows\system32\pcalua.exe [53760 2023-11-20] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Temp\Raw-CodecV1L100-Eng.exe -d C:\Temp
Task: {DDF8B621-96DC-4E5A-9C9A-4B35A1D559C2} - System32\Tasks\{D6B07279-D6D6-4BCA-80F3-E3F74428ECAE} => C:\Windows\system32\pcalua.exe [53760 2023-11-20] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Weber\Downloads\Raw-CodecV1L100-Eng.exe -d C:\Users\Weber\Downloads
Task: {FAC22FD8-7698-4BC6-BE4C-7025B05B0BDA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {8423D968-04F0-4A3A-8823-C6873B93F63D} - System32\Tasks\avfree.migration => C:\Program Files\Bitdefender Antivirus Free\migration_tool\avfree.migration.exe  /run (No File)
Task: {D728942C-D805-49A7-802C-DB44FBD70199} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe [1111184 2023-12-12] (Bitdefender SRL -> Bitdefender)
Task: {DFF8F27B-5105-47F3-AE5E-E631B4D3A5AF} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6342.2{1A25F653-4652-4222-8232-8CAED7C92AF9} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6342.2\updater.exe [4721952 2024-03-06] (Google LLC -> Google LLC)
Task: {410FA456-E501-4CC1-AFC5-834DC4AF2210} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoActivateWindowsSearch (No File)
Task: {A87773AB-B418-45DD-ABA0-6224932AEFEB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe  /DoConfigureInternetTimeService (No File)
Task: {CFAD77BB-9A34-46A7-B175-4E10680CA121} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe  /DoRecoveryTasks $(Arg0) (No File)
Task: {0D6171AB-3050-463F-97C8-8E29E128C709} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe  /DRMInit (No File)
Task: {2E479F94-A855-464E-A05E-8207D088499D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe  /InstallPlayReady $(Arg0) (No File)
Task: {435F248E-AD71-4E81-885B-D2C2F94AF259} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate  $(Arg0) (No File)
Task: {3FCDB626-5646-4578-A54D-E72E9CF6F092} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate  -crl -hms -pscn 15 (No File)
Task: {CF1B3007-261B-4887-BF0D-816B4B97035F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -MediaCenterRecoveryTask (No File)
Task: {551CF27F-78A7-4C1A-8ADA-358C055AFE5B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -ObjectStoreRecoveryTask (No File)
Task: {D54CB4FA-868B-469A-A6FE-7C5DF974FF35} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe  /OCURActivate (No File)
Task: {A09A4F02-6DEB-4C5D-A4B5-35F521E328FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /OCURDiscovery $(Arg0) (No File)
Task: {E37F4BC2-64E5-4194-9FD8-4382C5BFD232} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /PBDADiscovery (No File)
Task: {C0B7AEF4-A681-40A5-98C4-DE17B9A57C05} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:7 /PBDADiscovery (No File)
Task: {AEBCE758-D72B-4D17-9DD9-9206F159902F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:90 /PBDADiscovery (No File)
Task: {9B496CDF-0EFD-426F-ACD7-969331BAFD1D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe  -pscn 0 (No File)
Task: {EB0220B0-012F-49F9-96AD-1CE26BF83454} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -PvrRecoveryTask (No File)
Task: {42AC62A8-D6DB-4A7C-8F48-F39A1825D08D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe  -PvrSchedule (No File)
Task: {9E4E41A3-060A-4ACC-99D7-1BB3F96D61CD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec  /RestartRecording (No File)
Task: {A5347E0F-D01A-46FE-9A75-BA663E0E1CFB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoRegisterSearch $(Arg0) (No File)
Task: {1E74FB9E-ED82-4E19-B499-0E524CEAD5F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe  /DoReindexSearchRoot (No File)
Task: {8EC1650E-0671-4124-983E-28B87899AA54} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -SqlLiteRecoveryTask (No File)
Task: {AA7C8BBE-9FAA-4546-8847-BD1523CE0E77} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec  /StartRecording (No File)
Task: {C7BEFDFD-1828-40CC-B3F1-073CBC408AC3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe  /DoUpdateRecordPath $(Arg0) (No File)
Task: {A97F30EA-C487-4A64-971C-AA915B7B8B9E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {25BF0A8F-7381-49DC-9FC3-30F126E2A433} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {2F81C636-57B4-4070-A88F-332056C37AF5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {4543906D-2500-4F83-BC00-69C2565EAD45} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {CDFAF690-AC83-476D-92F0-4B15777E11A9} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {BA2563A7-E750-45EE-A8AF-90A6CEBFD452} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {C40973CC-E94C-46BC-A815-058BD6C1CEF4} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3296664383-3654566077-1846858350-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {310FDD52-8397-44E8-BEAC-3240AAEADADF} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-03-05] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9FA23B82-FA79-4C27-877B-783092F623BA}: [DhcpNameServer] 192.168.254.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}\3405550245543484: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}\340555026425F4E445: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}\65562796A7F6E6D22534430303C4D23403: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}\D475D27596D26496: [DhcpNameServer] 192.168.55.50

Edge:
=======
Edge Profile: C:\Users\Weber\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-21]
Edge Extension: (Google Docs Offline) - C:\Users\Weber\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Weber\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]

FireFox:
========
FF DefaultProfile: wjzuakeu.default-1614217960833
FF ProfilePath: C:\Users\Weber\AppData\Roaming\Mozilla\Firefox\Profiles\wjzuakeu.default-1614217960833 [2024-03-21]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext [2023-10-22] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\bd_js_config.js [2020-04-08] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\bd_config.cfg [2020-04-08] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default [2024-03-11]
CHR Notifications: Default -> hxxps://mg.mail.yahoo.com; hxxps://nichesurveyer.com; hxxps://thetruescoop.com; hxxps://www.learning.facs.org
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2946088 2023-10-19] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2574864 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
S2 GoogleUpdaterInternalService124.0.6342.2; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6342.2\updater.exe [4721952 2024-03-06] (Google LLC -> Google LLC)
S2 GoogleUpdaterService124.0.6342.2; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6342.2\updater.exe [4721952 2024-03-06] (Google LLC -> Google LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [686032 2023-12-12] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [282728 2024-02-21] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\NisSrv.exe [2169568 2020-08-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MsMpEng.exe [128376 2020-08-19] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\windows\System32\DRIVERS\atc.sys [6611008 2024-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R3 BCM43XX; C:\windows\System32\drivers\bcmwl63al.sys [5170176 2019-12-07] (Microsoft Windows -> Broadcom Corporation)
R2 BdDci; C:\windows\system32\DRIVERS\bddci.sys [800168 2023-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:\windows\System32\drivers\bdelam.sys [24568 2023-11-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\windows\System32\DRIVERS\bdprivmon.sys [49200 2023-10-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender SRL)
S3 bduefiscan; C:\windows\system32\DRIVERS\bduefiscan.sys [39840 2023-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 Gemma; C:\windows\System32\DRIVERS\gemma.sys [1347496 2023-10-19] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
S3 Ignisv2; C:\windows\system32\DRIVERS\ignisv2.sys [165312 2023-10-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R2 trufos; C:\windows\System32\DRIVERS\trufos.sys [629184 2023-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 vlflt; C:\windows\System32\DRIVERS\vlflt.sys [520144 2024-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [78216 2020-08-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [430320 2020-08-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [98520 2020-08-19] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-21 18:04 - 2024-03-21 18:05 - 002391040 _____ (Farbar) C:\Users\Weber\Downloads\FRST64.exe
2024-03-21 18:04 - 2024-03-21 18:05 - 002391040 _____ (Farbar) C:\Users\Weber\Downloads\FRST64(1).exe
2024-03-21 17:54 - 2024-03-11 13:10 - 000000559 _____ C:\windows\SysWOW64\user.config
2024-03-08 17:14 - 2024-03-08 17:14 - 000000000 ____D C:\Users\Weber\Documents\ConnectWiseControl
2024-03-08 13:41 - 2024-03-08 13:41 - 000000558 _____ C:\windows\system32\user.config
2024-03-08 13:40 - 2024-03-08 13:40 - 000000000 ____D C:\Users\Weber\AppData\Local\Deployment
2024-03-08 13:40 - 2024-03-08 13:40 - 000000000 ____D C:\Users\Weber\AppData\Local\Apps\2.0
2024-03-08 13:33 - 2024-03-08 13:33 - 000086304 _____ C:\Users\Weber\Downloads\ScreenConnect.Client.exe
2024-03-05 22:09 - 2024-03-21 17:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-03-05 21:21 - 2024-03-05 21:21 - 000016717 _____ C:\Users\Weber\AppData\Local\recently-used.xbel
2024-03-01 10:42 - 2024-03-01 10:42 - 000084314 _____ C:\Users\Weber\Downloads\Michael Weber- March Calendar 2024.pdf
2024-02-29 11:08 - 2024-02-29 11:08 - 000051582 _____ C:\Users\Weber\Downloads\PayDocdee71b80-7e33-4e60-b18c-688b912a8f8d.PDF

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-21 18:12 - 2019-04-22 11:42 - 000021755 _____ C:\Users\Weber\Downloads\FRST.txt
2024-03-21 18:12 - 2015-10-25 14:48 - 000000000 ____D C:\FRST
2024-03-21 18:09 - 2020-12-20 13:46 - 000935246 _____ C:\windows\system32\PerfStringBackup.INI
2024-03-21 18:09 - 2019-12-07 04:13 - 000000000 ____D C:\windows\INF
2024-03-21 18:00 - 2022-02-10 16:18 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-03-21 17:54 - 2019-12-07 04:14 - 000000000 ____D C:\windows\AppReadiness
2024-03-21 17:54 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-21 17:54 - 2019-12-07 04:03 - 000131072 _____ C:\windows\system32\config\ELAM
2024-03-21 17:53 - 2020-12-20 14:11 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-03-21 17:53 - 2020-12-20 13:33 - 000000000 ____D C:\Users\Weber
2024-03-21 17:53 - 2020-12-20 13:27 - 000000000 ____D C:\windows\system32\SleepStudy
2024-03-21 17:53 - 2020-12-20 13:26 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-21 17:53 - 2014-06-02 21:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-11 13:11 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-11 09:27 - 2020-07-13 21:15 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-11 09:27 - 2020-07-13 21:15 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-03-08 14:07 - 2019-12-07 04:51 - 000000000 ____D C:\windows\system32\FxsTmp
2024-03-08 13:14 - 2021-12-26 22:15 - 000000000 ____D C:\windows\SystemTemp
2024-03-08 12:10 - 2014-06-02 21:21 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-08 12:10 - 2014-06-02 21:21 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-03-07 12:16 - 2022-12-19 17:03 - 000002421 _____ C:\Users\Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-07 12:16 - 2021-12-12 13:41 - 000003592 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3296664383-3654566077-1846858350-1001
2024-03-07 12:16 - 2021-05-17 08:24 - 000003366 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3296664383-3654566077-1846858350-1001
2024-03-05 22:19 - 2014-06-02 21:19 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-05 21:21 - 2021-09-30 21:10 - 000000000 ____D C:\photos_III
2024-03-05 21:21 - 2016-12-12 18:36 - 000000000 ____D C:\Users\Weber\AppData\Local\gtk-2.0
2024-03-05 21:21 - 2016-12-12 18:32 - 000000000 ____D C:\Users\Weber\.gimp-2.8
2024-03-05 09:18 - 2020-12-20 14:11 - 000003536 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-05 09:18 - 2020-12-20 14:11 - 000003412 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-26 20:40 - 2015-11-06 12:36 - 000000000 ____D C:\windows\system32\MRT
2024-02-25 13:24 - 2022-10-26 04:52 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2024-02-20 21:43 - 2021-10-15 21:49 - 000000000 ____D C:\windows\system32\Tasks\Mozilla

==================== Files in the root of some directories ========

2024-03-05 21:21 - 2024-03-05 21:21 - 000016717 _____ () C:\Users\Weber\AppData\Local\recently-used.xbel

==================== FLock ==============================

2017-10-24 09:14 C:\Users\Weber\Downloads\firefox-patch.js
2017-10-24 08:28 C:\Users\Weber\Downloads\firefox-patch.js.216668.gzquar
2017-10-24 09:14 C:\Users\Weber\Downloads\firefox-update(2).js

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.03.2024
Ran by Weber (21-03-2024 18:16:21)
Running from C:\Users\Weber\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) (2020-12-20 19:15:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3296664383-3654566077-1846858350-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3296664383-3654566077-1846858350-503 - Limited - Disabled)
Guest (S-1-5-21-3296664383-3654566077-1846858350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3296664383-3654566077-1846858350-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3296664383-3654566077-1846858350-504 - Limited - Disabled)
Weber (S-1-5-21-3296664383-3654566077-1846858350-1001 - Administrator - Enabled) => C:\Users\Weber

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Out of date) {0F59B032-EA77-E3A8-2382-74A4346E5522}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 23.008.20555 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 27.0.1.266 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\Bitdefender) (Version: 26.0.28.94 - Bitdefender)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.15.0.0 - Canon Inc.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.8.30.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.10.20.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.10.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.8.0.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.15.30.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CrystalDiskInfo 8.3.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.3.2 - Crystal Dew World)
darktable (HKLM\...\darktable) (Version: 2.4.0rc0 - the darktable project)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DxO Optics Pro 9 (HKLM\...\{CD5F5030-44C8-4432-9F61-209BA3F2F4BA}) (Version: 9.5.2 - DxO Labs)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.112 - Google LLC)
IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
Microsoft .NET Framework 4.7.2 (HKLM\...\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.80 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.80 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\...\OneDriveSetup.exe) (Version: 24.025.0204.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0.1 (x64 en-US)) (Version: 123.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 123.0.1.8829 - Mozilla)
Neat Image v8.1.2 Demo Standalone (HKLM\...\Neat Image v8 Standalone_is1) (Version:  - Neat Image team, ABSoft)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
RawTherapee version 5.0-r1-gtk3 (HKLM\...\RawTherapee5.0-r1-gtk3_is1) (Version: 5.0-r1-gtk3 - rawtherapee.com)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 4.4 SE (HKLM-x32\...\{73506320-CCDD-46FF-AE91-1032FAAD56F7}) (Version: 4 - Ichikawa Soft Laboratory)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version:  - Udi Fuchs)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2024-02-15] ()
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-10] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-12] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-02] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-09-15 13:33 - 2013-12-23 11:00 - 000040448 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
2017-09-15 13:33 - 2013-12-23 11:00 - 000181760 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\EFXMI09A.dll
2017-09-15 13:33 - 2013-12-23 11:00 - 000235008 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Weber\Downloads\avast_free_antivirus_setup_online.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\avast_free_antivirus_setup_online_b2i.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DriverUpdate (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DriverUpdate.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14500(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14500.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14911.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson17851.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(3).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(4).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(5).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(6).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\gimp-2.8.18-setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\gimp-2.8.18-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo32.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\nikcollection-full-1.2.11.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Raw-CodecV1L100-Eng(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\readerdc_en_ga_install.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\ScreenConnect.Client.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\weekly(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\weekly.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003-KB955704-ia64-ENU.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003-KB955704-x86-ENU.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe:BDU [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-10-19 17:30 - 000000825 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Bdagent"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B6B68E08E4B04146192FBC846279B27E"
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{15298B73-E23A-4D35-B7A8-D6BEAA37443A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A36512A3-3872-47B4-BC80-9D7EC99BAA5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3201F7FF-4698-44CB-A2EE-7469A8140001}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33EA4386-91D3-4A29-8C9B-DD7DC489E2D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{381D1E31-4B4C-4AC0-A372-E7D823856C4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{A8F4D76C-1B0F-4BE8-9B16-43799C353265}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{683843F4-5E21-44AE-A851-B211B0A8BAF8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{E32617E5-90E8-4858-942B-244F3B1717C2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{786E1C77-9ACF-45AF-9A69-3C7E7DB0FA54}] => (Allow) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe (Bitdefender SRL -> Bitdefender)
FirewallRules: [{69C03150-D8AB-46D3-8DAB-DCC5924259ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{324BACDB-5DC6-4495-A87D-48216DB72BC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF628F54-A9D0-4D2C-AF79-93FA34AEBF42}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{888AA02C-DEA8-4D84-A976-3246F585D33C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EABDAD4B-9899-4E0D-80C0-EEC3C21BCD3F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5F5FF72E-26BB-4564-A068-A5FCB81FEC70}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.80\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/21/2024 06:16:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3996 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3258

Start Time: 01da7be43348f805

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: 85970806-6f35-4a89-9f8e-cc0e9760e57f

Faulting package full name: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (03/11/2024 01:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3996 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3dac

Start Time: 01da73e0c1d71b48

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: c0024a0e-fcc9-4fc0-b2b1-a87320e0c111

Faulting package full name: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (03/11/2024 01:19:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3996 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2118

Start Time: 01da717f35a2a98b

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: aeb2ab12-e7bf-4233-b3ff-550da64eba33

Faulting package full name: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (03/08/2024 12:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3996 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2760

Start Time: 01da717d1f3e2b43

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: b6bd0fbe-6c44-429d-8310-cbd11c42faa1

Faulting package full name: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (03/08/2024 12:18:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3996 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 38ac

Start Time: 01da717c8a0400ee

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: 44e9b3a2-aef6-4f92-a72e-4004197162dc

Faulting package full name: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (03/08/2024 12:13:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3996 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2248

Start Time: 01da717be8a076f3

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: 6e3b27e6-c30d-4f8d-a55a-c31f2dc10d76

Faulting package full name: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (03/07/2024 12:40:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (03/07/2024 12:19:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3996 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 29cc

Start Time: 01da6ac051783ee7

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: 57acc58a-d4f4-4a06-af87-d74dcdf95a91

Faulting package full name: Microsoft.Windows.Search_1.14.12.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce


System errors:
=============
Error: (03/21/2024 06:08:00 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 2600:100c:b232:c49c:1465:91e4:349f:2751 with the system
having network hardware address 86-A3-98-E6-C4-64. Network operations on this system may
be disrupted as a result.

Error: (03/21/2024 05:53:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:10:52 PM on ‎3/‎11/‎2024 was unexpected.

Error: (03/11/2024 01:14:47 PM) (Source: DCOM) (EventID: 10029) (User: Weber-PC)
Description: The activation of the CLSID Windows.Media.Capture.AppCaptureManager timed out waiting for the service BcastDVRUserService_613ac6 to stop.

Error: (03/11/2024 01:10:55 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 2600:100c:b2f5:aaf9:82c3:2e34:e4b:707e with the system
having network hardware address 16-0B-B2-70-71-62. Network operations on this system may
be disrupted as a result.

Error: (03/11/2024 09:37:36 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/11/2024 09:21:10 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 2600:100c:b238:eabc:8e3f:d9c0:99a:89dd with the system
having network hardware address BA-C2-98-52-0A-26. Network operations on this system may
be disrupted as a result.

Error: (03/09/2024 04:32:53 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/09/2024 02:29:54 AM) (Source: DCOM) (EventID: 10010) (User: Weber-PC)
Description: The server microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-09-23 00:46:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-15 00:27:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-10 22:41:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-19 00:29:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-10-07 09:45:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-10-18 22:30:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.1495.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-10-18 22:22:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.1495.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2022-10-18 22:21:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.377.456.0
Previous security intelligence Version: 1.339.1495.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2022-10-18 22:21:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.377.456.0
Previous security intelligence Version: 1.339.1495.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2022-09-30 09:17:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.375.1243.0
Previous security intelligence Version: 1.339.1495.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.19600.3
Previous Engine Version: 1.1.18100.6
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2022-12-08 21:24:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.

Date: 2022-12-08 21:24:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 18CN42WW(V2.51) 01/18/2010
Motherboard: LENOVO NITU1
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 71%
Total physical RAM: 4028.6 MB
Available physical RAM: 1143.95 MB
Total Virtual: 6972.6 MB
Available Virtual: 1153.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.5 GB) (Free:309.25 GB) (Model: CT480BX500SSD1) NTFS

\\?\Volume{7994dbef-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{7994dbef-0000-0000-0000-00a66f000000}\ () (Fixed) (Total:0.54 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 7994DBEF)
Partition 1: (Active) - (Size=100 MB) - (Type=FAT32)
Partition 2: (Not Active) - (Size=446.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=549 MB) - (Type=27)

==================== End of Addition.txt =======================

another thing, it seemed like my password kept changing, had a horrible time posting this, kept changing it.

Hope the hackers didn't edit the Farbar log somehow, may be in there pretty good if they changed my bleepingcomputer password

Hi CPU_HDD,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

• Back up any important data, as a precaution, before starting this process.
• If you are unsure about anything then please ask. This makes the task much easier in the long run.
• Do not run any other tools or make changes to your system during the removal process.
• Please do not start a new topic and keep all replies in this thread.
• Follow the instructions in the sequence advised.
• Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
• Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
• Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
• Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Please run another FRST scan and post the contents from the new logs in your reply.

Dennis

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.03.2024
Ran by Weber (administrator) on WEBER-PC (LENOVO 2958) (28-03-2024 13:33:02)
Running from C:\Users\Weber\Downloads\FRST64(4).exe
Loaded Profiles: Weber
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
(C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D9A794A8-2372-4C88-AEBD-ACABCE24F82E}\MicrosoftEdgeUpdateSetup_X86_1.3.185.27.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <14>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\safepay\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe [1067296 2024-03-27] (Bitdefender SRL -> Bitdefender)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\...\Run: [MicrosoftEdgeAutoLaunch_B6B68E08E4B04146192FBC846279B27E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4060712 2024-03-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON WorkForce 545 Series 64MonitorBA: C:\windows\system32\E_YLMHWA.DLL [120320 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\123.0.6312.86\Installer\chrmstp.exe [2024-03-27] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A8FADF9-EE4D-4B8A-8760-B49A75D2E77C} - System32\Tasks\{3828ED39-DDD8-4913-804A-E188D75149B9} => C:\Windows\System32\pcalua.exe [53760 2023-11-20] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Temp\Raw-CodecV1L100-Eng.exe -d C:\Temp
Task: {DDF8B621-96DC-4E5A-9C9A-4B35A1D559C2} - System32\Tasks\{D6B07279-D6D6-4BCA-80F3-E3F74428ECAE} => C:\Windows\System32\pcalua.exe [53760 2023-11-20] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Weber\Downloads\Raw-CodecV1L100-Eng.exe -d C:\Users\Weber\Downloads
Task: {C2344418-B561-43D9-A45B-27D2B4C40522} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {8423D968-04F0-4A3A-8823-C6873B93F63D} - System32\Tasks\avfree.migration => C:\Program Files\Bitdefender Antivirus Free\migration_tool\avfree.migration.exe  /run (No File)
Task: {D728942C-D805-49A7-802C-DB44FBD70199} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe [1111184 2023-12-12] (Bitdefender SRL -> Bitdefender) -> C:\Program Files\Bitdefender Agent\27.0.1.266\repair
Task: {509DAAD1-BE51-4561-9AAC-318EE485F7E0} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6359.0{9FCE25FA-CA06-4847-A535-FE367B84C1D0} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC)
Task: {410FA456-E501-4CC1-AFC5-834DC4AF2210} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoActivateWindowsSearch (No File)
Task: {A87773AB-B418-45DD-ABA0-6224932AEFEB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe  /DoConfigureInternetTimeService (No File)
Task: {CFAD77BB-9A34-46A7-B175-4E10680CA121} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe  /DoRecoveryTasks $(Arg0) (No File)
Task: {0D6171AB-3050-463F-97C8-8E29E128C709} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe  /DRMInit (No File)
Task: {2E479F94-A855-464E-A05E-8207D088499D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe  /InstallPlayReady $(Arg0) (No File)
Task: {435F248E-AD71-4E81-885B-D2C2F94AF259} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate  $(Arg0) (No File)
Task: {3FCDB626-5646-4578-A54D-E72E9CF6F092} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate  -crl -hms -pscn 15 (No File)
Task: {CF1B3007-261B-4887-BF0D-816B4B97035F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -MediaCenterRecoveryTask (No File)
Task: {551CF27F-78A7-4C1A-8ADA-358C055AFE5B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -ObjectStoreRecoveryTask (No File)
Task: {D54CB4FA-868B-469A-A6FE-7C5DF974FF35} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe  /OCURActivate (No File)
Task: {A09A4F02-6DEB-4C5D-A4B5-35F521E328FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /OCURDiscovery $(Arg0) (No File)
Task: {E37F4BC2-64E5-4194-9FD8-4382C5BFD232} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /PBDADiscovery (No File)
Task: {C0B7AEF4-A681-40A5-98C4-DE17B9A57C05} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:7 /PBDADiscovery (No File)
Task: {AEBCE758-D72B-4D17-9DD9-9206F159902F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:90 /PBDADiscovery (No File)
Task: {9B496CDF-0EFD-426F-ACD7-969331BAFD1D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe  -pscn 0 (No File)
Task: {EB0220B0-012F-49F9-96AD-1CE26BF83454} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -PvrRecoveryTask (No File)
Task: {42AC62A8-D6DB-4A7C-8F48-F39A1825D08D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe  -PvrSchedule (No File)
Task: {9E4E41A3-060A-4ACC-99D7-1BB3F96D61CD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec  /RestartRecording (No File)
Task: {A5347E0F-D01A-46FE-9A75-BA663E0E1CFB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoRegisterSearch $(Arg0) (No File)
Task: {1E74FB9E-ED82-4E19-B499-0E524CEAD5F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe  /DoReindexSearchRoot (No File)
Task: {8EC1650E-0671-4124-983E-28B87899AA54} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -SqlLiteRecoveryTask (No File)
Task: {AA7C8BBE-9FAA-4546-8847-BD1523CE0E77} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec  /StartRecording (No File)
Task: {C7BEFDFD-1828-40CC-B3F1-073CBC408AC3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe  /DoUpdateRecordPath $(Arg0) (No File)
Task: {A97F30EA-C487-4A64-971C-AA915B7B8B9E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {25BF0A8F-7381-49DC-9FC3-30F126E2A433} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {2F81C636-57B4-4070-A88F-332056C37AF5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {4543906D-2500-4F83-BC00-69C2565EAD45} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {CDFAF690-AC83-476D-92F0-4B15777E11A9} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {BA2563A7-E750-45EE-A8AF-90A6CEBFD452} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {C40973CC-E94C-46BC-A815-058BD6C1CEF4} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3296664383-3654566077-1846858350-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671648 2024-03-05] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {310FDD52-8397-44E8-BEAC-3240AAEADADF} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-03-05] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9FA23B82-FA79-4C27-877B-783092F623BA}: [DhcpNameServer] 192.168.254.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}: [DhcpDomain] mynetworksettings.com
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}\3405550245543484: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}\340555026425F4E445: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}\65562796A7F6E6D22534430303C4D23403: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E3C1B595-45FF-40B7-B7B9-4C8434399015}\D475D27596D26496: [DhcpNameServer] 192.168.55.50

Edge:
=======
Edge Profile: C:\Users\Weber\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-27]
Edge Extension: (Google Docs Offline) - C:\Users\Weber\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\Weber\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-23]

FireFox:
========
FF DefaultProfile: wjzuakeu.default-1614217960833
FF ProfilePath: C:\Users\Weber\AppData\Roaming\Mozilla\Firefox\Profiles\wjzuakeu.default-1614217960833 [2024-03-28]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext [2023-10-22] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-03-18] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\bd_js_config.js [2020-04-08] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\bd_config.cfg [2020-04-08] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default [2024-03-11]
CHR Notifications: Default -> hxxps://mg.mail.yahoo.com; hxxps://nichesurveyer.com; hxxps://thetruescoop.com; hxxps://www.learning.facs.org
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Weber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [849328 2024-03-27] (Bitdefender SRL -> Bitdefender)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-03-27] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-03-27] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2946088 2023-10-19] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2574864 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [849328 2024-03-27] (Bitdefender SRL -> Bitdefender)
S2 GoogleUpdaterInternalService124.0.6359.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC)
S2 GoogleUpdaterService124.0.6359.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6359.0\updater.exe [4749088 2024-03-15] (Google LLC -> Google LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [686032 2023-12-12] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [282728 2024-03-27] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-03-27] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\NisSrv.exe [2169568 2020-08-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MsMpEng.exe [128376 2020-08-19] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\windows\System32\DRIVERS\atc.sys [6611008 2024-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R3 BCM43XX; C:\windows\System32\drivers\bcmwl63al.sys [5170176 2019-12-07] (Microsoft Windows -> Broadcom Corporation)
R2 BdDci; C:\windows\system32\DRIVERS\bddci.sys [800168 2023-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:\windows\System32\drivers\bdelam.sys [24568 2023-11-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 bdprivmon; C:\windows\System32\DRIVERS\bdprivmon.sys [49200 2023-10-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender SRL)
S3 bduefiscan; C:\windows\system32\DRIVERS\bduefiscan.sys [42440 2024-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 Gemma; C:\windows\System32\DRIVERS\gemma.sys [1347496 2023-10-19] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
S3 Ignisv2; C:\windows\system32\DRIVERS\ignisv2.sys [165312 2023-10-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R2 trufos; C:\windows\System32\DRIVERS\trufos.sys [629184 2023-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 vlflt; C:\windows\System32\DRIVERS\vlflt.sys [520144 2024-01-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [78216 2020-08-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [430320 2020-08-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [98520 2020-08-19] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-28 13:32 - 2024-03-28 13:32 - 002392064 _____ (Farbar) C:\Users\Weber\Downloads\FRST64(4).exe
2024-03-27 21:43 - 2024-03-27 21:43 - 000059859 _____ C:\Users\Weber\Downloads\Bleepingcomputer.txt
2024-03-21 20:58 - 2024-03-21 20:58 - 000032142 _____ C:\Users\Weber\Downloads\Addition_.txt
2024-03-21 18:31 - 2024-03-21 18:31 - 002391040 _____ (Farbar) C:\Users\Weber\Downloads\FRST64(3).exe
2024-03-21 18:30 - 2024-03-21 18:30 - 002391040 _____ (Farbar) C:\Users\Weber\Downloads\FRST64(2).exe
2024-03-21 18:04 - 2024-03-21 18:05 - 002391040 _____ (Farbar) C:\Users\Weber\Downloads\FRST64.exe
2024-03-21 18:04 - 2024-03-21 18:05 - 002391040 _____ (Farbar) C:\Users\Weber\Downloads\FRST64(1).exe
2024-03-21 17:54 - 2024-03-11 13:10 - 000000559 _____ C:\windows\SysWOW64\user.config
2024-03-08 17:14 - 2024-03-08 17:14 - 000000000 ____D C:\Users\Weber\Documents\ConnectWiseControl
2024-03-08 13:41 - 2024-03-08 13:41 - 000000558 _____ C:\windows\system32\user.config
2024-03-08 13:40 - 2024-03-08 13:40 - 000000000 ____D C:\Users\Weber\AppData\Local\Deployment
2024-03-08 13:40 - 2024-03-08 13:40 - 000000000 ____D C:\Users\Weber\AppData\Local\Apps\2.0
2024-03-08 13:33 - 2024-03-08 13:33 - 000086304 _____ C:\Users\Weber\Downloads\ScreenConnect.Client.exe
2024-03-05 22:09 - 2024-03-21 17:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-03-05 21:21 - 2024-03-05 21:21 - 000016717 _____ C:\Users\Weber\AppData\Local\recently-used.xbel
2024-03-01 10:42 - 2024-03-01 10:42 - 000084314 _____ C:\Users\Weber\Downloads\Michael Weber- March Calendar 2024.pdf
2024-02-29 11:08 - 2024-02-29 11:08 - 000051582 _____ C:\Users\Weber\Downloads\PayDocdee71b80-7e33-4e60-b18c-688b912a8f8d.PDF

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-28 13:34 - 2019-04-22 11:42 - 000022539 _____ C:\Users\Weber\Downloads\FRST.txt
2024-03-28 13:34 - 2015-10-25 14:48 - 000000000 ____D C:\FRST
2024-03-28 13:33 - 2020-12-20 14:11 - 000003536 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-28 13:33 - 2020-12-20 14:11 - 000003412 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-28 13:28 - 2022-02-10 16:18 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-03-28 13:27 - 2020-12-20 13:27 - 000000000 ____D C:\windows\system32\SleepStudy
2024-03-28 00:46 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-27 21:17 - 2020-12-20 14:11 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2024-03-27 21:16 - 2022-10-26 04:52 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2024-03-27 21:16 - 2022-10-26 04:52 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2024-03-27 21:13 - 2022-10-18 22:18 - 000042440 _____ (Bitdefender) C:\windows\system32\Drivers\bduefiscan.sys
2024-03-27 21:00 - 2021-12-26 22:15 - 000000000 ____D C:\windows\SystemTemp
2024-03-27 21:00 - 2014-06-02 21:21 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-27 21:00 - 2014-06-02 21:21 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-03-27 20:36 - 2019-12-07 04:14 - 000000000 ____D C:\windows\AppReadiness
2024-03-21 18:55 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-21 18:37 - 2019-04-22 11:55 - 000032167 _____ C:\Users\Weber\Downloads\Addition.txt
2024-03-21 18:33 - 2020-07-13 21:15 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-21 18:33 - 2020-07-13 21:15 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-03-21 18:19 - 2019-12-07 04:13 - 000000000 ____D C:\windows\INF
2024-03-21 18:09 - 2020-12-20 13:46 - 000935246 _____ C:\windows\system32\PerfStringBackup.INI
2024-03-21 17:54 - 2019-12-07 04:03 - 000131072 _____ C:\windows\system32\config\ELAM
2024-03-21 17:53 - 2020-12-20 14:11 - 000000006 ____H C:\windows\Tasks\SA.DAT
2024-03-21 17:53 - 2020-12-20 13:33 - 000000000 ____D C:\Users\Weber
2024-03-21 17:53 - 2020-12-20 13:26 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-21 17:53 - 2014-06-02 21:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-08 14:07 - 2019-12-07 04:51 - 000000000 ____D C:\windows\system32\FxsTmp
2024-03-07 12:16 - 2022-12-19 17:03 - 000002421 _____ C:\Users\Weber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-07 12:16 - 2021-12-12 13:41 - 000003592 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3296664383-3654566077-1846858350-1001
2024-03-07 12:16 - 2021-05-17 08:24 - 000003366 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3296664383-3654566077-1846858350-1001
2024-03-05 22:19 - 2014-06-02 21:19 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-05 21:21 - 2021-09-30 21:10 - 000000000 ____D C:\photos_III
2024-03-05 21:21 - 2016-12-12 18:36 - 000000000 ____D C:\Users\Weber\AppData\Local\gtk-2.0
2024-03-05 21:21 - 2016-12-12 18:32 - 000000000 ____D C:\Users\Weber\.gimp-2.8

==================== Files in the root of some directories ========

2024-03-05 21:21 - 2024-03-05 21:21 - 000016717 _____ () C:\Users\Weber\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Thank you Dennis. Farbar said Failed to update so I'm not sure if it's the latest version. Had so much trouble uploading to the site last night just posted the FRST ASAP in a separate post, maybe keep the hackers from getting their hands on anything, any  light you could shed on having trouble posting here might be great.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.03.2024
Ran by Weber (28-03-2024 13:37:43)
Running from C:\Users\Weber\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) (2020-12-20 19:15:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3296664383-3654566077-1846858350-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3296664383-3654566077-1846858350-503 - Limited - Disabled)
Guest (S-1-5-21-3296664383-3654566077-1846858350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3296664383-3654566077-1846858350-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3296664383-3654566077-1846858350-504 - Limited - Disabled)
Weber (S-1-5-21-3296664383-3654566077-1846858350-1001 - Administrator - Enabled) => C:\Users\Weber

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {0F59B032-EA77-E3A8-2382-74A4346E5522}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 24.001.20615 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 27.0.1.266 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\Bitdefender) (Version: 26.0.28.94 - Bitdefender)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.15.0.0 - Canon Inc.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.8.30.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.10.20.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.10.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.8.0.0 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.15.30.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CrystalDiskInfo 8.3.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.3.2 - Crystal Dew World)
darktable (HKLM\...\darktable) (Version: 2.4.0rc0 - the darktable project)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DxO Optics Pro 9 (HKLM\...\{CD5F5030-44C8-4432-9F61-209BA3F2F4BA}) (Version: 9.5.2 - DxO Labs)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.86 - Google LLC)
IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
Microsoft .NET Framework 4.7.2 (HKLM\...\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\...\OneDriveSetup.exe) (Version: 24.025.0204.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 123.0.1 (x64 en-US)) (Version: 123.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 123.0.1.8829 - Mozilla)
Neat Image v8.1.2 Demo Standalone (HKLM\...\Neat Image v8 Standalone_is1) (Version:  - Neat Image team, ABSoft)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
RawTherapee version 5.0-r1-gtk3 (HKLM\...\RawTherapee5.0-r1-gtk3_is1) (Version: 5.0-r1-gtk3 - rawtherapee.com)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 4.4 SE (HKLM-x32\...\{73506320-CCDD-46FF-AE91-1032FAAD56F7}) (Version: 4 - Ichikawa Soft Laboratory)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version:  - Udi Fuchs)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2024-03-27] ()
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-10] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-12] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-02] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-09-15 13:33 - 2013-12-23 11:00 - 000040448 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
2017-09-15 13:33 - 2013-12-23 11:00 - 000181760 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\EFXMI09A.dll
2017-09-15 13:33 - 2013-12-23 11:00 - 000235008 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Weber\Downloads\avast_free_antivirus_setup_online.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\avast_free_antivirus_setup_online_b2i.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DriverUpdate (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DriverUpdate.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14500(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14500.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14911.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson17851.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(3).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(4).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(5).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(6).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64(4).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\gimp-2.8.18-setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\gimp-2.8.18-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo32.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\nikcollection-full-1.2.11.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Raw-CodecV1L100-Eng(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\readerdc_en_ga_install.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\ScreenConnect.Client.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\weekly(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\weekly.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003-KB955704-ia64-ENU.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003-KB955704-x86-ENU.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe:BDU [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2018-10-19 17:30 - 000000825 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Bdagent"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B6B68E08E4B04146192FBC846279B27E"
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{15298B73-E23A-4D35-B7A8-D6BEAA37443A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A36512A3-3872-47B4-BC80-9D7EC99BAA5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3201F7FF-4698-44CB-A2EE-7469A8140001}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33EA4386-91D3-4A29-8C9B-DD7DC489E2D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{381D1E31-4B4C-4AC0-A372-E7D823856C4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{A8F4D76C-1B0F-4BE8-9B16-43799C353265}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{683843F4-5E21-44AE-A851-B211B0A8BAF8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{E32617E5-90E8-4858-942B-244F3B1717C2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{786E1C77-9ACF-45AF-9A69-3C7E7DB0FA54}] => (Allow) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe (Bitdefender SRL -> Bitdefender)
FirewallRules: [{69C03150-D8AB-46D3-8DAB-DCC5924259ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{324BACDB-5DC6-4495-A87D-48216DB72BC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF628F54-A9D0-4D2C-AF79-93FA34AEBF42}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{888AA02C-DEA8-4D84-A976-3246F585D33C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE88C3E1-B39E-426F-8359-73B3B79B2092}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A4B229D-4DF9-48E3-9E22-467EDCEFD7BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/27/2024 09:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 23.8.20555.0, time stamp: 0x65d7aa7d
Faulting module name: libcef.dll, version: 112.5.0.0, time stamp: 0x631bae2d
Exception code: 0x80000003
Fault offset: 0x02cc1c82
Faulting process id: 0x10c8
Faulting application start time: 0x01da80b494327193
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe
Faulting module path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\libcef.dll
Report Id: d7f65b6f-890e-456f-8bb7-a96a256c93ec
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2024 09:09:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 23.8.20555.0, time stamp: 0x65d7aa7d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4046, time stamp: 0xa0505aa2
Exception code: 0xc06d007e
Fault offset: 0x0013fa72
Faulting process id: 0x10fc
Faulting application start time: 0x01da80b4e91d3208
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: d5a575dc-7cda-4c35-bde6-569af9c16fb4
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2024 09:08:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 23.8.20555.0, time stamp: 0x65d7aa7d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4046, time stamp: 0xa0505aa2
Exception code: 0xc06d007e
Fault offset: 0x0013fa72
Faulting process id: 0x25c0
Faulting application start time: 0x01da80b4e40ab72d
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: 3ef70f23-8716-4c9c-805e-bd2f85c0ea42
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2024 09:08:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 23.8.20555.0, time stamp: 0x65d7aa7d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4046, time stamp: 0xa0505aa2
Exception code: 0xc06d007e
Fault offset: 0x0013fa72
Faulting process id: 0x418
Faulting application start time: 0x01da80b4dc97a143
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: ceec4240-93c9-408d-b257-798a0c9938c0
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2024 09:08:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 23.8.20555.0, time stamp: 0x65d7aa7d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4046, time stamp: 0xa0505aa2
Exception code: 0xc06d007e
Fault offset: 0x0013fa72
Faulting process id: 0x31e4
Faulting application start time: 0x01da80b4d34ba0e7
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: 63029dd0-c500-45de-b24a-9e65857c90ef
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2024 09:08:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 23.8.20555.0, time stamp: 0x65d7aa7d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4046, time stamp: 0xa0505aa2
Exception code: 0xc06d007e
Fault offset: 0x0013fa72
Faulting process id: 0x3114
Faulting application start time: 0x01da80b4c91cdc18
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: c6e12dfe-6fe9-4f83-ae0c-fa6fd4869cdd
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2024 09:08:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 23.8.20555.0, time stamp: 0x65d7aa7d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4046, time stamp: 0xa0505aa2
Exception code: 0xc06d007e
Fault offset: 0x0013fa72
Faulting process id: 0x13ec
Faulting application start time: 0x01da80b4c2b75d9a
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: b13f9516-90c7-4f50-b63b-b561f5218260
Faulting package full name:
Faulting package-relative application ID:

Error: (03/27/2024 09:07:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 23.8.20555.0, time stamp: 0x65d7aa7d
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4046, time stamp: 0xa0505aa2
Exception code: 0xc06d007e
Fault offset: 0x0013fa72
Faulting process id: 0x2cec
Faulting application start time: 0x01da80b4bb4290fc
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\acrocef_1\RdrCEF.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: d91cbd54-24cb-41ba-9faf-e1de99e7b70d
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/27/2024 09:45:59 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/27/2024 09:23:53 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/27/2024 08:20:37 PM) (Source: DCOM) (EventID: 10010) (User: Weber-PC)
Description: The server microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (03/24/2024 10:58:14 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/24/2024 09:57:13 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/22/2024 07:09:48 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/21/2024 09:42:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/21/2024 09:41:57 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
================
Date: 2022-09-23 00:46:39
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-15 00:27:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-03-10 22:41:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-19 00:29:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-10-07 09:45:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-10-18 22:30:07
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.1495.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2022-10-18 22:22:04
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.339.1495.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.6
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2022-10-18 22:21:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.377.456.0
Previous security intelligence Version: 1.339.1495.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2022-10-18 22:21:53
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.377.456.0
Previous security intelligence Version: 1.339.1495.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2022-09-30 09:17:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.375.1243.0
Previous security intelligence Version: 1.339.1495.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.19600.3
Previous Engine Version: 1.1.18100.6
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2022-12-08 21:24:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.

Date: 2022-12-08 21:24:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 18CN42WW(V2.51) 01/18/2010
Motherboard: LENOVO NITU1
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 81%
Total physical RAM: 4028.6 MB
Available physical RAM: 761.77 MB
Total Virtual: 6972.6 MB
Available Virtual: 2233.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.5 GB) (Free:307.95 GB) (Model: CT480BX500SSD1) NTFS

\\?\Volume{7994dbef-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{7994dbef-0000-0000-0000-00a66f000000}\ () (Fixed) (Total:0.54 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 7994DBEF)
Partition 1: (Active) - (Size=100 MB) - (Type=FAT32)
Partition 2: (Not Active) - (Size=446.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=549 MB) - (Type=27)

==================== End of Addition.txt =======================

Edited by CPU_HDD, 28 March 2024 - 01:45 PM.

Thanks.
Please give me some time to check your new logs and I will get back to you asap.
In the meantime would you please go through the following steps.
1) Please click on the Windows Security shield next and then Virus and threat protection.
Click on Manage providers on the right hand side and check that Microsoft Defender Antivirus and Firewall are both turned on.
Then go back to the Virus and threat protection. screen and click on Check for updates
2) Also let's double check that Windows Update is working ok.
Press the Windows logo key + I combination on your keyboard to open the Settings app.
Click on Update and Security.
Select Windows Update and then click the Check for Updates button.
Please advise if any updates were shown and if they installed ok.
3) Then please do this.

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
SystemRestore: On
CreateRestorePoint:
Powershell: Get-MpComputerStatus
cmd: wmic qfe list
End::

• Click on the Fix button just once and wait.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply, along with your comments on steps 1) and 2)

I did check the firewall before posting per the instructions and it looked like it was on although the call to the hackers apparently lasted a long time so no telling what they got in there. I have been using Bitdefender antivirus do I need to disable or turn off this and turn on Defender? Managed to update Bitdefender tonight.

Slow Internet the one update had a download error and the others still aren't done downloading. Farbar in Downloads do I need to move to the desktop?

There is no need to disable Bitdefender.
However, Windows Defender should still update and perform periodic scanning, with Bitdefender installed.
Windows Defender should not be totally disabled, which it appears to be at the moment.
This article  explains in more detail on how to rectify this.
The log confirms that the firewall in enabled, as you reported.

Please run through the steps in my previous post and report back on your findings.
Yes please run FRST from your Desktop.
I am keen to see the results from the FRST script, before we proceed with any clean-up. In particular, I want to make sure that System Restore is working ok.
Also I suggest that you change your passwords, using another device, to prevent any further intrusion.

Enabled Defender for backup, like the article said, do I need to run a scan?

 

Seems to update ok, one update kind of seemed to disappear, though, as I clicked on another one that had failed, to try downloading again. Perhaps it had already downloaded?

I got everything but perhaps not surprisingly a Windows Security update to install, including Windows defender updates. Have not run scan, here's the fix log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.03.2024
Ran by Weber (31-03-2024 21:00:34) Run:2
Running from C:\Users\Weber\Desktop
Loaded Profiles: Weber
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
Powershell: Get-MpComputerStatus
cmd: wmic qfe list
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.

========= Get-MpComputerStatus =========



AMEngineVersion                  : 1.1.24020.9
AMProductVersion                 : 4.18.24020.7
AMRunningMode                    : SxS Passive Mode
AMServiceEnabled                 : True
AMServiceVersion                 : 4.18.24020.7
AntispywareEnabled               : True
AntispywareSignatureAge          : 0
AntispywareSignatureLastUpdated  : 3/31/2024 2:41:35 PM
AntispywareSignatureVersion      : 1.407.863.0
AntivirusEnabled                 : True
AntivirusSignatureAge            : 0
AntivirusSignatureLastUpdated    : 3/31/2024 2:41:33 PM
AntivirusSignatureVersion        : 1.407.863.0
BehaviorMonitorEnabled           : False
ComputerID                       : 220333A5-00E6-435A-B5D6-BAF31F504B15
ComputerState                    : 0
DefenderSignaturesOutOfDate      : False
DeviceControlDefaultEnforcement  :
DeviceControlPoliciesLastUpdated : 12/31/1600 6:00:00 PM
DeviceControlState               : Disabled
FullScanAge                      : 4294967295
FullScanEndTime                  :
FullScanOverdue                  : False
FullScanRequired                 : False
FullScanSignatureVersion         :
FullScanStartTime                :
InitializationProgress           : ServiceStartedSuccessfully
IoavProtectionEnabled            : False
IsTamperProtected                : True
IsVirtualMachine                 : False
LastFullScanSource               : 0
LastQuickScanSource              : 2
NISEnabled                       : False
NISEngineVersion                 : 1.1.24020.9
NISSignatureAge                  : 65535
NISSignatureLastUpdated          :
NISSignatureVersion              :
OnAccessProtectionEnabled        : False
ProductStatus                    : 524288
QuickScanAge                     : 0
QuickScanEndTime                 : 3/31/2024 6:14:40 PM
QuickScanOverdue                 : False
QuickScanSignatureVersion        : 1.407.837.0
QuickScanStartTime               : 3/31/2024 6:13:13 PM
RealTimeProtectionEnabled        : False
RealTimeScanDirection            : 0
RebootRequired                   : False
SmartAppControlExpiration        :
SmartAppControlState             : Off
TamperProtectionSource           : Signatures
TDTCapable                       : N/A
TDTMode                          : N/A
TDTSiloType                      : N/A
TDTStatus                        : N/A
TDTTelemetry                     : N/A
TroubleShootingDailyMaxQuota     :
TroubleShootingDailyQuotaLeft    :
TroubleShootingEndTime           :
TroubleShootingExpirationLeft    :
TroubleShootingMode              :
TroubleShootingModeSource        :
TroubleShootingQuotaResetTime    :
TroubleShootingStartTime         :
PSComputerName                   :




========= End of Powershell: =========


========= wmic qfe list =========

Caption                                     CSName    Description      FixComments  HotFixID   InstallDate  InstalledBy          InstalledOn  Name  ServicePackInEffect  Status  



























                                            WEBER-PC  Update                        KB5006753               NT AUTHORITY\SYSTEM  11/12/2021                                      

                                            WEBER-PC  Update                        KB5007273               NT AUTHORITY\SYSTEM  12/16/2021                                      

                                            WEBER-PC  Security Update               KB5011352               NT AUTHORITY\SYSTEM  2/13/2022                                       

                                            WEBER-PC  Update                        KB5011651               NT AUTHORITY\SYSTEM  4/18/2022                                       

                                            WEBER-PC  Security Update               KB5014032               NT AUTHORITY\SYSTEM  5/19/2022                                       

                                            WEBER-PC  Update                        KB5014035               NT AUTHORITY\SYSTEM  6/24/2022                                       

                                            WEBER-PC  Update                        KB5014671               NT AUTHORITY\SYSTEM  7/20/2022                                       

                                            WEBER-PC  Update                        KB5015895               NT AUTHORITY\SYSTEM  8/14/2022                                       

                                            WEBER-PC  Update                        KB5016705               NT AUTHORITY\SYSTEM  9/19/2022                                       

                                            WEBER-PC  Update                        KB5018506               NT AUTHORITY\SYSTEM  11/9/2022                                       

                                            WEBER-PC  Update                        KB5020372               NT AUTHORITY\SYSTEM  12/19/2022                                      

                                            WEBER-PC  Update                        KB5022924               NT AUTHORITY\SYSTEM  3/21/2023                                       

                                            WEBER-PC  Update                        KB5023794               NT AUTHORITY\SYSTEM  4/13/2023                                       

                                            WEBER-PC  Update                        KB5025315               NT AUTHORITY\SYSTEM  5/12/2023                                       

                                            WEBER-PC  Update                        KB5026879               NT AUTHORITY\SYSTEM  6/30/2023                                       

                                            WEBER-PC  Update                        KB5028318               NT AUTHORITY\SYSTEM  7/21/2023                                       

                                            WEBER-PC  Update                        KB5028380               NT AUTHORITY\SYSTEM  8/16/2023                                       

                                            WEBER-PC  Update                        KB5029709               NT AUTHORITY\SYSTEM  9/14/2023                                       

                                            WEBER-PC  Update                        KB5031539               NT AUTHORITY\SYSTEM  10/15/2023                                      

                                            WEBER-PC  Update                        KB5032392               NT AUTHORITY\SYSTEM  11/21/2023                                      

                                            WEBER-PC  Update                        KB5032907               NT AUTHORITY\SYSTEM  12/18/2023                                      

                                            WEBER-PC  Update                        KB5034224               NT AUTHORITY\SYSTEM  2/15/2024                                       

                                            WEBER-PC  Update                        KB5036447               NT AUTHORITY\SYSTEM  3/31/2024                                       

                                            WEBER-PC  Security Update               KB5005699               NT AUTHORITY\SYSTEM  10/7/2021                                       





========= End of CMD: =========


==== End of Fixlog 21:01:29 ====

Windows Defender and System Restore look ok now.
Would you please check your Downloads folder and remove anything you do not require or are unsure about.
Also please advise if you wish to keep these items?

C:\Users\Weber\Documents\ConnectWiseControl
C:\Users\Weber\Downloads\ScreenConnect.Client.exe
Although this is a genuine program, there are reports of it being used for malicious activities.
----------------------------------------------------------------------------------------------------------------
Could you then please run this new FRST script next.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Also we will be re-setting your firewall, as a precautionary measure, which may result in you having to re-allow some connections.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
AlternateDataStreams: C:\Users\Weber\Downloads\avast_free_antivirus_setup_online.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\avast_free_antivirus_setup_online_b2i.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DriverUpdate (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DriverUpdate.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14500(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14500.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14911.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson17851.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(3).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(4).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(5).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(6).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64(4).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\gimp-2.8.18-setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\gimp-2.8.18-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo32.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\nikcollection-full-1.2.11.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Raw-CodecV1L100-Eng(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\readerdc_en_ga_install.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\ScreenConnect.Client.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\weekly(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\weekly.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003-KB955704-ia64-ENU.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003-KB955704-x86-ENU.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe:BDU [0]
U3 idsvc; no ImagePath
Task: {8423D968-04F0-4A3A-8823-C6873B93F63D} - System32\Tasks\avfree.migration => C:\Program Files\Bitdefender Antivirus Free\migration_tool\avfree.migration.exe  /run (No File)
Task: {410FA456-E501-4CC1-AFC5-834DC4AF2210} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoActivateWindowsSearch (No File)
Task: {A87773AB-B418-45DD-ABA0-6224932AEFEB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe  /DoConfigureInternetTimeService (No File)
Task: {CFAD77BB-9A34-46A7-B175-4E10680CA121} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe  /DoRecoveryTasks $(Arg0) (No File)
Task: {0D6171AB-3050-463F-97C8-8E29E128C709} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe  /DRMInit (No File)
Task: {2E479F94-A855-464E-A05E-8207D088499D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe  /InstallPlayReady $(Arg0) (No File)
Task: {435F248E-AD71-4E81-885B-D2C2F94AF259} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate  $(Arg0) (No File)
Task: {3FCDB626-5646-4578-A54D-E72E9CF6F092} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate  -crl -hms -pscn 15 (No File)
Task: {CF1B3007-261B-4887-BF0D-816B4B97035F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -MediaCenterRecoveryTask (No File)
Task: {551CF27F-78A7-4C1A-8ADA-358C055AFE5B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -ObjectStoreRecoveryTask (No File)
Task: {D54CB4FA-868B-469A-A6FE-7C5DF974FF35} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe  /OCURActivate (No File)
Task: {A09A4F02-6DEB-4C5D-A4B5-35F521E328FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /OCURDiscovery $(Arg0) (No File)
Task: {E37F4BC2-64E5-4194-9FD8-4382C5BFD232} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /PBDADiscovery (No File)
Task: {C0B7AEF4-A681-40A5-98C4-DE17B9A57C05} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:7 /PBDADiscovery (No File)
Task: {AEBCE758-D72B-4D17-9DD9-9206F159902F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:90 /PBDADiscovery (No File)
Task: {9B496CDF-0EFD-426F-ACD7-969331BAFD1D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe  -pscn 0 (No File)
Task: {EB0220B0-012F-49F9-96AD-1CE26BF83454} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -PvrRecoveryTask (No File)
Task: {42AC62A8-D6DB-4A7C-8F48-F39A1825D08D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe  -PvrSchedule (No File)
Task: {9E4E41A3-060A-4ACC-99D7-1BB3F96D61CD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec  /RestartRecording (No File)
Task: {A5347E0F-D01A-46FE-9A75-BA663E0E1CFB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoRegisterSearch $(Arg0) (No File)
Task: {1E74FB9E-ED82-4E19-B499-0E524CEAD5F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe  /DoReindexSearchRoot (No File)
Task: {8EC1650E-0671-4124-983E-28B87899AA54} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -SqlLiteRecoveryTask (No File)
Task: {AA7C8BBE-9FAA-4546-8847-BD1523CE0E77} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec  /StartRecording (No File)
Task: {C7BEFDFD-1828-40CC-B3F1-073CBC408AC3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe  /DoUpdateRecordPath $(Arg0) (No File)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::

• Click on the Fix button just once and wait.
• If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
----------------------------------------------------------------------------------------------------
Then please run the Windows Update Troubleshooter as follows.
Select Start  > Settings  > Update & Security   > Troubleshoot > Additional troubleshooters.
Next, under Get up and running, select Windows Update > Run the troubleshooter.
Please advise the results and re-try Windows Update, to see if the latest security update gets installed.
If it fails, then please advise details of the reported error.
Also advise how your computer is running now.

Do you mean check downloads for unknown items the hackers may have put in there?

I have a lot of stuff in there I just keep it in case it's needed. Do I just need to move it because you are doing stuff to downloads?

As a precaution, I just want you to check the contents of the Downloads folder and delete anything you do not recognise or no longer need.
We won't be doing anything further with this folder, unless there is a detection, when we run a scan later.

Thank you for the script, looks like a lot of work to write. 

 

TBH no idea of much of the stuff in Downloads, but the ConnectWiseControl and ScreenConnect.Client looked very fishy and have been deleted from recycle bin too.  One gave an odd 2 files deleted or something, I think from Documents. Took forever to delete the Temporary Files, is there a program or something to do this on a regular basis or is this the result of the intrusion?

 

Here's the Fixlog file, honestly the computer seems to br running fine, although I've had websites apparently sending stuff to the computer years ago, on a different machine, so I haven't really been online other than to fix the computer. I'll do the Update stuff next

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.03.2024
Ran by Weber (01-04-2024 14:44:11) Run:3
Running from C:\Users\Weber\Desktop
Loaded Profiles: Weber
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
AlternateDataStreams: C:\Users\Weber\Downloads\avast_free_antivirus_setup_online.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\avast_free_antivirus_setup_online_b2i.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DriverUpdate (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DriverUpdate.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14500(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14500.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson14911.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\epson17851.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Firefox Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(3).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(4).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(5).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading(6).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FreePDFReading.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64(4).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\gimp-2.8.18-setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\gimp-2.8.18-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo32.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\NeatSLSetupDemo64.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\nikcollection-full-1.2.11.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\Raw-CodecV1L100-Eng(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\readerdc_en_ga_install.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\ScreenConnect.Client.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\weekly(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\weekly.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003-KB955704-ia64-ENU.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003-KB955704-x86-ENU.exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe:BDU [0]
U3 idsvc; no ImagePath
Task: {8423D968-04F0-4A3A-8823-C6873B93F63D} - System32\Tasks\avfree.migration => C:\Program Files\Bitdefender Antivirus Free\migration_tool\avfree.migration.exe  /run (No File)
Task: {410FA456-E501-4CC1-AFC5-834DC4AF2210} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoActivateWindowsSearch (No File)
Task: {A87773AB-B418-45DD-ABA0-6224932AEFEB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe  /DoConfigureInternetTimeService (No File)
Task: {CFAD77BB-9A34-46A7-B175-4E10680CA121} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe  /DoRecoveryTasks $(Arg0) (No File)
Task: {0D6171AB-3050-463F-97C8-8E29E128C709} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe  /DRMInit (No File)
Task: {2E479F94-A855-464E-A05E-8207D088499D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe  /InstallPlayReady $(Arg0) (No File)
Task: {435F248E-AD71-4E81-885B-D2C2F94AF259} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate  $(Arg0) (No File)
Task: {3FCDB626-5646-4578-A54D-E72E9CF6F092} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate  -crl -hms -pscn 15 (No File)
Task: {CF1B3007-261B-4887-BF0D-816B4B97035F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -MediaCenterRecoveryTask (No File)
Task: {551CF27F-78A7-4C1A-8ADA-358C055AFE5B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -ObjectStoreRecoveryTask (No File)
Task: {D54CB4FA-868B-469A-A6FE-7C5DF974FF35} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe  /OCURActivate (No File)
Task: {A09A4F02-6DEB-4C5D-A4B5-35F521E328FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /OCURDiscovery $(Arg0) (No File)
Task: {E37F4BC2-64E5-4194-9FD8-4382C5BFD232} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /PBDADiscovery (No File)
Task: {C0B7AEF4-A681-40A5-98C4-DE17B9A57C05} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:7 /PBDADiscovery (No File)
Task: {AEBCE758-D72B-4D17-9DD9-9206F159902F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:90 /PBDADiscovery (No File)
Task: {9B496CDF-0EFD-426F-ACD7-969331BAFD1D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe  -pscn 0 (No File)
Task: {EB0220B0-012F-49F9-96AD-1CE26BF83454} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -PvrRecoveryTask (No File)
Task: {42AC62A8-D6DB-4A7C-8F48-F39A1825D08D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe  -PvrSchedule (No File)
Task: {9E4E41A3-060A-4ACC-99D7-1BB3F96D61CD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec  /RestartRecording (No File)
Task: {A5347E0F-D01A-46FE-9A75-BA663E0E1CFB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoRegisterSearch $(Arg0) (No File)
Task: {1E74FB9E-ED82-4E19-B499-0E524CEAD5F9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe  /DoReindexSearchRoot (No File)
Task: {8EC1650E-0671-4124-983E-28B87899AA54} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -SqlLiteRecoveryTask (No File)
Task: {AA7C8BBE-9FAA-4546-8847-BD1523CE0E77} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec  /StartRecording (No File)
Task: {C7BEFDFD-1828-40CC-B3F1-073CBC408AC3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe  /DoUpdateRecordPath $(Arg0) (No File)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
C:\Users\Weber\Downloads\avast_free_antivirus_setup_online.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\avast_free_antivirus_setup_online_b2i.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\DriverUpdate (1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\DriverUpdate.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup(1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\DxO_OpticsPro9_Setup.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\epson14500(1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\epson14500.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\epson14911.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\epson17851.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\Firefox Installer (1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\Firefox Installer (2).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\Firefox Installer(1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\Firefox Installer.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\FreePDFReading(1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\FreePDFReading(2).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\FreePDFReading(3).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\FreePDFReading(4).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\FreePDFReading(5).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\FreePDFReading(6).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\FreePDFReading.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\FRST64(1).exe => ":BDU" ADS removed successfully
"C:\Users\Weber\Downloads\FRST64(4).exe" => ":BDU" ADS not found.
C:\Users\Weber\Downloads\FRST64.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\gimp-2.8.18-setup(1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\gimp-2.8.18-setup.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0(1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\Luminance-HDR-x64-SETUP-v2.4.0.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\NeatSLSetupDemo32.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\NeatSLSetupDemo64 (1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\NeatSLSetupDemo64 (2).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\NeatSLSetupDemo64.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\nikcollection-full-1.2.11.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\Raw-CodecV1L100-Eng(1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\readerdc_en_ga_install.exe => ":BDU" ADS removed successfully
"C:\Users\Weber\Downloads\ScreenConnect.Client.exe" => ":BDU" ADS not found.
C:\Users\Weber\Downloads\weekly(1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\weekly.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\WindowsServer2003-KB955704-ia64-ENU.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\WindowsServer2003-KB955704-x86-ENU.exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU (1).exe => ":BDU" ADS removed successfully
C:\Users\Weber\Downloads\WindowsServer2003.WindowsXP-KB955704-x64-ENU.exe => ":BDU" ADS removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8423D968-04F0-4A3A-8823-C6873B93F63D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8423D968-04F0-4A3A-8823-C6873B93F63D}" => removed successfully
C:\windows\System32\Tasks\avfree.migration => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avfree.migration" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{410FA456-E501-4CC1-AFC5-834DC4AF2210}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{410FA456-E501-4CC1-AFC5-834DC4AF2210}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A87773AB-B418-45DD-ABA0-6224932AEFEB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A87773AB-B418-45DD-ABA0-6224932AEFEB}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFAD77BB-9A34-46A7-B175-4E10680CA121}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFAD77BB-9A34-46A7-B175-4E10680CA121}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D6171AB-3050-463F-97C8-8E29E128C709}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D6171AB-3050-463F-97C8-8E29E128C709}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E479F94-A855-464E-A05E-8207D088499D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E479F94-A855-464E-A05E-8207D088499D}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{435F248E-AD71-4E81-885B-D2C2F94AF259}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{435F248E-AD71-4E81-885B-D2C2F94AF259}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FCDB626-5646-4578-A54D-E72E9CF6F092}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FCDB626-5646-4578-A54D-E72E9CF6F092}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF1B3007-261B-4887-BF0D-816B4B97035F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF1B3007-261B-4887-BF0D-816B4B97035F}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{551CF27F-78A7-4C1A-8ADA-358C055AFE5B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{551CF27F-78A7-4C1A-8ADA-358C055AFE5B}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D54CB4FA-868B-469A-A6FE-7C5DF974FF35}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D54CB4FA-868B-469A-A6FE-7C5DF974FF35}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A09A4F02-6DEB-4C5D-A4B5-35F521E328FE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A09A4F02-6DEB-4C5D-A4B5-35F521E328FE}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E37F4BC2-64E5-4194-9FD8-4382C5BFD232}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E37F4BC2-64E5-4194-9FD8-4382C5BFD232}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0B7AEF4-A681-40A5-98C4-DE17B9A57C05}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B7AEF4-A681-40A5-98C4-DE17B9A57C05}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEBCE758-D72B-4D17-9DD9-9206F159902F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEBCE758-D72B-4D17-9DD9-9206F159902F}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B496CDF-0EFD-426F-ACD7-969331BAFD1D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B496CDF-0EFD-426F-ACD7-969331BAFD1D}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB0220B0-012F-49F9-96AD-1CE26BF83454}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB0220B0-012F-49F9-96AD-1CE26BF83454}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42AC62A8-D6DB-4A7C-8F48-F39A1825D08D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42AC62A8-D6DB-4A7C-8F48-F39A1825D08D}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9E4E41A3-060A-4ACC-99D7-1BB3F96D61CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E4E41A3-060A-4ACC-99D7-1BB3F96D61CD}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5347E0F-D01A-46FE-9A75-BA663E0E1CFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5347E0F-D01A-46FE-9A75-BA663E0E1CFB}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E74FB9E-ED82-4E19-B499-0E524CEAD5F9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E74FB9E-ED82-4E19-B499-0E524CEAD5F9}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EC1650E-0671-4124-983E-28B87899AA54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EC1650E-0671-4124-983E-28B87899AA54}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA7C8BBE-9FAA-4546-8847-BD1523CE0E77}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA7C8BBE-9FAA-4546-8847-BD1523CE0E77}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7BEFDFD-1828-40CC-B3F1-073CBC408AC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7BEFDFD-1828-40CC-B3F1-073CBC408AC3}" => removed successfully
C:\windows\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.



========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.



========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.



========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.



========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.

{DD38CF27-7314-429C-BFEB-4E146504E4D1} canceled.
{5D5AD018-4EC4-48C1-A713-7B02830B1422} canceled.
{A5A9AE73-8867-47A0-B49A-4FB60B06C97E} canceled.
{94546177-6D8C-4DA2-A604-34995EEEB7B4} canceled.
4 out of 4 jobs canceled.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3296664383-3654566077-1846858350-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= sfc /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.



========= End of CMD: =========


========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.4239


[==                         3.8%                           ]

[==                         4.3%                           ]

[==                         5.1%                           ]

[===                        5.8%                           ]

[===                        6.2%                           ]

[===                        6.8%                           ]

[====                       7.2%                           ]

[====                       7.7%                           ]

[====                       8.3%                           ]

[=====                      9.1%                           ]

[=====                      10.0%                          ]

[======                     10.4%                          ]

[======                     10.6%                          ]

[======                     11.2%                          ]

[=======                    12.1%                          ]

[=======                    12.9%                          ]

[=======                    13.5%                          ]

[========                   14.0%                          ]

[========                   14.6%                          ]

[========                   15.2%                          ]

[=========                  15.6%                          ]

[=========                  16.2%                          ]

[=========                  16.7%                          ]

[==========                 17.5%                          ]

[==========                 18.2%                          ]

[==========                 18.8%                          ]

[===========                19.5%                          ]

[===========                19.8%                          ]

[===========                20.2%                          ]

[============               20.8%                          ]

[============               21.4%                          ]

[============               21.8%                          ]

[============               22.3%                          ]

[=============              22.9%                          ]

[=============              23.7%                          ]

[=============              24.0%                          ]

[==============             24.4%                          ]

[==============             24.8%                          ]

[==============             24.8%                          ]

[==============             24.9%                          ]

[==============             24.9%                          ]

[==============             24.9%                          ]

[==============             24.9%                          ]

[==============             25.0%                          ]

[==============             25.0%                          ]

[==============             25.0%                          ]

[==============             25.0%                          ]

[==============             25.1%                          ]

[==============             25.1%                          ]

[==============             25.5%                          ]

[===============            26.5%                          ]

[===============            27.5%                          ]

[================           28.5%                          ]

[================           29.1%                          ]

[=================          29.7%                          ]

[=================          30.4%                          ]

[==================         31.2%                          ]

[==================         31.8%                          ]

[==================         32.2%                          ]

[==================         32.5%                          ]

[==================         32.6%                          ]

[===================        32.8%                          ]

[===================        33.2%                          ]

[===================        33.5%                          ]

[===================        33.6%                          ]

[===================        33.7%                          ]

[===================        33.7%                          ]

[===================        33.8%                          ]

[===================        34.1%                          ]

[====================       34.6%                          ]

[====================       35.6%                          ]

[=====================      36.5%                          ]

[=====================      37.1%                          ]

[=====================      37.4%                          ]

[=====================      37.9%                          ]

[======================     38.5%                          ]

[======================     39.4%                          ]

[======================     39.5%                          ]

[=======================    39.9%                          ]

[=======================    40.4%                          ]

[=======================    40.8%                          ]

[=======================    41.1%                          ]

[=======================    41.3%                          ]

[========================   41.5%                          ]

[========================   41.8%                          ]

[========================   42.1%                          ]

[========================   42.5%                          ]

[========================   42.6%                          ]

[========================   42.8%                          ]

[=========================  43.2%                          ]

[=========================  43.6%                          ]

[=========================  43.7%                          ]

[=========================  43.8%                          ]

[=========================  44.0%                          ]

[=========================  44.2%                          ]

[=========================  44.6%                          ]

[=========================  44.6%                          ]

[========================== 45.0%                          ]

[========================== 45.2%                          ]

[========================== 45.4%                          ]

[========================== 45.7%                          ]

[========================== 45.7%                          ]

[========================== 45.9%                          ]

[========================== 46.1%                          ]

[========================== 46.3%                          ]

[========================== 46.5%                          ]

[===========================46.8%                          ]

[===========================46.9%                          ]

[===========================47.2%                          ]

[===========================47.5%                          ]

[===========================47.7%                          ]

[===========================47.8%                          ]

[===========================48.0%                          ]

[===========================48.1%                          ]

[===========================48.2%                          ]

[===========================48.4%                          ]

[===========================48.5%                          ]

[===========================48.5%                          ]

[===========================48.6%                          ]

[===========================48.7%                          ]

[===========================48.9%                          ]

[===========================49.0%                          ]

[===========================49.1%                          ]

[===========================49.1%                          ]

[===========================49.4%                          ]

[===========================49.7%                          ]

[===========================50.1%                          ]

[===========================50.4%                          ]

[===========================50.6%                          ]

[===========================50.9%                          ]

[===========================51.5%                          ]

[===========================51.9%                          ]

[===========================52.5%                          ]

[===========================53.2%                          ]

[===========================54.1%                          ]

[===========================55.1%                          ]

[===========================55.2%                          ]

[===========================55.4%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.5%                          ]

[===========================55.6%                          ]

[===========================55.7%                          ]

[===========================55.7%                          ]

[===========================55.7%                          ]

[===========================55.8%                          ]

[===========================55.8%                          ]

[===========================55.8%                          ]

[===========================55.8%                          ]

[===========================55.8%                          ]

[===========================55.8%                          ]

[===========================55.9%                          ]

[===========================55.9%                          ]

[===========================56.0%                          ]

[===========================56.0%                          ]

[===========================56.0%                          ]

[===========================56.1%                          ]

[===========================56.1%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.2%                          ]

[===========================56.3%                          ]

[===========================56.4%                          ]

[===========================56.4%                          ]

[===========================56.4%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.5%                          ]

[===========================56.6%                          ]

[===========================56.6%                          ]

[===========================56.7%                          ]

[===========================56.7%                          ]

[===========================56.7%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.8%                          ]

[===========================56.9%=                         ]

[===========================56.9%=                         ]

[===========================57.0%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.2%=                         ]

[===========================57.3%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.4%=                         ]

[===========================57.5%=                         ]

[===========================57.5%=                         ]

[===========================57.5%=                         ]

[===========================57.6%=                         ]

[===========================57.6%=                         ]

[===========================57.7%=                         ]

[===========================57.7%=                         ]

[===========================57.8%=                         ]

[===========================57.8%=                         ]

[===========================58.1%=                         ]

[===========================58.3%=                         ]

[===========================58.3%=                         ]

[===========================58.8%==                        ]

[===========================58.8%==                        ]

[===========================59.8%==                        ]

[===========================60.2%==                        ]

[===========================62.3%====                      ]

[===========================84.9%=================         ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.


========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 553471768 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 158595685 B
Edge => 0 B
Chrome => 449451888 B
Firefox => 409643913 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33058 B
ProgramData => 33058 B
Public => 33058 B
systemprofile => 33058 B
systemprofile32 => 33070 B
LocalService => 581452 B
NetworkService => 561847450 B
Weber => 610134674 B

RecycleBin => 9605940073 B
EmptyTemp: => 11.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:19:18 ====

Edited by CPU_HDD, 01 April 2024 - 03:39 PM.

Ran the Troubleshooter, still can't install the Windows Security Update.

 

Having mouse issues all of the sudden, well maybe they're gone