Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Malware dev lures child exploiters into honeytrap to extort them

Featured Deal: Get work organized with $230 off Microsoft Project Professional 2021

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

ESET security will not run, Malwarebytes nothing, Chrome taking over

Started by FluffyPup , Mar 26 2024 02:37 PM

  • This topic is locked This topic is locked
31 replies to this topic

#16 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 30 March 2024 - 05:31 PM

Hi Gary,

 

With the holiday here in the US, I haven't had any time to spend on the computer. I am helping mom, she has Alzheimer's. I never know when it is going to be the last holiday we have her . .  or I should say, have her remember us.

 

I will be back Monday to check out the computer, if that is okay with you?

 

Thanks,

FP


BC AdBot (Login to Remove)

 

#17 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:22 AM

Posted 30 March 2024 - 08:05 PM

Absolutely.

Take care of family first. Happy Easter.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#18 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 03 April 2024 - 11:40 AM

Hi Gary,

 

Hope you had a great Easter with your family.

 

I have been using the computer for the last day or so and it seems to be working well.

 

Do I reinstall ESET?

 

FP


#19 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:22 AM

Posted 03 April 2024 - 11:47 AM

Thank you, and I hope your mom is well.

Yes, time to reinstall ESET and see how we do.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#20 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 06 April 2024 - 12:16 AM

Okie-dokie

 

I think I got scammed by a technical support phone call for help accessing my EDD account. I have been blocked from my account. It kept saying I had tried logging into many times, which I hadn't so I had to call this phone number. I just wanted to get into my account, <sigh>

 

I didn't think about it until latter that what they were requiring was crazy. I had to use chrome.  I could ONLY use an old email account. I couldn't update it. AND I had to have the email open with the EDD account open at the same time.

 

I got locked out when you cleaned up my computer.

 

ESET will not download.

 

Heat, the computer is heating up now. It wasn't heating up before the tech support phone call.

 

It also just occurred to me that I got a Microsoft update which required my computer to restart. Microsoft update on a Friday?

 

I looked at my Windows Update history, it shows successfully installed on 10/30/2023 Windows, 11 version 23H2 under Featured Updates with a blue writing "see what is new."

The update before that is dated 3/27/2024 Cumulative update.

All of the updates specify x64 except for the last one installed today.


Edited by FluffyPup, 06 April 2024 - 01:06 AM.

#21 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:22 AM

Posted 06 April 2024 - 05:30 PM

Did you allow them remote access to your computer?

Please run a new FRST scan and copy/paste the reports in your reply.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#22 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:22 AM

Posted 11 April 2024 - 08:23 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#23 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 12 April 2024 - 12:10 AM

Hi Gary, Yes, I still need help. I got blocked from the website. I had to contact admin. I just got cleared to get back in.

#24 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 12 April 2024 - 12:23 AM

I know the rules are to not do anything that is not directed, but I didn't know if I would ever get access back into the website. I downloaded CCLeaner Pro Trial. It identified 14 drivers that needed updating. I updated those. ESET would now download, prior to CCLeaner ESET would not download. I downloaded Brave as a browser.

#25 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 12 April 2024 - 06:53 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by buttonB (administrator) on BUTTON (LG Electronics 16T90Q-K.AAC7U1) (12-04-2024 16:42:25)
Running from C:\Users\buttonB\Desktop\BC03272024\FRST64english.exe
Loaded Profiles: buttonB
Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe
(C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <10>
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe <6>
(drivers\Intel\ICPS\IDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IDBWM.exe
(drivers\Intel\ICPS\IntelConnectService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IntelConnect.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe <2>
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <11>
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\buttonB\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(LG Electronics Inc. -> LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG OSD\HotkeyManager.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Geek Software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_04f57d4d19c5b315\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IDBWMService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IntelConnectService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) C:\Windows\System32\DriverStore\FileRepository\platmgrsvc.inf_amd64_adaceae86e3634ce\PlatformMgrService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_73b5b27e95d29468\RtkAudUService64.exe <2>
(services.exe ->) (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_c113c798a636a807\WTabletServiceISD.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\XboxGameBarSpotify.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2403.1001.3.0_x64__8wekyb3d8bbwe\XboxGameBarWidgets.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2403.1001.3.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_73b5b27e95d29468\RtkAudUService64.exe [1946936 2023-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [196016 2024-03-25] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [HotkeyManager] => C:\Program Files (x86)\LG Software\LG OSD\HotkeyManager.exe [320328 2022-07-11] (LG Electronics Inc. -> LG Electronics Inc.)
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\Run: [MicrosoftEdgeAutoLaunch_BA0F089C8D8F331B1757CC133895E491] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\Run: [f.lux] => C:\Users\buttonB\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-02-21] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45285792 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3306400 2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\Installer\chrmstp.exe [2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {769EF2C6-49A5-4CE8-A949-88D9105F2F02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {269FA301-FFB5-4A22-99B2-62B787346EE7} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{0BB6F98F-76C5-40FF-9930-C781C9C54429} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {50085D28-5547-4CDF-B643-984E03A23070} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{39E64B58-945C-4EB9-9CC8-721D783A335B} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {17CE5048-C57C-43B3-AFBA-C0FD41E964D8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {9895C3E9-BDA1-4D8D-AD62-E65EB01F5D48} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "027b9908-1064-4a13-ad67-4ba2293aea8f" --version "6.22.10977" --silent
Task: {8B8D0032-523E-4A17-B5C2-9135873D4DEF} - System32\Tasks\CCleanerSkipUAC - buttonB => C:\Program Files\CCleaner\CCleaner.exe [39024544 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {0335BB85-A49B-4573-8062-BBFA8E0097B2} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4910680 2024-02-21] (Intel Corporation -> Intel Corporation)
Task: {39FF4A27-ACE6-4D46-804D-DED4B2C9C359} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4910680 2024-02-21] (Intel Corporation -> Intel Corporation)
Task: {9983FA68-FAA4-4DF1-BF63-9373BC6CE16F} - System32\Tasks\LGAppCount => C:\Program Files (x86)\LG Software\LG App Count\LGAppCountObserver.exe [127528 2024-02-27] (LG Electronics Inc. -> LG Electronics Inc.)
Task: {D51096B9-0563-4851-BD73-60AA7C7083AB} - System32\Tasks\LGUpdateRecovery => C:\Program Files (x86)\LG Software\LG Update\URUpdate.exe [412720 2023-10-05] (LG Electronics Inc. -> LG Electronics inc.)
Task: {6D665F6C-DCF4-449B-ADFA-860F7F7062ED} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F6551B-7347-4D18-A146-0C9FC4500012} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {715EB4CE-B31C-4069-A9E4-9F279F3A57C9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {50562742-806F-4F3E-B2D6-AC7A80CA539F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3516779-F65E-4ED9-882A-41FBD78A6D9D} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168488 2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {08BD8EAE-9873-4811-94D3-ED0425347F0C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-332997564-2752265082-2101897690-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {6CF17553-3D36-4972-B89F-39F5EFF1C8B9} - System32\Tasks\RunSpeccy => C:\Program Files\Speccy\Speccy64.exe [7638104 2022-06-13] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C045794F-5C1D-4F0C-A00D-9046E9F275A6} - System32\Tasks\SecurityScannerScheduler => C:\Program Files (x86)\McAfee Security Scan\4.1.482\SSScheduler.exe  (No File)
Task: {54A8EA01-4BA7-4518-B858-E675332B6BFA} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {FD896B53-7A65-4B1A-972C-6F9A302A362B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [200704 2023-04-25] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}\34F68775966496: [DhcpNameServer] 68.2.16.25 68.2.16.30
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}\B416C69646163536F65707: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}\F43405C402055524C494340275946494: [DhcpNameServer] 10.20.14.101 10.20.10.101 10.20.10.11 192.168.119.3 10.20.14.110
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}\F43405C402055524C494340275946494: [DhcpDomain] plpatron.local
Tcpip\..\Interfaces\{307b2202-8435-4d83-bb3b-4bb6efc65d7c}\F4F414D274747374630383A515139344: [DhcpNameServer] 172.20.10.1

Edge:
=======
Edge Profile: C:\Users\buttonB\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-12]
Edge Extension: (Google Docs Offline) - C:\Users\buttonB\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-07]
Edge Extension: (Edge relevant text changes) - C:\Users\buttonB\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-04-07]

FireFox:
========
FF DefaultProfile: xw4ynovc.default
FF ProfilePath: C:\Users\buttonB\AppData\Roaming\Mozilla\Firefox\Profiles\xw4ynovc.default [2024-03-27]
FF ProfilePath: C:\Users\buttonB\AppData\Roaming\Mozilla\Firefox\Profiles\9t44ue0o.default-release [2024-04-12]
FF Extension: (ESET Browser Privacy & Security) - C:\Users\buttonB\AppData\Roaming\Mozilla\Firefox\Profiles\9t44ue0o.default-release\Extensions\browserextension@eset.com.xpi [2024-04-08]
FF Extension: (Language: English (CA)) - C:\Users\buttonB\AppData\Roaming\Mozilla\Firefox\Profiles\9t44ue0o.default-release\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2024-04-02]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\buttonB\AppData\Roaming\Mozilla\Firefox\Profiles\9t44ue0o.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2024-04-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.20 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)

Brave:
=======
BRA Profile: C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-04-12]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-04-11]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-04-11]
BRA Extension: (Brave NTP background images) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-04-07]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-04-12]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-04-12]
BRA Extension: (Brave NTP sponsored images) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2024-04-11]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-04-07]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-04-07]
BRA Extension: (Brave Ads Resources) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2024-04-07]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-04-12]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\buttonB\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-04-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-07] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\elevation_service.exe [2671128 2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [166424 2024-04-07] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081248 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
S4 DFWSIDService; C:\ProgramData\Wondershare\wsServices\WsidService.exe [3963120 2023-10-23] (Wondershare Technology Group Co.,Ltd -> wondershare)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [707864 2023-06-27] (ESET, spol. s r.o. -> ESET)
S4 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_69b9bfffc3486196\ipfsvc.exe [544440 2022-03-28] (Intel Corporation -> Intel Corporation)
S4 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [243432 2022-07-08] (DTS, Inc. -> DTS Inc.)
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5584248 2024-03-25] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3903416 2024-03-25] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3903416 2024-03-25] (ESET, spol. s r.o. -> ESET)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncHelper.exe [3512224 2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
R2 IDBWM; C:\Windows\System32\drivers\Intel\ICPS\IDBWMService.exe [79008 2022-06-16] (Intel Corporation -> Intel® Corporation)
S2 Intel Analytics Service; C:\Windows\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe [2043536 2022-06-16] (Intel Corporation -> Intel)
R2 Intel Connectivity Network Service; C:\Windows\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe [2501776 2022-06-16] (Intel Corporation -> Intel)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1656360 2023-12-05] (Intel Corporation -> Intel Corporation)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_04f57d4d19c5b315\AS\IAS\IntelAudioService.exe [531032 2024-02-05] (Intel Corporation -> Intel)
R2 IntelConnectService; C:\Windows\System32\drivers\Intel\ICPS\IntelConnectService.exe [79008 2022-06-16] (Intel Corporation -> Intel® Corporation)
S4 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7f351e93f74c867d\ipf_uf.exe [3013312 2024-02-05] (Intel Corporation -> Intel Corporation)
S4 LG Device Managers; C:\Program Files (x86)\LG Software\LG Device Manager\DeviceManager.exe [106336 2021-12-16] (LG Electronics Inc. -> )
S3 LGUWPService; C:\Windows\System32\DriverStore\FileRepository\lguwpservice.inf_amd64_a8df4e8e5bc1eb47\LGUWPService.exe [55144 2022-08-09] (LG Electronics Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8884840 2024-03-28] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-03-15] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.055.0317.0002\OneDriveUpdaterService.exe [3852712 2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [645976 2024-03-06] (Geek Software GmbH -> geek software GmbH)
R2 PlatformMgrService; C:\Windows\System32\DriverStore\FileRepository\platmgrsvc.inf_amd64_adaceae86e3634ce\PlatformMgrService.exe [98216 2022-08-01] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 McComponentHostService; no ImagePath

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirModeBtn; C:\Windows\System32\drivers\AirModeBtn.sys [57056 2022-03-29] (LG Electronics Inc. -> LG Electronics)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 DLMFENC; C:\Windows\System32\DRIVERS\DLMFENC.sys [242168 2023-06-27] (ESET, spol. s r.o. -> ESET, spol. s r.o.)
R0 DLPCRYPT; C:\Windows\System32\DRIVERS\dlpcrypt.sys [121728 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R0 dlpvdisk; C:\Windows\System32\DRIVERS\dlpvdisk.sys [98296 2023-06-27] (DESlock Limited -> DESlock Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [218432 2024-03-25] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [121304 2024-03-25] (ESET, spol. s r.o. -> ESET)
R1 edevmonm; C:\Windows\System32\DRIVERS\edevmonm.sys [124416 2024-03-25] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2024-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [259752 2024-03-25] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [57832 2024-03-25] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [84120 2024-03-25] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [125952 2024-03-25] (ESET, spol. s r.o. -> ESET)
R0 fse; C:\Windows\System32\drivers\fse.sys [218592 2023-10-26] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_bda8110c074a36f5\iaLPSS2_GPIO2_ADL.sys [141312 2023-10-25] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_c4c17f8529a3943d\iaLPSS2_I2C_ADL.sys [211456 2023-10-25] (Intel Corporation -> Intel Corporation)
R3 INTCCoSvc; C:\Windows\System32\drivers\Intel\ICPS\IntcCo11X64.sys [180880 2022-06-16] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_6f93b7542fd3ead9\gna.sys [88656 2023-09-26] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_e86356c582100a57\ipf_acpi.sys [88256 2024-02-05] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7f351e93f74c867d\ipf_cpu.sys [85696 2024-02-05] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_7f351e93f74c867d\ipf_lf.sys [485056 2024-02-05] (Intel Corporation -> Intel Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 PlatMgr; C:\Windows\System32\drivers\PlatMgr.sys [167112 2022-08-01] (LG Electronics Inc. -> LG Electronics Inc.)
R3 PlatSec; C:\Windows\System32\DriverStore\FileRepository\platsec.inf_amd64_faa9bc5ae253ab2b\PlatSec.sys [1095544 2022-08-01] (LG Electronics Inc. -> LG Electronics Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [38104 2019-06-04] (I3D Technology Inc. -> I3D Technology Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [938040 2021-07-20] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-06] (Microsoft Windows -> Realtek Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 VDLPToken2; C:\Windows\System32\DRIVERS\vdlptkn2.sys [135672 2023-06-27] (DESlock Limited -> DESlock Ltd.)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-10-26] (Microsoft Windows -> )
R3 WacHIDRouterISDF; C:\Windows\System32\drivers\WacHIDRouterISDF.sys [141168 2024-01-19] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WacHIDRouterISDFV; C:\Windows\System32\drivers\WacHIDRouterISDF.sys [141168 2024-01-19] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WacHIDRouterISDU; C:\Windows\System32\drivers\WacHIDRouterISDU.sys [126176 2022-03-28] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WacHIDRouterISDUV; C:\Windows\System32\drivers\WacHIDRouterISDU.sys [126176 2022-03-28] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-09] (Microsoft Windows -> Microsoft Corporation)
R0 xnotepep; C:\Windows\System32\drivers\xnotepep.sys [64008 2022-03-30] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-12 16:02 - 2024-04-12 16:02 - 000275476 _____ C:\Users\buttonB\Downloads\VITATCE04122024.pdf
2024-04-12 14:34 - 2024-04-12 14:34 - 005207358 _____ C:\Users\buttonB\Downloads\active-ea-foia-listing-march-2024.csv
2024-04-11 21:03 - 2024-04-11 21:03 - 000073251 _____ C:\Users\buttonB\Downloads\f13615_Rev._10-23.pdf
2024-04-11 20:37 - 2024-04-11 20:37 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-04-11 20:37 - 2024-02-22 09:58 - 000047240 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2024-04-09 18:31 - 2024-04-09 18:31 - 000000000 ____D C:\Users\buttonB\Downloads\foia-california-extract
2024-04-09 18:30 - 2024-04-09 18:30 - 003916920 _____ C:\Users\buttonB\Downloads\foia-california-extract.zip
2024-04-08 17:11 - 2024-04-08 17:11 - 000177803 _____ C:\Users\buttonB\Downloads\2021-01-12 - Prop 19 - Make the Kids Pay For It.pdf
2024-04-08 16:38 - 2024-04-08 16:38 - 000000891 _____ C:\Users\Public\Desktop\Everything.lnk
2024-04-08 16:36 - 2024-04-08 17:50 - 000000000 ____D C:\Users\buttonB\Downloads\Everything-1.4.1.1024.x64
2024-04-08 16:35 - 2024-04-08 16:35 - 001803557 _____ C:\Users\buttonB\Downloads\Everything-1.4.1.1024.x64.zip
2024-04-07 22:42 - 2024-04-07 22:42 - 000085525 _____ C:\Windows\system32\NOTICE_mod
2024-04-07 22:26 - 2024-04-07 22:26 - 000002894 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - buttonB
2024-04-07 22:23 - 2024-04-07 22:25 - 000000666 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2024-04-07 22:23 - 2024-04-07 22:23 - 000003322 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2024-04-07 22:15 - 2024-04-07 22:16 - 000002334 _____ C:\Users\buttonB\Downloads\netadapter-log-2024-04-07-22-15-37.txt
2024-04-07 22:11 - 2024-04-07 22:11 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7735162F.sys
2024-04-07 22:10 - 2024-04-07 22:19 - 000000000 ____D C:\Users\buttonB\Desktop\mbar
2024-04-07 22:10 - 2024-04-07 22:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2024-04-07 22:06 - 2024-04-07 22:06 - 000002166 _____ C:\Users\buttonB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2024-04-07 22:06 - 2024-04-07 22:06 - 000000000 ____D C:\Users\buttonB\AppData\Local\FluxSoftware
2024-04-07 21:07 - 2024-04-07 21:07 - 000002016 _____ C:\Users\Public\Desktop\ESET Safe Banking & Browsing.lnk
2024-04-07 21:06 - 2024-04-12 01:41 - 000000000 ____D C:\Program Files\ESET
2024-04-07 21:06 - 2024-04-07 21:06 - 000000000 ____D C:\Users\buttonB\AppData\Local\ESET
2024-04-07 21:06 - 2024-04-07 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2024-04-07 21:06 - 2024-04-07 21:06 - 000000000 ____D C:\ProgramData\ESET
2024-04-07 21:03 - 2024-04-07 21:03 - 000000000 ____D C:\Users\buttonB\Downloads\request_103760_essp_esetllc(1)
2024-04-07 21:02 - 2024-04-07 21:02 - 005160571 _____ C:\Users\buttonB\Downloads\request_103760_essp_esetllc(1).zip
2024-04-07 20:35 - 2024-04-07 20:35 - 000001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 Launcher.lnk
2024-04-07 20:35 - 2024-04-07 20:35 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 Toolbox.lnk
2024-04-07 20:35 - 2024-04-07 20:35 - 000001011 _____ C:\Users\Public\Desktop\PDF24 Launcher.lnk
2024-04-07 20:35 - 2024-04-07 20:35 - 000001004 _____ C:\Users\Public\Desktop\PDF24 Toolbox.lnk
2024-04-07 20:24 - 2024-04-07 20:24 - 000000000 ____D C:\ProgramData\Piriform
2024-04-07 20:23 - 2024-04-12 12:40 - 000000000 ____D C:\Program Files\CCleaner
2024-04-07 20:23 - 2024-04-08 13:02 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2024-04-07 20:23 - 2024-04-07 20:23 - 083032632 _____ (Piriform Software Ltd) C:\Users\buttonB\Downloads\ccsetup622_pro_trial.exe
2024-04-07 20:23 - 2024-04-07 20:23 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2024-04-07 20:23 - 2024-04-07 20:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2024-04-07 09:59 - 2024-04-07 09:59 - 000002407 _____ C:\Users\buttonB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-07 09:59 - 2024-04-07 09:59 - 000002348 _____ C:\Users\buttonB\Desktop\Microsoft Edge.lnk
2024-04-07 09:54 - 2024-04-11 12:14 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-04-07 09:54 - 2024-04-11 12:14 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2024-04-07 09:54 - 2024-04-07 09:54 - 000000000 ____D C:\Users\buttonB\AppData\Local\BraveSoftware
2024-04-07 09:54 - 2024-04-07 09:54 - 000000000 ____D C:\Program Files\BraveSoftware
2024-04-07 09:53 - 2024-04-07 09:53 - 001276712 _____ (BraveSoftware Inc.) C:\Users\buttonB\Downloads\BraveBrowserSetup-BRV029.exe
2024-04-07 09:53 - 2024-04-07 09:53 - 000003860 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{39E64B58-945C-4EB9-9CC8-721D783A335B}
2024-04-07 09:53 - 2024-04-07 09:53 - 000003736 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{0BB6F98F-76C5-40FF-9930-C781C9C54429}
2024-04-07 09:53 - 2024-04-07 09:53 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2024-04-05 22:37 - 2024-04-05 22:37 - 000000000 ____D C:\Users\buttonB\Downloads\rkill
2024-04-05 18:54 - 2024-04-05 18:54 - 010262392 _____ (ESET) C:\Users\buttonB\Downloads\eset_smart_security_premium_live_installer.exe
2024-04-05 11:17 - 2024-04-05 11:17 - 001376816 _____ (Google LLC) C:\Users\buttonB\Downloads\ChromeSetup(4).exe
2024-04-05 11:17 - 2024-04-05 11:17 - 001376816 _____ (Google LLC) C:\Users\buttonB\Downloads\ChromeSetup(3).exe
2024-04-05 11:17 - 2024-04-05 11:17 - 001376816 _____ (Google LLC) C:\Users\buttonB\Downloads\ChromeSetup(2).exe
2024-04-03 14:14 - 2024-04-03 14:14 - 000275250 _____ C:\Users\buttonB\Downloads\MobileHomeInspectionLegislatin04032024.pdf
2024-04-02 21:25 - 2024-04-02 21:25 - 000055365 _____ C:\Users\buttonB\Downloads\ReaniTDOther.pdf
2024-04-02 21:24 - 2024-04-02 21:24 - 000044869 _____ C:\Users\buttonB\Downloads\ReaniTDTOD.pdf
2024-04-02 21:22 - 2024-04-02 21:22 - 000162687 _____ C:\Users\buttonB\Downloads\ReaniCashConsolidated.pdf
2024-04-02 21:21 - 2024-04-02 21:21 - 000166766 _____ C:\Users\buttonB\Downloads\ReaniConsolidated.pdf
2024-04-02 21:20 - 2024-04-02 21:20 - 000248277 _____ C:\Users\buttonB\Downloads\1099R.pdf
2024-04-02 21:03 - 2024-04-02 21:03 - 000684774 _____ C:\Users\buttonB\Downloads\edd1.pdf
2024-04-02 21:01 - 2024-04-02 21:01 - 000687090 _____ C:\Users\buttonB\Downloads\eddprint3.pdf
2024-04-02 20:59 - 2024-04-02 21:00 - 000485153 _____ C:\Users\buttonB\Downloads\eddprint2.pdf
2024-04-02 20:59 - 2024-04-02 20:59 - 000583306 _____ C:\Users\buttonB\Downloads\eddprint.pdf
2024-04-02 20:42 - 2024-04-02 20:42 - 000101691 _____ C:\Users\buttonB\Documents\eddprint4.pdf
2024-04-02 20:41 - 2024-04-02 20:41 - 000223031 _____ C:\Users\buttonB\Documents\eddprint3.pdf
2024-04-02 20:40 - 2024-04-02 20:40 - 000233224 _____ C:\Users\buttonB\Documents\eddprint2.pdf
2024-04-02 20:39 - 2024-04-02 20:39 - 000229922 _____ C:\Users\buttonB\Documents\eddprint1.pdf
2024-04-02 08:24 - 2024-04-02 08:24 - 000001930 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sync On Mobile.lnk
2024-03-29 15:09 - 2024-03-29 15:09 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-03-29 14:53 - 2024-03-29 15:09 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\vlc
2024-03-29 14:52 - 2024-03-29 14:52 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2024-03-29 14:52 - 2024-03-29 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2024-03-29 14:52 - 2024-03-29 14:52 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2024-03-29 14:51 - 2024-03-29 14:51 - 042860784 _____ C:\Users\buttonB\Downloads\vlc-3.0.20-win32.exe
2024-03-29 14:43 - 2024-03-29 14:43 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\ufcphsom
2024-03-29 14:39 - 2024-03-29 14:44 - 000000000 ____D C:\Users\buttonB\AppData\Local\cache
2024-03-29 14:39 - 2024-03-29 14:43 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\TSHelpService
2024-03-29 14:39 - 2024-03-29 14:39 - 000000248 _____ C:\Users\buttonB\Downloads\cloud
2024-03-29 14:39 - 2024-03-29 14:39 - 000000000 ____D C:\Users\buttonB\downloadtemp
2024-03-29 14:39 - 2024-03-29 14:39 - 000000000 ____D C:\ProgramData\obs-studio-hook
2024-03-29 14:38 - 2024-03-29 14:43 - 000000000 ____D C:\Program Files (x86)\HitPaw
2024-03-29 14:38 - 2024-03-29 14:38 - 002076424 _____ (HitPaw) C:\Users\buttonB\Downloads\screen-recorder_11711748292072394001.exe
2024-03-29 14:30 - 2024-03-29 14:30 - 000000000 ____D C:\Users\buttonB\Desktop\03292024Videos
2024-03-29 14:26 - 2024-03-29 14:26 - 000380424 _____ (StreamingVideoProvider) C:\Users\buttonB\Downloads\ScreenRec_webinstall_all(1).exe
2024-03-29 13:01 - 2024-03-29 13:01 - 020941270 _____ C:\Users\buttonB\Desktop\29.03.2024_12.52.17_REC.mp4
2024-03-29 12:51 - 2024-03-29 12:51 - 020718702 _____ C:\Users\buttonB\Desktop\29.03.2024_12.43.48_REC.mp4
2024-03-29 12:40 - 2024-03-29 12:40 - 020374551 _____ C:\Users\buttonB\Desktop\29.03.2024_12.35.07_REC.mp4
2024-03-29 12:34 - 2024-03-29 12:34 - 018048314 _____ C:\Users\buttonB\Desktop\29.03.2024_12.28.45_REC.mp4
2024-03-29 12:27 - 2024-03-29 12:27 - 016291885 _____ C:\Users\buttonB\Desktop\29.03.2024_12.19.18_REC.mp4
2024-03-29 12:18 - 2024-03-29 12:18 - 020255344 _____ C:\Users\buttonB\Desktop\29.03.2024_12.12.30_REC.mp4
2024-03-29 12:11 - 2024-03-29 12:11 - 018136891 _____ C:\Users\buttonB\Desktop\29.03.2024_12.03.21_REC.mp4
2024-03-29 12:02 - 2024-03-29 12:02 - 013561184 _____ C:\Users\buttonB\Desktop\29.03.2024_11.54.11_REC.mp4
2024-03-29 11:53 - 2024-03-29 11:53 - 010413471 _____ C:\Users\buttonB\Desktop\29.03.2024_11.46.10_REC.mp4
2024-03-29 11:45 - 2024-03-29 11:45 - 020527654 _____ C:\Users\buttonB\Desktop\29.03.2024_11.40.03_REC.mp4
2024-03-29 11:37 - 2024-03-29 11:37 - 000380424 _____ (StreamingVideoProvider) C:\Users\buttonB\Downloads\ScreenRec_webinstall_all.exe
2024-03-29 11:32 - 2024-03-29 11:32 - 000000000 ____D C:\Users\buttonB\Documents\Sound Recordings
2024-03-28 13:40 - 2024-03-28 13:40 - 000002466 _____ C:\Users\buttonB\Downloads\netcfg_2024-03-28_13-40-16.dat
2024-03-28 13:28 - 2024-03-28 13:28 - 001093752 _____ (ESET) C:\Users\buttonB\Downloads\esetuninstaller.exe
2024-03-28 12:40 - 2024-04-02 21:12 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-03-28 12:40 - 2024-03-28 12:40 - 000003206 _____ C:\Windows\system32\Tasks\SecurityScannerScheduler
2024-03-28 12:39 - 2024-04-02 21:12 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-03-28 12:39 - 2024-04-02 21:12 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-03-28 12:39 - 2024-03-28 12:39 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-03-28 12:39 - 2024-03-28 12:39 - 000000000 ____D C:\Program Files\Adobe
2024-03-27 20:49 - 2024-03-27 20:49 - 009033217 _____ C:\Users\Bunnun\Downloads\RevoUninstaller_Portable.zip
2024-03-27 20:49 - 2024-03-27 20:49 - 000000000 ____D C:\Users\Bunnun\Downloads\RevoUninstaller_Portable
2024-03-27 20:34 - 2024-03-27 20:34 - 000000000 ____D C:\Users\buttonB\Downloads\RevoUninstaller_Portable
2024-03-27 20:33 - 2024-03-27 20:33 - 009033217 _____ C:\Users\buttonB\Downloads\RevoUninstaller_Portable.zip
2024-03-27 12:14 - 2024-03-27 12:14 - 000000000 ____D C:\Windows\SysWOW64\DDFs
2024-03-27 11:58 - 2024-03-27 11:58 - 000024320 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-27 11:57 - 2024-03-27 11:57 - 000024320 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-03-27 10:23 - 2024-03-27 10:23 - 000017187 _____ C:\Users\buttonB\Desktop\27.03.2024_10.23.24.zip
2024-03-27 00:18 - 2024-04-12 16:42 - 000000000 ____D C:\FRST
2024-03-27 00:16 - 2024-04-12 16:42 - 000000000 ____D C:\Users\buttonB\Desktop\BC03272024
2024-03-26 12:04 - 2024-03-26 12:04 - 017726648 _____ (VS Revo Group ) C:\Users\buttonB\Downloads\RevoUninProSetup(1).exe
2024-03-26 12:04 - 2024-03-26 12:04 - 000000000 ____D C:\ProgramData\VS Revo Group
2024-03-26 12:03 - 2024-03-26 12:03 - 017726648 _____ (VS Revo Group ) C:\Users\buttonB\Downloads\RevoUninProSetup.exe
2024-03-26 11:52 - 2024-03-26 11:53 - 006970144 _____ (VS Revo Group ) C:\Users\buttonB\Downloads\revosetup.exe
2024-03-25 13:27 - 2024-03-25 13:27 - 000259752 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2024-03-25 13:27 - 2024-03-25 13:27 - 000218432 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2024-03-25 13:27 - 2024-03-25 13:27 - 000125952 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2024-03-25 13:27 - 2024-03-25 13:27 - 000124416 _____ (ESET) C:\Windows\system32\Drivers\edevmonm.sys
2024-03-25 13:27 - 2024-03-25 13:27 - 000121304 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2024-03-25 13:27 - 2024-03-25 13:27 - 000084120 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2024-03-25 13:27 - 2024-03-25 13:27 - 000057832 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2024-03-25 09:27 - 2024-03-25 09:28 - 001376816 _____ (Google LLC) C:\Users\buttonB\Downloads\ChromeSetup.exe
2024-03-25 09:27 - 2024-03-25 09:27 - 001376816 _____ (Google LLC) C:\Users\buttonB\Downloads\ChromeSetup(1).exe
2024-03-16 09:58 - 2024-04-12 12:36 - 000000000 ____D C:\Users\buttonB\AppData\Local\CrashDumps
2024-03-15 23:16 - 2024-03-15 23:16 - 000000000 ____D C:\Users\buttonB\AppData\Local\Mozilla
2024-03-15 21:44 - 2024-04-12 16:42 - 000000000 ____D C:\Users\buttonB\AppData\Local\Malwarebytes
2024-03-15 21:26 - 2024-03-15 21:26 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Bunnun\Downloads\iExplore.exe
2024-03-15 13:00 - 2024-03-15 13:00 - 000000000 ____D C:\Users\Bunnun\Downloads\CryptoSearch(1)
2024-03-15 12:47 - 2024-03-15 12:48 - 058118520 _____ (Tweaking.com) C:\Users\Bunnun\Downloads\tweaking.com_windows_repair_aio_setup.exe
2024-03-15 12:29 - 2024-03-15 22:13 - 000000000 ____D C:\Users\Bunnun\Desktop\Computer PROBLEMS
2024-03-15 12:29 - 2024-03-15 12:29 - 000841241 _____ C:\Users\Bunnun\Downloads\rkill.zip
2024-03-15 12:26 - 2024-03-15 12:26 - 002492226 _____ C:\Users\Bunnun\Downloads\CryptoSearch.zip
2024-03-15 11:52 - 2024-03-27 20:44 - 000000000 ____D C:\Users\Bunnun\AppData\Local\Malwarebytes
2024-03-15 11:52 - 2024-03-15 11:52 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-03-15 11:51 - 2024-04-07 22:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-03-15 11:51 - 2024-03-15 11:51 - 000000000 ____D C:\Program Files\Malwarebytes
2024-03-15 10:30 - 2024-03-15 20:47 - 000000000 ____D C:\Users\Bunnun\AppData\Local\CrashDumps
2024-03-15 10:30 - 2024-03-15 10:30 - 000000000 ____D C:\Users\Bunnun\AppData\Local\OneDrive
2024-03-15 10:10 - 2024-03-28 12:52 - 000000000 ____D C:\Users\buttonB\Desktop\Computer PROBLEMS
2024-03-13 22:18 - 2024-03-13 22:18 - 000000000 ____D C:\Users\buttonB\Downloads\request_103760_essp_esetllc
2024-03-13 21:55 - 2024-03-13 21:55 - 000157504 _____ C:\Users\buttonB\Documents\configuration.xml
2024-03-13 21:54 - 2024-03-13 21:54 - 005160571 _____ C:\Users\buttonB\Downloads\request_103760_essp_esetllc.zip
2024-03-13 21:49 - 2024-03-13 21:49 - 000000000 ____D C:\ProgramData\Norton

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-12 16:42 - 2023-06-02 17:56 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\Microsoft\Excel
2024-04-12 16:40 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemTemp
2024-04-12 16:37 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-12 16:31 - 2023-04-04 13:44 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\Microsoft\Word
2024-04-12 14:57 - 2023-04-02 15:36 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-12 12:41 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\AppReadiness
2024-04-12 12:38 - 2023-09-07 17:47 - 000002664 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-04-12 12:37 - 2023-09-07 17:47 - 000003030 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-04-12 12:35 - 2023-03-24 15:16 - 000000000 ____D C:\Users\buttonB\AppData\Local\Packages
2024-04-11 20:33 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-11 20:32 - 2022-10-26 07:53 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-04-11 05:01 - 2022-05-06 22:22 - 000000000 ____D C:\Windows\INF
2024-04-09 21:10 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-09 20:59 - 2022-10-26 07:59 - 000803640 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-09 20:55 - 2022-10-26 07:53 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-09 20:55 - 2022-10-26 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-04-09 20:55 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ServiceState
2024-04-09 20:54 - 2022-10-26 07:54 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-04-09 20:54 - 2022-10-26 07:53 - 000493944 _____ C:\Windows\system32\FNTCACHE.DAT
2024-04-09 20:54 - 2022-05-06 22:17 - 001048576 _____ C:\Windows\system32\config\BBI
2024-04-09 20:53 - 2023-09-26 15:42 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-04-09 20:53 - 2023-09-12 19:49 - 000001425 _____ C:\Windows\system32\default_error_stack-000000-000000.txt
2024-04-09 20:53 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SystemResources
2024-04-09 20:53 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-04-09 20:53 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-04-09 20:53 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\bcastdvr
2024-04-09 20:32 - 2023-03-24 16:06 - 000000000 ____D C:\Windows\system32\MRT
2024-04-09 20:30 - 2023-03-24 16:05 - 192651728 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-04-09 20:30 - 2022-05-06 22:17 - 000000000 ____D C:\Windows\CbsTemp
2024-04-09 20:28 - 2022-10-26 07:56 - 003213824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-04-09 18:30 - 2022-10-26 07:53 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-04-09 18:14 - 2023-03-24 15:16 - 000000000 ____D C:\Users\buttonB\AppData\Local\D3DSCache
2024-04-08 00:46 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\LiveKernelReports
2024-04-07 22:08 - 2024-01-29 12:44 - 000004290 _____ C:\Users\buttonB\Desktop\Rkill.txt
2024-04-07 21:55 - 2023-05-08 08:05 - 000000000 ____D C:\Users\buttonB\AppData\Local\Google
2024-04-07 21:55 - 2023-05-08 08:05 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-07 21:23 - 2023-06-06 21:47 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-04-07 21:06 - 2022-05-06 22:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-04-07 20:43 - 2023-05-29 22:33 - 000003066 _____ C:\Windows\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2024-04-07 20:35 - 2023-06-10 00:09 - 000000000 ____D C:\Program Files\PDF24
2024-04-07 20:34 - 2023-12-11 10:10 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-332997564-2752265082-2101897690-1002
2024-04-07 20:34 - 2023-06-05 18:51 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-03 10:14 - 2023-03-24 15:15 - 000000000 ____D C:\Users\buttonB
2024-04-02 08:24 - 2022-10-26 08:58 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-04-02 08:24 - 2022-10-26 08:58 - 000000000 ____D C:\Program Files (x86)\LG Software
2024-03-29 17:33 - 2023-06-05 18:38 - 000000000 ____D C:\Program Files\Microsoft Office
2024-03-29 17:31 - 2023-12-18 15:00 - 000000000 ____D C:\Users\buttonB\Desktop\2024
2024-03-29 11:38 - 2022-10-26 08:44 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-28 15:25 - 2022-05-06 22:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-03-28 13:50 - 2023-05-29 22:39 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-03-28 12:52 - 2023-03-26 16:02 - 000000000 ____D C:\Users\buttonB\AppData\LocalLow\Temp
2024-03-28 12:41 - 2023-05-10 21:13 - 000000000 ____D C:\Users\buttonB\AppData\Local\Adobe
2024-03-28 07:26 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\SecurityHealth
2024-03-27 20:44 - 2023-12-11 10:08 - 000000000 ____D C:\Users\Bunnun\AppData\Roaming\Microsoft\Spelling
2024-03-27 20:39 - 2023-12-11 10:08 - 000000000 ____D C:\Users\Bunnun\AppData\Local\Packages
2024-03-27 20:32 - 2023-05-01 18:43 - 000000000 ____D C:\Program Files\VS Revo Group
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\oobe
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\system32\DDFs
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\ShellComponents
2024-03-27 12:14 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\Provisioning
2024-03-26 11:59 - 2022-10-26 08:44 - 000000000 ____D C:\Program Files\Intel
2024-03-16 15:14 - 2023-10-31 14:40 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2024-03-15 23:26 - 2022-05-06 22:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-03-15 23:16 - 2023-04-02 15:36 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\Mozilla
2024-03-15 23:11 - 2022-10-26 07:54 - 000000000 ____D C:\ProgramData\Packages
2024-03-15 23:05 - 2023-05-29 22:43 - 000803640 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-03-15 22:27 - 2024-02-14 00:31 - 000000557 _____ C:\Users\buttonB\Desktop\JRT.txt
2024-03-15 22:16 - 2022-05-06 22:24 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts_bak_773
2024-03-15 13:17 - 2023-12-11 10:08 - 000000000 ____D C:\Users\Bunnun\AppData\Local\D3DSCache
2024-03-15 12:36 - 2022-05-06 22:24 - 000000852 _____ C:\Windows\system32\Drivers\etc\hosts_bak_605
2024-03-15 11:49 - 2022-10-26 08:49 - 000000000 ____D C:\Program Files (x86)\Intel
2024-03-15 11:43 - 2023-09-07 20:18 - 000000000 ____D C:\Program Files\dotnet
2024-03-15 10:56 - 2023-12-11 10:10 - 000000000 ____D C:\Users\Bunnun\AppData\Local\PlaceholderTileLogoFolder
2024-03-15 10:26 - 2023-12-11 10:08 - 000000000 ____D C:\Users\Bunnun\AppData\LocalLow\Intel
2024-03-13 20:37 - 2022-05-06 22:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-03-13 20:37 - 2022-05-06 22:17 - 000000000 ____D C:\Windows\servicing
2024-03-13 20:04 - 2023-05-10 21:44 - 000000000 ____D C:\Users\buttonB\AppData\Roaming\com.adobe.dunamis

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by buttonB (12-04-2024 16:43:13)
Running from C:\Users\buttonB\Desktop\BC03272024
Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2023-01-03 20:05:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-332997564-2752265082-2101897690-500 - Administrator - Disabled)
Bunnun (S-1-5-21-332997564-2752265082-2101897690-1002 - Limited - Enabled) => C:\Users\Bunnun
buttonB (S-1-5-21-332997564-2752265082-2101897690-1001 - Administrator - Enabled) => C:\Users\buttonB
DefaultAccount (S-1-5-21-332997564-2752265082-2101897690-503 - Limited - Disabled)
Guest (S-1-5-21-332997564-2752265082-2101897690-501 - Limited - Disabled)
PhantomA (S-1-5-21-332997564-2752265082-2101897690-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-332997564-2752265082-2101897690-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: ESET Firewall (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.001.20643 - Adobe)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 123.1.64.122 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 6.22 - Piriform)
Discord (HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\Discord) (Version: 1.0.9013 - Discord Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{B8AD0F0B-6ED6-4121-9ABF-592203F4C43C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
ESET Premium Line Encryption (HKLM\...\{43C2B3A3-AAF7-401A-9049-5139EABE10F9}) (Version: 2.0.36.0 - ESET) Hidden
ESET Security (HKLM\...\{46FD9D9F-B21B-4A16-A0EE-29054278C714}) (Version: 17.1.9.0 - ESET, spol. s r.o.)
f.lux (HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\Flux) (Version: 4.134 - f.lux Software LLC)
Intel Software Package (HKLM-x32\...\{9b6c818c-5856-4d95-9b82-9bebce4a6ba3}) (Version: 1.0.10900.26658 - Intel) Hidden
Intel Software Package (HKLM-x32\...\{9ecc05df-d595-4ef0-90b5-790af065f75d}) (Version: 1.0.10900.26658 - Intel) Hidden
Intel® Chipset Device Software (HKLM\...\{BB1E910B-7D2D-4FC8-A87C-5A53CAC2D5A8}) (Version: 10.1.19159.8331 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a8ed3a4b-8ec2-4b7d-b0f6-0f4db00ea2ce}) (Version: 10.1.19159.8331 - Intel® Corporation)
Intel® Computing Improvement Program (HKLM\...\{76751700-CC7A-4C8E-A7EE-D66651594A6A}) (Version: 2.4.10802 - Intel Corporation)
Intel® Dynamic Tuning Technology (HKLM-x32\...\{DDD0E7BA-1023-44F1-B2E0-2297B9ED42B5}) (Version: 9.0.10900.26658 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.386 - Intel Corporation)
Intel® Innovation Platform Framework (HKLM-x32\...\{1F2F557C-7559-4376-9347-1C6ACFAD35C2}) (Version: 1.0.10900.26658 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2225.3.9.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{6EE6F343-0BD5-4F43-BFB4-A04D8B1FE8CB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{3224ECD1-BFF4-4DEF-ABE9-B244881A871A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2212.4 - Intel Corporation)
Intel® Serial IO (HKLM\...\{FF99FB1C-B0BD-4CBC-A962-A3BBC576CDFD}) (Version: 30.100.2212.4 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000010-0230-1033-84C8-B8D95FA3C8C3}) (Version: 23.10.0.2 - Intel Corporation)
Intel® Arc™ Control (HKLM\...\{AFFBB7E9-51F0-4A68-B6B6-DB7B13E5E372}) (Version: 1.74.5391.3 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32\...\{29da1471-6d4a-4198-af44-b83f9ba62651}) (Version: 1.74.5391.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{ecbee3cf-26b3-4f27-854c-e2e16b3f7fa9}) (Version: 23.4.39.9 - Intel)
Intel® Integrated Sensor Solution (HKLM-x32\...\{e2adfc7e-c7d4-4b6a-bc85-167c0a9a59d2}) (Version: 3.10.100.4572 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{acc5d32f-fbf7-4d75-8943-2f70e698123d}) (Version: 23.20.0.4 - Intel Corporation) Hidden
ISS_Drivers_x64 (HKLM\...\{3778C22D-30D2-4419-AB45-EDB251772C33}) (Version: 3.10.100.4572 - Intel Corporation) Hidden
LG Device Manager (HKLM-x32\...\{29B3EDEF-C8F6-408E-AE67-53AF1B143032}) (Version: 1.0.2207.801 - LG Electronics Inc.)
LG On Screen Display 3 (HKLM-x32\...\{CDF8BA0D-9707-4F6B-A7A8-D9F536EF49B0}) (Version: 1.0.2207.801 - LG Electronics Inc.)
LG PC Manuals (HKLM-x32\...\LG PC Manuals) (Version: 1.0.2209.2701 - LG Electronics Inc.)
LG Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.7.1.111 - Wacom Technology Corp.)
LG Quick Guide (HKLM-x32\...\{2B169899-99D0-44FA-ABB0-62F50D83131D}) (Version: 1.0.2308.3101 - LG Electronics Inc.)
LG Smart Assistant (HKLM-x32\...\{76FB8ACE-FFF7-4ED8-BDFD-168DF15C26CC}) (Version: 1.0.2210.401 - LG Electronics Inc.)
LG Update (HKLM-x32\...\{E7E96A93-DD9B-43C7-AB26-D8348F3143FC}) (Version: 1.0.2309.2701 - LG Electronics Inc.)
Malwarebytes version 5.1.2.109 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.2.109 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
PDF24 Creator (HKLM\...\{BD057EF0-E8B3-472E-9085-1B45E98838A7}) (Version: 11.17.0 - geek software GmbH)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9354.1 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Sync On Mobile (HKLM-x32\...\{A3F4FF34-A63B-47F7-9ED6-F7A8B4639B02}) (Version: 1.0.2303.1401 - LG Electronics Inc.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Windows Driver Package - Mirametrix Inc (WUDFRd) Camera  (07/27/2022 18.0.0.0) (HKLM\...\72E70A16DE27C7893096117DD18A398F2C9A01D4) (Version: 07/27/2022 18.0.0.0 - Mirametrix Inc)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-03-28] ()
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2024-03-15] (AMZN Mobile LLC.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-04-11] (INTEL CORP) [Startup Task]
AudioDirector for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.AudioDirectorforLGE_7.0.9105.0_x64__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_2.3.8.0_x64__38kynpdw5g1aw [2024-04-08] (Wacom Europe GmbH)
ColorDirector for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.ColorDirectorforLGE_5.0.8107.0_x64__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-03-27] (Microsoft Corporation)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.13.2.0_x64__t5j2fzbtdg37r [2024-03-15] (DTS, Inc.)
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2024-04-08] (Sparse Package)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation)
Intel® Connectivity Performance Suite -> C:\Program Files\WindowsApps\AppUp.IntelConnectivityPerformanceSuite_3.1023.1012.0_x64__8j3eq9eme6ctt [2024-03-15] (INTEL CORP) [Startup Task]
LG Glance by Mirametrix® -> C:\Program Files\WindowsApps\MirametrixInc.LGGlancebyMirametrix_9.38.4316.0_x64__17mer8kcn3j54 [2024-03-15] (Mirametrix Inc.) [Startup Task]
LG Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.LGPenSettings_7.7.89.0_neutral__ss941bf8mfs8a [2024-03-15] (Wacom Technology Corp.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-03-15] (Microsoft Corp.)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-30] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-15] (Microsoft Corporation)
MicrosoftWindows.Client.FileExp -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-15] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24031.69.0_x64__cw5n1h2txyewy [2024-04-09] (Microsoft Windows) [Startup Task]
Mozilla Firefox -> C:\Program Files\WindowsApps\Mozilla.Firefox_124.0.2.0_x64__n80bbvh6b1yt2 [2024-04-08] (Mozilla)
PhotoDirector for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.PhotoDirectorforLGE_8.0.3022.0_x64__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
Power Media Player for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.PowerMediaPlayerforLGE_14.1.7917.0_x86__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
PowerDirector for LGE -> C:\Program Files\WindowsApps\www.cyberlink.com.PowerDirectorforLGE_14.0.4202.0_x64__srrwvbh8chymt [2024-03-15] (www.cyberlink.com)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.47.309.0_x64__dt26b99r8h8gj [2024-03-15] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-11] (Spotify AB) [Startup Task]
Wacom Notes -> C:\Program Files\WindowsApps\D91E29CF.WacomNotes_1.13.1.0_x64__38kynpdw5g1aw [2024-04-11] (Wacom Europe GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-332997564-2752265082-2101897690-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ESD Shell Icon Overlay Identifier] -> {AF106685-9C86-48AF-8524-8F485C459E17} => C:\Program Files\ESET\ESET Secure Data\esdovrly.dll [2023-06-27] (DESlock Limited -> DESlock Limited)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-03-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-03-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-15] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-04-07 21:06 - 2024-04-07 21:06 - 005855744 _____ (ESET, spol. s r.o. -> ESET) [File not signed] C:\Program Files\ESET\ESET Security\Modules\em045_64\1087\em045_64.dll
2024-02-22 09:58 - 2024-02-22 09:58 - 003160576 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\buttonB\Downloads\ChromeSetup.exe:MBAM.Zone.Identifier [406]
AlternateDataStreams: C:\Users\buttonB\Downloads\OfficeSetup.exe:MBAM.Zone.Identifier [350]
AlternateDataStreams: C:\Users\buttonB\Downloads\revosetup.exe:MBAM.Zone.Identifier [141]
AlternateDataStreams: C:\Users\buttonB\Downloads\RevoUninProSetup.exe:MBAM.Zone.Identifier [148]
AlternateDataStreams: C:\Users\buttonB\Downloads\screen-recorder_11711748292072394001.exe:MBAM.Zone.Identifier [163]
AlternateDataStreams: C:\Users\buttonB\Downloads\ScreenRec_webinstall_all.exe:MBAM.Zone.Identifier [147]
AlternateDataStreams: C:\Users\buttonB\Downloads\vlc-3.0.20-win32.exe:MBAM.Zone.Identifier [112]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-332997564-2752265082-2101897690-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lg.com
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lg.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-03-28] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-06 22:24 - 2024-04-07 22:23 - 000000762 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-332997564-2752265082-2101897690-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\buttonB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\LG\LG_WallPaper1.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BA0F089C8D8F331B1757CC133895E491"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "A4PCSetup"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "Delete Cached Standalone Update Binary"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "Delete Cached Update Binary"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "Uninstall 23.054.0313.0001"
HKU\S-1-5-21-332997564-2752265082-2101897690-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-332997564-2752265082-2101897690-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B5B535DA4A55F5AEE85A6C9113CA0F26"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CEC778CD-BBE4-48FD-9922-C453BFCF534D}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{1D12A2E4-4346-4BE8-8449-FDF1C8E6FDB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C57A2436-D91D-4840-A5C8-4957B49185B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5D59F94D-21D5-4D7A-B7FA-3F8938B1022F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{888151A7-AD37-4B8D-BD23-2765B74CF4F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2DA033B8-BF80-42F8-BEF2-3B6DB58D808A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A3C964F0-9492-497F-894C-94709B14B91C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2A0586AD-71B3-428D-9EB1-F530283D0210}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{62B88749-B071-41DA-A2BA-FA98D77DB0B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C904735B-F6FB-4BB7-B822-BFE190EF9620}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{01F050B2-4266-46E5-9D6D-FCB0510CBA60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Mirametrix Virtual Camera
Description: Mirametrix Virtual Camera
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: (Standard system devices)
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (04/12/2024 12:36:06 PM) (Source: DCOM) (EventID: 10000) (User: BUTTON)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/12/2024 12:34:57 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {bc5fa5a4-301a-4e96-a249-80631d9f60cf}, had event 74

Error: (04/12/2024 01:52:05 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (04/12/2024 01:51:55 AM) (Source: DCOM) (EventID: 10010) (User: BUTTON)
Description: The server {C82192EE-6CB5-4BC0-9EF0-FB818773790A} did not register with DCOM within the required timeout.

Error: (04/12/2024 01:37:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/12/2024 01:37:20 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {bc5fa5a4-301a-4e96-a249-80631d9f60cf}, had event 74

Error: (04/11/2024 10:54:48 PM) (Source: DCOM) (EventID: 10000) (User: BUTTON)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/11/2024 10:51:30 PM) (Source: DCOM) (EventID: 10000) (User: BUTTON)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}


Windows Defender:
================
Date: 2024-03-15 11:49:49
Description:
Controlled Folder Access blocked C:\Windows\System32\SrTasks.exe from making changes to memory.
Detection time: 2024-03-15T18:49:49.392Z
Path: \Device\HarddiskVolumeShadowCopy11
Process Name: C:\Windows\System32\SrTasks.exe
Security intelligence Version: 1.407.451.0
Engine Version: 1.1.24020.9
Product Version: 4.18.24020.7
 

Date: 2024-03-15 11:49:34
Description:
Controlled Folder Access blocked C:\Windows\System32\msiexec.exe from making changes to memory.
Detection time: 2024-03-15T18:49:34.227Z
Path: \Device\HarddiskVolume3
Process Name: C:\Windows\System32\msiexec.exe
Security intelligence Version: 1.407.451.0
Engine Version: 1.1.24020.9
Product Version: 4.18.24020.7
 

Date: 2024-03-13 19:53:57
Description:
Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making changes to memory.
Detection time: 2024-03-14T02:53:57.099Z
Path: \Device\HarddiskVolume3
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.407.407.0
Engine Version: 1.1.24020.9
Product Version: 4.18.24020.7
 

Date: 2024-03-13 17:11:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-01 12:06:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2024-03-28 13:50:20
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-28 13:44:10
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-28 13:43:24
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-28 13:36:10
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-28 13:33:01
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===============
Date: 2024-04-12 16:35:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. GP126 08/08/2022
Motherboard: LG Electronics 16T90Q
Processor: 12th Gen Intel® Core™ i7-1260P
Percentage of memory in use: 44%
Total physical RAM: 16125.01 MB
Available physical RAM: 9013.2 MB
Total Virtual: 17149.01 MB
Available Virtual: 8104.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.67 GB) (Free:48.4 GB) (Model: SAMSUNG MZVL2512HCJQ-00B00) NTFS

\\?\Volume{312dedad-ced3-468d-9b85-3df14f3000ff}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.36 GB) NTFS
\\?\Volume{48234d34-05c3-4a14-9a40-6d97cc84461e}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 35F70A74)

Partition: GPT.

==================== End of Addition.txt =======================


#26 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 12 April 2024 - 07:11 PM

Hi Gary,

 

I don't know much about reading these reports. I was wondering about a few item:

Why does it say I have 7 One Drives?

Why does Spotify have firewall rules? I don't use Spotify.

Why do I have 7 Tcpip interfaces?

Thank you


#27 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:22 AM

Posted 14 April 2024 - 07:49 AM

Sorry for the delay but hopefully this helps.

Why does it say I have 7 One Drives?

You don't actually have 7 OneDrives. What is listed are the number of ShellIconOverlaIdentifiers for OneDrive. There are 7 different OneDrive icons available depending on the status of OneDrive. Here is an explanation for each of the 7.

-----

Why does Spotify have firewall rules? I don't use Spotify.
 

Packages:
=========
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-11] (Spotify AB) [Startup Task]

See Spotify Is Installing Itself on Some Windows PCs

-----

Why do I have 7 Tcpip interfaces?

That type of list is normal. It is a history of IP addresses assigned to your computer. We can reset it if you'd like but all the addresses are legitimate.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#28 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 14 April 2024 - 10:32 PM

I appreciate the time you take to help me and everyone on this site. However long it takes you to response is fine with me.

 

That makes sense, Gary.

Thank you for the explanation.

 

Is there anything in the scans of concern?


#29 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,410 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:03:22 AM

Posted 15 April 2024 - 08:20 AM

My pleasure.

Things look good.

I think we are all set. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#30 FluffyPup

FluffyPup
  • Topic Starter

  • Avatar image
  • Members
  • 236 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:05:22 AM

Posted 15 April 2024 - 11:00 PM

I think my computer is running well, without any interference. I do appreciate you service.
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·