Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93092 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Weird behavior on my pc

Started by ba_jets , Jan 29 2024 04:05 PM
Malware Virus

  • Please log in to reply
No replies to this topic

#1 ba_jets

ba_jets

    New Member

  • New Member
  • Pip
  • 3 posts
  • Interests:Fantasy sports, politics, family

Posted 29 January 2024 - 04:05 PM

I must explain what is happening with my pc. Recently the Outlook email has started not loading some emails. I had my new lease agreement e-mailed to me and it won't show up after three attempts. Other important e-mails also are not going through to me. This has occurred while using my regular e-mail account which is bart2201@hotmail.com. The What the Tech site also would not load up when using that account so I had to use my back-up of ba_jets@gmail.com to initiate these responses. Also when using the hotmail account if I deleted the junk files it would no longer load any new junk files, I had to delete the Outlook app and re-install it to get new mail to show up. I could not get the downloads folder to show up when using the search box. I hope this explanation helps you to understand what is going on. Here are the copies of the two logs from FRST64

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2024 01
Ran by bart2 (administrator) on ARTADI-DESKTOP (Hewlett-Packard HP ProDesk 600 G1 TWR) (29-01-2024 13:38:32)
Running from C:\Users\bart2\OneDrive\Desktop\FRST64.exe
Loaded Profiles: bart2
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3930 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Driver Support One\DSOne.exe ->) (Driver Support -> Asurvio LP) C:\Program Files (x86)\Driver Support One\DSOneWD.exe
(C:\Program Files (x86)\Driver Support One\DSOne.exe ->) (Driver Support -> The CefSharp Authors) C:\Program Files (x86)\Driver Support One\CefSharp.BrowserSubprocess.exe <3>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Users\bart2\AppData\Local\Programs\Messenger\Messenger.exe ->) (Facebook, Inc. -> ) C:\Users\bart2\AppData\Local\Programs\Messenger\CrashpadHandlerWindows.exe
(explorer.exe ->) (Facebook, Inc. -> Meta Platforms, Inc.) C:\Users\bart2\AppData\Local\Programs\Messenger\Messenger.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2311.21001.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lunar Software Inc. -> Winning Poker Network, Inc.) C:\ACR Poker\ACRPoker.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\sshd.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Driver Support -> Asurvio LP) C:\Program Files (x86)\Driver Support One\DSOne.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9240512 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492928 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2595344 2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\Run: [com.messenger] => "C:\Users\bart2\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\Run: [MicrosoftEdgeAutoLaunch_EF21C153D9F0942689A79B1E643B1959] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3788224 2024-01-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2708210131-3929859599-577565344-1005\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2595344 2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.225\Installer\chrmstp.exe [2024-01-18] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {675E48BE-352C-48BC-AE70-29927C6EE2A7} - System32\Tasks\Driver Support One Agent => C:\Program Files (x86)\Driver Support One\DSOne.exe [1153536 2023-09-21] (Driver Support -> Asurvio LP) <==== ATTENTION
Task: {A6B5CE89-D239-4F68-A373-3D6D11CCDD77} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-05] () [File not signed] -> 
Task: {9FE81CB2-ECE6-43FE-A5B4-496CD789259A} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-05] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {D15E165D-50E7-4DD5-9562-2C90FD1D7B70} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem122.0.6253.8{2720C90A-F528-4DBC-9E45-795D411CB9D3} => C:\Program Files (x86)\Google\GoogleUpdater\122.0.6253.8\updater.exe [4657440 2024-01-25] (Google LLC -> Google LLC) <==== ATTENTION
Task: {FBF9CC3F-42E4-4936-BC99-4E501CC5D190} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2708210131-3929859599-577565344-1003 => C:\Users\bart2\AppData\Local\Programs\Messenger\MessengerHelper.exe [2245368 2024-01-04] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {DC84E306-7CEC-43D0-84B9-14D4052479F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1351CF3-3A29-4342-ADBB-D6032B7C2E7B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C6277F46-7A3A-40DA-9F30-3CB3169C8F9C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218048 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A83B4EE5-C600-4D78-AA3D-0E799BE69EEA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218048 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B44CEAA0-9BCF-42F0-838F-52CB2102BA55} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8CA927E-6D5F-4B95-A0DB-E203AB7E5D7C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2708210131-3929859599-577565344-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1BCEF23-4E54-464D-824F-634DF19DEC9B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2708210131-3929859599-577565344-1005 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {137A4788-325E-4A65-948B-B21C7356B13E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2708210131-3929859599-577565344-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)
Task: {A392E08E-12F5-425D-977A-BF06F7397F3A} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2708210131-3929859599-577565344-1003 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\Windows\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{ed34fed8-0652-46f9-86e8-72b7c47cab5c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{ed34fed8-0652-46f9-86e8-72b7c47cab5c}: [DhcpDomain] hsd1.ca.comcast.net
 
Edge: 
=======
Edge Profile: C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-29]
Edge Notifications: Default -> hxxps://nypost.com
Edge HomePage: Default -> hxxp://www.google.com/
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2023-12-13]
Edge Extension: (DuckDuckGo) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2023-12-11]
Edge Extension: (HTTPS Everywhere) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2022-08-27]
Edge Extension: (Google Docs Offline) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-25]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-01-24]
Edge Extension: (Amazon Assistant) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2023-03-29]
Edge Extension: (WOT Website Security & Privacy Protection) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iiclaphjclecagpkkaacljnpcppnoibi [2022-11-25]
Edge Extension: (Edge relevant text changes) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Microsoft Outlook) - C:\Users\bart2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kkpalkknhlklpbflpcpkepmmbnmfailf [2022-08-27]
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default [2024-01-29]
CHR Notifications: Default -> hxxps://10.signupconfirmed.com; hxxps://20.signupconfirmed.com; hxxps://21.signupconfirmed.com; hxxps://29.signupconfirmed.com; hxxps://app.prizepicks.com; hxxps://benefits.holidayrelief.com; hxxps://brainable.com; hxxps://bucswire.usatoday.com; hxxps://coltswire.usatoday.com; hxxps://constative.com; hxxps://decider.com; hxxps://draftwire.usatoday.com; hxxps://excellenttown.com; hxxps://financebuzz.com; hxxps://jetsxfactor.com; hxxps://lawandcrime.com; hxxps://mission-statement.com; hxxps://ninernoise.com; hxxps://nypost.com; hxxps://outlook.live.com; hxxps://pagesix.com; hxxps://pokerfreerollpasswords.com; hxxps://repairit.wondershare.com; hxxps://sportsnaut.com; hxxps://touchdownwire.usatoday.com; hxxps://twitter.com; hxxps://uidhealth.com; hxxps://vgnpoker.os.tc; hxxps://www.abc10.com; hxxps://www.alternet.org; hxxps://www.americascardroom.eu; hxxps://www.arcamax.com; hxxps://www.bestreviews.guide; hxxps://www.cabletv.com; hxxps://www.draftkings.com; hxxps://www.facebook.com; hxxps://www.familyandpets.com; hxxps://www.fantasyalarm.com; hxxps://www.fastbackgroundcheck.com; hxxps://www.instagram.com; hxxps://www.intelius.com; hxxps://www.kcra.com; hxxps://www.mercurynews.com; hxxps://www.netflix.com; hxxps://www.newsweek.com; hxxps://www.newyorkjets.com; hxxps://www.nfl.com; hxxps://www.nydailynews.com; hxxps://www.paramountplus.com; hxxps://www.phonearena.com; hxxps://www.pinchme.com; hxxps://www.pulsz.com; hxxps://www.pulszbingo.com; hxxps://www.quora.com; hxxps://www.ranker.com; hxxps://www.rawstory.com; hxxps://www.reddit.com; hxxps://www.rotoballer.com; hxxps://www.si.com; hxxps://www.speedcube.us; hxxps://www.sportingnews.com; hxxps://www.sportskeeda.com; hxxps://www.thedailybeast.com; hxxps://www.thrivefantasy.com; hxxps://www.trueclassictees.com; hxxps://www.truthfinder.com; hxxps://www.usphonebook.com; hxxps://www.wps.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E210US91088G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Best Free Maps) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlielhlgedcjnbkilihjhoheammcbgm [2022-08-27]
CHR Extension: (WOT: Website Security & Safety Checker) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2024-01-10]
CHR Extension: (DuckDuckGo) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-12-13]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-01-10]
CHR Extension: (WiseGhost) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoclijfghiglinncpceohgaigfgnlbim [2023-08-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2022-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-20]
CHR Extension: (APK Downloader) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\glngapejbnmnicniccdcemghaoaopdji [2024-01-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-01-27]
CHR Extension: (Asterisk of Shame) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdhcpjgmmboblpbfnkfcbcpeocmeabb [2022-08-27]
CHR Extension: (Google Play) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2022-08-27]
CHR Extension: (Free Spell Checker for Google Chrome™) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgdcokhgjdpghmhdkbolccfcfdbklpo [2022-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-27]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\bart2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2023-05-01]
CHR Profile: C:\Users\bart2\AppData\Local\Google\Chrome\User Data\System Profile [2022-09-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106952 2015-12-17] (Andrea Electronics -> Andrea Electronics Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13777080 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncHelper.exe [3514384 2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
S2 GoogleUpdaterInternalService122.0.6253.8; C:\Program Files (x86)\Google\GoogleUpdater\122.0.6253.8\updater.exe [4657440 2024-01-25] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService122.0.6253.8; C:\Program Files (x86)\Google\GoogleUpdater\122.0.6253.8\updater.exe [4657440 2024-01-25] (Google LLC -> Google LLC) <==== ATTENTION
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-27] (Malwarebytes Inc. -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [914160 2024-01-24] (McAfee, LLC -> McAfee, LLC)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\OneDriveUpdaterService.exe [3851280 2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2021-10-06] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [154112 2021-10-06] (Microsoft Corporation) [File not signed]
R3 cpuz153; C:\Windows\temp\cpuz153\cpuz153_x64.sys [36864 2024-01-20] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-09-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 JitDriver; C:\Windows\system32\drivers\JitDriver.sys [48160 2023-10-03] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-09-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2024-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-01-27] (Malwarebytes Inc. -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-01-29 13:38 - 2024-01-29 13:39 - 000024009 _____ C:\Users\bart2\OneDrive\Desktop\FRST.txt
2024-01-29 13:38 - 2024-01-29 13:38 - 000000000 ____D C:\FRST
2024-01-29 13:35 - 2024-01-29 13:37 - 002389504 _____ (Farbar) C:\Users\bart2\OneDrive\Desktop\FRST64.exe
2024-01-29 13:15 - 2024-01-29 13:15 - 002389504 _____ (Farbar) C:\Users\bart2\Downloads\FRST64.exe
2024-01-27 03:41 - 2024-01-27 03:41 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-01-26 17:59 - 2024-01-26 17:59 - 000045150 _____ C:\Users\bart2\Downloads\LExp_882970_0 (4).pdf
2024-01-25 17:09 - 2024-01-25 17:09 - 000045150 _____ C:\Users\bart2\Downloads\LExp_882970_0 (3).pdf
2024-01-25 16:59 - 2024-01-25 16:59 - 000045150 _____ C:\Users\bart2\Downloads\LExp_882970_0 (2).pdf
2024-01-25 16:58 - 2024-01-25 16:58 - 000046094 _____ C:\Users\bart2\Downloads\LExp_882970_0 (1).pdf
2024-01-22 10:09 - 2024-01-22 10:09 - 000000662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACR Poker.lnk
2024-01-21 19:51 - 2024-01-23 14:51 - 000000000 ____D C:\Users\bart2\AppData\Local\SaraResults
2024-01-21 19:46 - 2024-01-21 19:46 - 000000000 ____D C:\Users\bart2\AppData\Local\IsolatedStorage
2024-01-21 19:45 - 2024-01-23 18:51 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Microsoft\OffCAT
2024-01-21 19:41 - 2024-01-21 19:51 - 000000000 ____D C:\Users\bart2\AppData\Local\SaRALogs
2024-01-21 19:41 - 2024-01-21 19:41 - 000000520 _____ C:\Users\bart2\OneDrive\Desktop\Microsoft Support and Recovery Assistant.appref-ms
2024-01-21 19:41 - 2024-01-21 19:41 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2024-01-21 19:40 - 2024-01-24 15:39 - 000000000 ____D C:\Users\bart2\AppData\Local\Deployment
2024-01-21 19:40 - 2024-01-21 19:40 - 000000000 ____D C:\Users\bart2\AppData\Local\Apps\2.0
2024-01-18 12:37 - 2024-01-18 12:37 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
2024-01-17 14:21 - 2024-01-26 17:00 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-01-17 14:20 - 2024-01-17 14:21 - 000000000 ____D C:\Users\bart2\AppData\Local\SquirrelTemp
2024-01-17 14:20 - 2024-01-17 14:20 - 096195360 _____ (Discord Inc.) C:\Users\bart2\Downloads\DiscordSetup.exe
2024-01-09 19:07 - 2024-01-09 19:10 - 000000000 ___HD C:\$WinREAgent
2024-01-03 20:10 - 2024-01-03 20:10 - 000038843 _____ C:\Users\bart2\Downloads\social-security-statement.pdf
2024-01-03 19:54 - 2024-01-03 19:54 - 000030794 _____ C:\Users\bart2\Downloads\Google Passwords.csv
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-01-29 13:38 - 2023-07-25 11:35 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Messenger
2024-01-29 13:38 - 2023-07-25 11:34 - 000000000 ____D C:\Users\bart2\AppData\Local\Messenger
2024-01-29 13:34 - 2022-10-08 15:27 - 000000000 ____D C:\Users\bart2\AppData\Local\CrashDumps
2024-01-29 13:33 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-29 12:40 - 2023-04-02 14:39 - 000003328 _____ C:\Windows\system32\Tasks\GeoComply Service Check
2024-01-29 11:02 - 2021-11-25 12:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-01-29 03:42 - 2023-05-08 22:11 - 000000000 ____D C:\Users\bart2\AppData\Local\Malwarebytes
2024-01-29 00:00 - 2023-08-10 13:17 - 000000000 ____D C:\Program Files (x86)\Driver Support One
2024-01-28 11:22 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2024-01-27 13:55 - 2022-08-27 18:33 - 000000000 ____D C:\Windows\SystemTemp
2024-01-27 06:13 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-27 03:41 - 2022-09-04 10:20 - 000239576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2024-01-27 02:28 - 2021-11-25 12:34 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-25 10:03 - 2022-08-28 17:48 - 000000000 ____D C:\Users\bart2\AppData\Roaming\Loading
2024-01-22 10:09 - 2023-10-14 18:04 - 000000000 ____D C:\ACR Poker
2024-01-20 05:39 - 2021-11-25 12:44 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI
2024-01-20 05:39 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2024-01-20 05:34 - 2022-08-27 12:40 - 000000000 ___RD C:\Users\bart2\OneDrive
2024-01-20 05:34 - 2022-08-27 12:39 - 000000000 __SHD C:\Users\bart2\IntelGraphicsProfiles
2024-01-20 05:34 - 2022-08-27 12:20 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-01-20 05:34 - 2021-11-25 12:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-01-20 05:34 - 2021-11-25 12:33 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-20 05:34 - 2021-10-06 05:57 - 000000000 ____D C:\ProgramData\ssh
2024-01-20 05:33 - 2019-12-07 01:03 - 000786432 _____ C:\Windows\system32\config\BBI
2024-01-18 22:49 - 2022-08-27 13:31 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-18 12:37 - 2022-08-27 13:31 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-12 18:42 - 2021-11-25 12:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-01-12 00:58 - 2021-11-30 12:16 - 000918944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2024-01-10 12:28 - 2023-07-25 11:35 - 000002331 _____ C:\Users\bart2\OneDrive\Desktop\Messenger.lnk
2024-01-10 00:47 - 2021-11-25 12:33 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2024-01-10 00:47 - 2019-12-07 01:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-01-10 00:47 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-01-10 00:47 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemResources
2024-01-10 00:47 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\setup
2024-01-10 00:47 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-01-10 00:47 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\bcastdvr
2024-01-10 00:46 - 2023-01-10 17:13 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-01-09 21:34 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2024-01-09 19:09 - 2023-10-11 00:01 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-01-09 18:35 - 2021-11-30 12:15 - 000000000 ____D C:\Windows\system32\MRT
2024-01-09 18:33 - 2021-11-30 12:15 - 189718008 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-01-06 11:34 - 2023-12-24 19:45 - 000000751 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmericasCardroom.lnk
2024-01-06 11:34 - 2022-08-28 17:48 - 000000000 ____D C:\AmericasCardroom
 
==================== Files in the root of some directories ========
 
2023-04-02 14:40 - 2023-04-02 14:40 - 000000064 _____ () C:\Users\bart2\AppData\Roaming\changzhi_leidian.data
2022-08-27 15:50 - 2022-08-27 15:50 - 000007597 _____ () C:\Users\bart2\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2024 01
Ran by bart2 (29-01-2024 13:39:23)
Running from C:\Users\bart2\OneDrive\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.3930 (X64) (2022-08-27 20:20:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2708210131-3929859599-577565344-500 - Administrator - Disabled)
bart2 (S-1-5-21-2708210131-3929859599-577565344-1003 - Administrator - Enabled) => C:\Users\bart2
DefaultAccount (S-1-5-21-2708210131-3929859599-577565344-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-2708210131-3929859599-577565344-1005 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-2708210131-3929859599-577565344-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2708210131-3929859599-577565344-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACR Poker version 1.21.61 (HKLM-x32\...\{1A17EB4E-3E9C-4611-B8B5-31C0A00A1F69}_is1) (Version: 1.21.61 - Winning Poker Network, Inc.)
AmericasCardroom version 1.21.61 (HKLM-x32\...\{1B17EB4E-3E9C-4611-B8B5-31C0A00A1F68}_is1) (Version: 1.21.61 - Winning Poker Network, Inc.)
Best of Slots II (HKLM-x32\...\Best of Slots II) (Version:  - )
Driver Support One (HKLM-x32\...\DSOne) (Version: 2.7.8662.30535 - Driver Support) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.225 - Google LLC)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Masque IGT Slots Little Green Men (HKLM-x32\...\{A54F806B-A2E1-4794-A7FE-365167EC67CB}) (Version: 1.0.3 - Masque Publishing)
Messenger (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 202.0.552992785 - Facebook, Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17126.20132 - Microsoft Corporation)
Microsoft 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.17126.20132 - Microsoft Corporation)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.17126.20132 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.83 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.144 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-2708210131-3929859599-577565344-1003\...\4336df8a13b91f17) (Version: 17.1.987.16 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8328 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.4 - VS Revo Group, Ltd.)
Stellar Repair for Outlook (HKLM\...\Stellar Repair for Outlook_is1) (Version: 12.1.0.0 - Stellar Information Technology Pvt. Ltd.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.861 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
APK 安装程序 -> C:\Program Files\WindowsApps\18184wherewhere.AndroidAppInstaller_0.1.25.0_x64__4v4sx105x6y4r [2023-07-29] (wherewhere)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2311.21001.0_x64__8wekyb3d8bbwe [2024-01-05] (Microsoft Corporation) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-04-23] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-05] (Microsoft Studios) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-02] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-01-22 10:09 - 2023-10-13 05:21 - 002574336 _____ () [File not signed] C:\ACR Poker\ffmpeg.dll
2024-01-22 10:09 - 2023-10-13 05:21 - 000379392 _____ () [File not signed] C:\ACR Poker\libegl.dll
2024-01-22 10:09 - 2023-10-13 05:21 - 006585344 _____ () [File not signed] C:\ACR Poker\libglesv2.dll
2024-01-22 10:09 - 2023-10-13 05:21 - 004512256 _____ () [File not signed] C:\ACR Poker\vk_swiftshader.dll
2021-11-25 12:49 - 2021-11-25 12:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2021-11-25 12:49 - 2021-11-25 12:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2023-09-21 07:22 - 2023-09-21 07:22 - 001564160 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Driver Support One\SQLite.Interop.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\bart2\OneDrive\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\bart2\Downloads\revosetup.exe:MBAM.Zone.Identifier [141]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2708210131-3929859599-577565344-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\bart2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2708210131-3929859599-577565344-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6382fb7b-7e25-4ad6-89ac-c4dcaa5c202c}] => (Allow) C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe => No File
FirewallRules: [{E5A7970C-4AEF-4F9B-B67B-4BCEAE22CEED}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{59133EA9-C3D6-445D-B812-9A1C803D3A62}C:\acr poker\acrpoker.exe] => (Allow) C:\acr poker\acrpoker.exe (Lunar Software Inc. -> Winning Poker Network, Inc.)
FirewallRules: [UDP Query User{3DB75DD6-B4A0-4DDE-81D2-DAB4EEA9EB91}C:\acr poker\acrpoker.exe] => (Allow) C:\acr poker\acrpoker.exe (Lunar Software Inc. -> Winning Poker Network, Inc.)
FirewallRules: [{D02C0038-D702-4B58-BF61-97E59924117F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{7B7F1130-7936-4F5C-A251-A53035886345}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{CB274932-7514-428F-B02C-D0BC507167F7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B5EBBF64-D930-4EBD-BDFA-5EF3778FA5DF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E8AEED07-F4D3-4950-AB9B-2D27EEB623CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{741B3716-386D-4070-92FB-358103D18A75}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E93B98D3-EADF-4B20-9318-91FB07368304}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BD56BAF6-1494-420E-9C13-AA48751FEB53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.111.3607.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
23-01-2024 12:42:43 Scheduled Checkpoint
26-01-2024 16:55:18 Revo Uninstaller's restore point - ShootersPool 1.10.2
26-01-2024 16:58:54 Revo Uninstaller's restore point - Discord
 
==================== Faulty Device Manager Devices ============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (01/29/2024 01:34:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3758, time stamp: 0x972c624b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3930, time stamp: 0x9141f979
Exception code: 0xc000027b
Fault offset: 0x000000000012db22
Faulting process id: 0x3668
Faulting application start time: 0x01da52fae5ffc949
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 24de2442-753a-42b8-ade7-1bcf05c34d7a
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/29/2024 01:34:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3758, time stamp: 0x972c624b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3930, time stamp: 0x9141f979
Exception code: 0xc000027b
Fault offset: 0x000000000012db22
Faulting process id: 0x2f88
Faulting application start time: 0x01da52fadfa03617
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: db3068ae-1781-4f77-9ceb-85a4200823c4
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/29/2024 01:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3758, time stamp: 0x972c624b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3930, time stamp: 0x9141f979
Exception code: 0xc000027b
Fault offset: 0x000000000012db22
Faulting process id: 0x28f4
Faulting application start time: 0x01da52fad9324ba2
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: df4c1487-33c5-4c9e-8b16-53c15b380765
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/29/2024 01:33:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3758, time stamp: 0x972c624b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3930, time stamp: 0x9141f979
Exception code: 0xc000027b
Fault offset: 0x000000000012db22
Faulting process id: 0x30fc
Faulting application start time: 0x01da52fad2db9200
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 079fb234-ee9b-4d13-b1b0-12aa638e9e2d
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/29/2024 01:33:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3758, time stamp: 0x972c624b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3930, time stamp: 0x9141f979
Exception code: 0xc000027b
Fault offset: 0x000000000012db22
Faulting process id: 0x13c8
Faulting application start time: 0x01da52facca14a28
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 2e444aed-b7b4-4d4c-aa4f-45f36b644c38
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/29/2024 01:33:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3758, time stamp: 0x972c624b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3930, time stamp: 0x9141f979
Exception code: 0xc000027b
Fault offset: 0x000000000012db22
Faulting process id: 0x4474
Faulting application start time: 0x01da52fac68662e8
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 04726b36-4e9a-4b64-8084-0ccfa344e944
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/29/2024 01:33:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3758, time stamp: 0x972c624b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3930, time stamp: 0x9141f979
Exception code: 0xc000027b
Fault offset: 0x000000000012db22
Faulting process id: 0x3db0
Faulting application start time: 0x01da52fac07ac614
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 5390cef2-38a7-4fa4-ac22-8ec3a96e8366
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (01/29/2024 01:33:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.3758, time stamp: 0x972c624b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3930, time stamp: 0x9141f979
Exception code: 0xc000027b
Fault offset: 0x000000000012db22
Faulting process id: 0x18f0
Faulting application start time: 0x01da52fab9ed92a5
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: ac4fdc0b-0e18-4dc8-ba9c-bfede1603044
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
 
System errors:
=============
Error: (01/28/2024 11:22:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
 
Error: (01/27/2024 06:13:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
 
Error: (01/25/2024 08:49:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00.
 
Error: (01/23/2024 09:47:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
 
Error: (01/22/2024 07:54:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
 
Error: (01/20/2024 05:33:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The OpenSSH SSH Server service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/14/2024 12:54:25 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (01/10/2024 12:47:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The com.geocomply.vm-detector-microservice service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
================
Date: 2024-01-23 11:26:08
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-01-22 11:38:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-01-21 10:57:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-01-19 10:47:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-01-17 10:16:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2024-01-29 13:35:36
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard L01 v02.70 10/04/2016
Motherboard: Hewlett-Packard 18E7
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 46%
Total physical RAM: 16274.3 MB
Available physical RAM: 8746.13 MB
Total Virtual: 18706.3 MB
Available Virtual: 7659.53 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:167.36 GB) (Free:98.69 GB) (Model: INTEL SSDSC2BF180A5L) NTFS
Drive d: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1862.8 GB) (Model: Hitachi HUA722020ALA331) NTFS
 
\\?\Volume{2700494b-16d9-4311-a0fa-76e8c2310e52}\ () (Fixed) (Total:0.19 GB) (Free:0.17 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 167.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 2A239D93)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Malware, Virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·