Freez
Solved
Dan6712
Posted messages
13
Status
Member
-
billmaxime Posted messages 50522 Registration date Status Contributor Last intervention -
billmaxime Posted messages 50522 Registration date Status Contributor Last intervention -
Hello,
My HP Pavilion PC is running, but after an indefinite amount of time, it freezes and the fan starts running at full speed. This morning I was on Excel and suddenly it froze.
I ran a memory test and a CPU test, and no errors were found. I don’t know where the issue is coming from. If someone can help me.
It’s an HP desktop, but it’s small like a laptop inside and has a triangular shape.
My HP Pavilion PC is running, but after an indefinite amount of time, it freezes and the fan starts running at full speed. This morning I was on Excel and suddenly it froze.
I ran a memory test and a CPU test, and no errors were found. I don’t know where the issue is coming from. If someone can help me.
It’s an HP desktop, but it’s small like a laptop inside and has a triangular shape.
12 answers
hi
to see what's running on your PC, do this and post the reports
download FRST from (Fabar) to your desktop --> click here
PS: choose the one that corresponds to your PC (32 or 64 bits) --> click here
run it as an administrator (right-click)
at the end of the scan, the FRST and ADDITION reports will appear on your desktop and in C:\FRST\LOG
post the reports via cjoint --> click here
@+
--
the radiation level is higher at the employment office than at Chernobyl
to see what's running on your PC, do this and post the reports
download FRST from (Fabar) to your desktop --> click here
PS: choose the one that corresponds to your PC (32 or 64 bits) --> click here
run it as an administrator (right-click)
at the end of the scan, the FRST and ADDITION reports will appear on your desktop and in C:\FRST\LOG
post the reports via cjoint --> click here
@+
--
the radiation level is higher at the employment office than at Chernobyl
Hello
https://www.cjoint.com/doc/21_11/KKyifSwZPie_Addition.txt
https://www.cjoint.com/doc/21_11/KKyikt8Fsre_FRST.txt
Attached is the link to the results from the link you sent me
Best regards, Dan
PS the PC has been on for 8 hours and hasn't crashed yet, so it's really random
https://www.cjoint.com/doc/21_11/KKyifSwZPie_Addition.txt
https://www.cjoint.com/doc/21_11/KKyikt8Fsre_FRST.txt
Attached is the link to the results from the link you sent me
Best regards, Dan
PS the PC has been on for 8 hours and hasn't crashed yet, so it's really random
hi
trying to crack games is not a good idea because you infect your computer
do this in the order indicated:
1) uninstall this via programs and features in the control panel:
C:\Games\Forza Horizon 5\ForzaHorizon5.exe
C:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe
2) are you using DAEMON Tools?
if not, uninstall it via programs and features in the control panel
3) with Ubisoft products, there are mixed results:
anno 1800
are you using it or not?
if not, uninstall it via programs and features in the control panel
4) you have an issue with Office, is it an activated version or not?
Error: (11/18/2021 03:01:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context creation failed for « C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest ». Manifest or policy file error « C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL » at line 1.
The component identity found in the manifest does not match the requested component.
The reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
The definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe for detailed diagnosis.
5) open FRST
copy all the text below: (from Start:: to End::)
when the script is copied, click on fix in FRST
let the fix be done with FRST and restart the computer when prompted
when the computer has restarted, you will have a FIXLOG file on the desktop, post it by copying it into your reply
6) run a scan with Malwarebytes, and post the report after quarantining and deleting detected items --> click here
7) when all operations are completed, delete the FRST and ADDITION folders in downloads
put FRST on your desktop from the "downloads" directory
run a scan with FRST again, and post the reports
if you have any questions...
@+
--
the radiation level is higher at the unemployment office than at Chernobyl
trying to crack games is not a good idea because you infect your computer
do this in the order indicated:
1) uninstall this via programs and features in the control panel:
C:\Games\Forza Horizon 5\ForzaHorizon5.exe
C:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe
2) are you using DAEMON Tools?
if not, uninstall it via programs and features in the control panel
3) with Ubisoft products, there are mixed results:
anno 1800
are you using it or not?
if not, uninstall it via programs and features in the control panel
4) you have an issue with Office, is it an activated version or not?
Error: (11/18/2021 03:01:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context creation failed for « C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest ». Manifest or policy file error « C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL » at line 1.
The component identity found in the manifest does not match the requested component.
The reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
The definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe for detailed diagnosis.
5) open FRST
copy all the text below: (from Start:: to End::)
Start:: CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION 2021-11-14 14:07 - 2021-11-14 14:07 - 000000000 ____D C:\ProgramData\McAfee 2021-11-14 13:53 - 2021-11-16 15:05 - 000000000 ____D C:\ProgramData\Avast Software FirewallRules: [{43A8277B-BCA8-4714-BDF3-082901AE3E7E}] => (Block) C:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe => No file FirewallRules: [{169423AC-011F-4383-B0B6-89CCA0BE349B}] => (Block) C:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe => No file RemoveProxy: Hosts: EmptyTemp: Reboot: End:: when the script is copied, click on fix in FRST
let the fix be done with FRST and restart the computer when prompted
when the computer has restarted, you will have a FIXLOG file on the desktop, post it by copying it into your reply
6) run a scan with Malwarebytes, and post the report after quarantining and deleting detected items --> click here
7) when all operations are completed, delete the FRST and ADDITION folders in downloads
put FRST on your desktop from the "downloads" directory
run a scan with FRST again, and post the reports
if you have any questions...
@+
--
the radiation level is higher at the unemployment office than at Chernobyl
Hello,
here is the report but when restarting at the page where Windows asks for the pin code it crashed....
so re-restart lol I just hope it's not a hardware issue
Results of Farbar Recovery Scan Tool (x64) Version: 24-11-2021
Executed by dan (25-11-2021 07:41:28) Run:1
Executed from C:\Users\danla\Downloads
Loaded profiles: dan
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
2021-11-14 14:07 - 2021-11-14 14:07 - 000000000 ____D C:\ProgramData\McAfee
2021-11-14 13:53 - 2021-11-16 15:05 - 000000000 ____D C:\ProgramData\Avast Software
FirewallRules: [{43A8277B-BCA8-4714-BDF3-082901AE3E7E}] => (Block) C:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe => No file
FirewallRules: [{169423AC-011F-4383-B0B6-89CCA0BE349B}] => (Block) C:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe => No file
RemoveProxy:
Hosts:
EmptyTemp:
Reboot:
The restore point was created successfully.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => deleted successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\Avast Software => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43A8277B-BCA8-4714-BDF3-082901AE3E7E}" => deleted successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{169423AC-011F-4383-B0B6-89CCA0BE349B}" => deleted successfully
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
"HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 100068072 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7449028 B
Edge => 0 B
Chrome => 458503628 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7278 B
NetworkService => 68874 B
danla => 753081610 B
RecycleBin => 0 B
EmptyTemp: => 1.2 GB of temporary data removed.
================================
The system had to restart.
here is the report but when restarting at the page where Windows asks for the pin code it crashed....
so re-restart lol I just hope it's not a hardware issue
Results of Farbar Recovery Scan Tool (x64) Version: 24-11-2021
Executed by dan (25-11-2021 07:41:28) Run:1
Executed from C:\Users\danla\Downloads
Loaded profiles: dan
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
2021-11-14 14:07 - 2021-11-14 14:07 - 000000000 ____D C:\ProgramData\McAfee
2021-11-14 13:53 - 2021-11-16 15:05 - 000000000 ____D C:\ProgramData\Avast Software
FirewallRules: [{43A8277B-BCA8-4714-BDF3-082901AE3E7E}] => (Block) C:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe => No file
FirewallRules: [{169423AC-011F-4383-B0B6-89CCA0BE349B}] => (Block) C:\Games\Forza Horizon 4\FH4\Microsoft.SunriseBaseGame_1.332.904.2_x64__8wekyb3d8bbwe.exe => No file
RemoveProxy:
Hosts:
EmptyTemp:
Reboot:
The restore point was created successfully.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => deleted successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\Avast Software => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43A8277B-BCA8-4714-BDF3-082901AE3E7E}" => deleted successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{169423AC-011F-4383-B0B6-89CCA0BE349B}" => deleted successfully
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
"HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 100068072 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7449028 B
Edge => 0 B
Chrome => 458503628 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7278 B
NetworkService => 68874 B
danla => 753081610 B
RecycleBin => 0 B
EmptyTemp: => 1.2 GB of temporary data removed.
================================
The system had to restart.
End of Fixlog 07:42:05
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/25/2021
Scan Duration: 08:24
Log File: c086c4e8-4dc0-11ec-9455-705a0f4396c2.json
-Software Information-
Version: 4.4.11.149
Component Version: 1.0.1513
Update Pack Version: 1.0.47632
License: Trial
-System Information-
Operating System: Windows 10 (Build 19043.1348)
Processor: x64
File System: NTFS
User: DESKTOP-O6662KD\dan
-Scan Summary-
Scan Type: Threat Scan
Scan Launched By: Manual
Result: Completed
Items Scanned: 277806
Threats Detected: 8
Threats Quarantined: 0
Time Elapsed: 2 min, 13 s
-Scan Options-
Memory: Enabled
Startup: Enabled
File System: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detection
PUM: Detection
-Scan Details-
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 6
PUP.Optional.Restoro, HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Restoro, No user action, 818, 551610, 1.0.47632, , ame, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No user action, 818, 551612, 1.0.47632, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No user action, 818, 551614, 1.0.47632, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, No user action, 818, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No user action, 818, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No user action, 818, 551619, 1.0.47632, , ame, , ,
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Streams: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 2
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No user action, 818, 551609, 1.0.47632, , ame, , DA2DC819F76C6E677C373A98CFA92655, 9431A76A6410E87FC143A6A5A72BCA21EEE9EDDA9CD7FBE5D7A38128C84CA620
PUP.Optional.BundleInstaller, C:\USERS\DANLA\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_46090.EXE, No user action, 514, 977807, 1.0.47632, , ame, , 316C70E0D79DBC9C1430AD49FF56BD6D, 628E54FD63A30DA509B1E6006639BFBB457C753D5E029CA0EDA32197B06EBB58
Physical Sectors: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
www.malwarebytes.com
-Log Details-
Scan Date: 11/25/2021
Scan Duration: 08:24
Log File: c086c4e8-4dc0-11ec-9455-705a0f4396c2.json
-Software Information-
Version: 4.4.11.149
Component Version: 1.0.1513
Update Pack Version: 1.0.47632
License: Trial
-System Information-
Operating System: Windows 10 (Build 19043.1348)
Processor: x64
File System: NTFS
User: DESKTOP-O6662KD\dan
-Scan Summary-
Scan Type: Threat Scan
Scan Launched By: Manual
Result: Completed
Items Scanned: 277806
Threats Detected: 8
Threats Quarantined: 0
Time Elapsed: 2 min, 13 s
-Scan Options-
Memory: Enabled
Startup: Enabled
File System: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detection
PUM: Detection
-Scan Details-
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 6
PUP.Optional.Restoro, HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Restoro, No user action, 818, 551610, 1.0.47632, , ame, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No user action, 818, 551612, 1.0.47632, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No user action, 818, 551614, 1.0.47632, , ame, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, No user action, 818, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No user action, 818, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No user action, 818, 551619, 1.0.47632, , ame, , ,
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Streams: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 2
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No user action, 818, 551609, 1.0.47632, , ame, , DA2DC819F76C6E677C373A98CFA92655, 9431A76A6410E87FC143A6A5A72BCA21EEE9EDDA9CD7FBE5D7A38128C84CA620
PUP.Optional.BundleInstaller, C:\USERS\DANLA\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_46090.EXE, No user action, 514, 977807, 1.0.47632, , ame, , 316C70E0D79DBC9C1430AD49FF56BD6D, 628E54FD63A30DA509B1E6006639BFBB457C753D5E029CA0EDA32197B06EBB58
Physical Sectors: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Scan report with FRST on the desktop
Results of the Additional Analysis by Farbar Recovery Scan Tool (x64) Version: 24-11-2021
Executed by dan (25-11-2021 08:32:34)
Executed from C:\Users\danla\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2021-11-11 07:52:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an item is included in the fixlist.txt file, it will be removed.)
Administrator (S-1-5-21-1945953897-2715794965-3388662925-500 - Administrator - Disabled)
dan (S-1-5-21-1945953897-2715794965-3388662925-1001 - Administrator - Enabled) => C:\Users\danla
DefaultAccount (S-1-5-21-1945953897-2715794965-3388662925-503 - Limited - Disabled)
Guest (S-1-5-21-1945953897-2715794965-3388662925-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1945953897-2715794965-3388662925-504 - Limited - Disabled)
==================== Security Center ========================
(If an item is included in the fixlist.txt file, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only 'adware' programs marked as 'Hidden' may be added to fixlist.txt to be unhidden. Adware programs will need to be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\...\uTorrent) (Version: 3.5.5.46096 - BitTorrent Inc.)
Anno 1800 (HKLM-x32\...\Anno 1800_is1) (Version: - )
Canon iR C1225 (HKLM\...\{4A1FEE0C-D415-4386-9897-91ED3C0BD4EA}) (Version: 5.3.0.0 - CANON INC.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 3.0.4 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 3.0.4.40070 - CANON INC.)
Windows PC Health Check (HKLM\...\{0150BDB3-AFFD-47A1-ADB8-DE06658EB3B2}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Euro Truck Simulator 2 (HKLM-x32\...\{36E2B2FE-7341-4361-B0C4-CB22B643C886}_is1) (Version: 1.41.1.25 - SCS Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.29 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - fr-fr (HKLM\...\ProPlus2019Retail - fr-fr) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8264 - Realtek Semiconductor Corp.)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Packages:
=========
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2021-11-19] (Canon Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-11] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-11] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless it is listed separately.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-11-11 14:59 - 2021-11-11 14:59 - 001655296 _____ (Microsoft Corporation) [Unsigned File] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
2021-11-11 14:59 - 2021-11-11 14:59 - 000052736 _____ (Microsoft Corporation) [Unsigned File] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_bc1d1e5b0be08790\MFC80FRA.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Associations (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts contents: =========================
(If necessary, the Hosts: command may be included in the fixlist.txt file to reset the hosts file.)
2019-12-07 10:14 - 2021-11-25 07:41 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other zones ===========================
(Currently, there are no automatic fixes for this section.)
HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\danla\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
The Firewall is enabled.
==================== MSCONFIG/TASK MANAGER Disabled Items ==
==================== FirewallRules (Whitelisted) ================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless it is listed separately.)
FirewallRules: [{7DE2BD43-29F0-4844-B7A6-3C647C568EE8}] => (Allow) C:\Users\danla\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DB69BACF-5359-499C-B0F3-CD248DFB2D29}] => (Allow) C:\Users\danla\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{681D5A5F-5A88-4F44-9D8B-6C80A5FC7D3D}C:\program files\game\anno 1800\bin\win64\anno1800.exe] => (Allow) C:\program files\game\anno 1800\bin\win64\anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft) [Unsigned File]
FirewallRules: [UDP Query User{E5E69F28-9A6C-4FAC-86D9-76E3E4154039}C:\program files\game\anno 1800\bin\win64\anno1800.exe] => (Allow) C:\program files\game\anno 1800\bin\win64\anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft) [Unsigned File]
FirewallRules: [{FDAB997D-A183-4F3B-91ED-1ED756B9B0C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{521DC9CF-0559-4880-BF74-04DCC1BA371B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8788B61B-C392-423E-847C-9B9470245F5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8B3BCF30-6845-409D-9D66-5F9E9EDBE191}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{107243C5-2218-4C63-93B4-7528B1E5710A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A066698F-622B-402D-AA8D-9C63CF01DB2D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66249C24-763D-4D60-87F5-03913849C90C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{653BD623-8EF4-4BC0-9F29-7313A447BF97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9370B1C0-3355-4C1E-8304-F7426A39EE24}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{113CDB4F-7723-4FBA-B717-D514D1FB1E4A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
20-11-2021 09:42:09 Scheduled checkpoint
24-11-2021 09:17:44 Installed Windows PC Health Check
24-11-2021 09:18:12 Windows Modules Installer
24-11-2021 09:20:03 Removed Windows PC Health Check
==================== Device Manager Error Items ============
==================== Event Log Errors: ========================
Application Errors:
==================
Error: (11/25/2021 07:42:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service Information: Unable to start COM server for CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem. [0x8007045b, A system shutdown is in progress.
]
Error: (11/25/2021 07:41:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Error calling the QueryFullProcessImageNameW routine. hr = 0x8007001f, A device attached to the system is not functioning correctly.
.
Operation:
Asynchronous operation in progress
Context:
Current state: DoSnapshotSet
Error: (11/25/2021 07:41:28 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Error querying the IVssWriterCallback interface. hr = 0x80070005, Access denied.
.
This error is often due to incorrect security settings in the writer or requester process.
Operation:
Data collecting from writer
Context:
Writer class ID: {e8132975-6f93-4464-a53e-1050253ae220}
Writer name: System Writer
Writer instance ID: {36c9ac60-1bed-4b99-ac6a-1eec9c07f840}
Error: (11/20/2021 05:54:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Faulting module name: ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Exception code: 0xc0000005
Fault offset: 0x00000000005b0808
Faulting process ID: 0x1e44
Start time of the faulty application: 0x01d7de2f297e1df5
Faulting application path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Faulting module path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Fault report ID: fe43f5f0-e27b-4a73-8be7-2271cb85ca51
Fault package full name:
Relative application ID of the fault package:
Error: (11/20/2021 05:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Faulting module name: ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Exception code: 0xc0000005
Fault offset: 0x00000000005b0808
Faulting process ID: 0xaa8
Start time of the faulty application: 0x01d7de2f00de8b0a
Faulting application path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Faulting module path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Fault report ID: 619cb528-9378-4846-8bf7-32e3e00047fe
Fault package full name:
Relative application ID of the fault package:
Error: (11/20/2021 05:51:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Faulting module name: ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Exception code: 0xc0000005
Fault offset: 0x00000000005b0808
Faulting process ID: 0x1540
Start time of the faulty application: 0x01d7de2eced4cf1c
Faulting application path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Faulting module path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Fault report ID: 65feb7db-676a-435d-84e1-9fc072f80ce4
Fault package full name:
Relative application ID of the fault package:
Error: (11/19/2021 05:31:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name ForzaHorizon5.exe,
Results of the Additional Analysis by Farbar Recovery Scan Tool (x64) Version: 24-11-2021
Executed by dan (25-11-2021 08:32:34)
Executed from C:\Users\danla\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2021-11-11 07:52:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an item is included in the fixlist.txt file, it will be removed.)
Administrator (S-1-5-21-1945953897-2715794965-3388662925-500 - Administrator - Disabled)
dan (S-1-5-21-1945953897-2715794965-3388662925-1001 - Administrator - Enabled) => C:\Users\danla
DefaultAccount (S-1-5-21-1945953897-2715794965-3388662925-503 - Limited - Disabled)
Guest (S-1-5-21-1945953897-2715794965-3388662925-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1945953897-2715794965-3388662925-504 - Limited - Disabled)
==================== Security Center ========================
(If an item is included in the fixlist.txt file, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only 'adware' programs marked as 'Hidden' may be added to fixlist.txt to be unhidden. Adware programs will need to be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\...\uTorrent) (Version: 3.5.5.46096 - BitTorrent Inc.)
Anno 1800 (HKLM-x32\...\Anno 1800_is1) (Version: - )
Canon iR C1225 (HKLM\...\{4A1FEE0C-D415-4386-9897-91ED3C0BD4EA}) (Version: 5.3.0.0 - CANON INC.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 3.0.4 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 3.0.4.40070 - CANON INC.)
Windows PC Health Check (HKLM\...\{0150BDB3-AFFD-47A1-ADB8-DE06658EB3B2}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Euro Truck Simulator 2 (HKLM-x32\...\{36E2B2FE-7341-4361-B0C4-CB22B643C886}_is1) (Version: 1.41.1.25 - SCS Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.29 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - fr-fr (HKLM\...\ProPlus2019Retail - fr-fr) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8264 - Realtek Semiconductor Corp.)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Packages:
=========
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2021-11-19] (Canon Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-11] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-11] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless it is listed separately.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-11-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-11-11 14:59 - 2021-11-11 14:59 - 001655296 _____ (Microsoft Corporation) [Unsigned File] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
2021-11-11 14:59 - 2021-11-11 14:59 - 000052736 _____ (Microsoft Corporation) [Unsigned File] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_bc1d1e5b0be08790\MFC80FRA.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Associations (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts contents: =========================
(If necessary, the Hosts: command may be included in the fixlist.txt file to reset the hosts file.)
2019-12-07 10:14 - 2021-11-25 07:41 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other zones ===========================
(Currently, there are no automatic fixes for this section.)
HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\danla\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
The Firewall is enabled.
==================== MSCONFIG/TASK MANAGER Disabled Items ==
==================== FirewallRules (Whitelisted) ================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless it is listed separately.)
FirewallRules: [{7DE2BD43-29F0-4844-B7A6-3C647C568EE8}] => (Allow) C:\Users\danla\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DB69BACF-5359-499C-B0F3-CD248DFB2D29}] => (Allow) C:\Users\danla\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{681D5A5F-5A88-4F44-9D8B-6C80A5FC7D3D}C:\program files\game\anno 1800\bin\win64\anno1800.exe] => (Allow) C:\program files\game\anno 1800\bin\win64\anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft) [Unsigned File]
FirewallRules: [UDP Query User{E5E69F28-9A6C-4FAC-86D9-76E3E4154039}C:\program files\game\anno 1800\bin\win64\anno1800.exe] => (Allow) C:\program files\game\anno 1800\bin\win64\anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft) [Unsigned File]
FirewallRules: [{FDAB997D-A183-4F3B-91ED-1ED756B9B0C5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{521DC9CF-0559-4880-BF74-04DCC1BA371B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8788B61B-C392-423E-847C-9B9470245F5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8B3BCF30-6845-409D-9D66-5F9E9EDBE191}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{107243C5-2218-4C63-93B4-7528B1E5710A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A066698F-622B-402D-AA8D-9C63CF01DB2D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66249C24-763D-4D60-87F5-03913849C90C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{653BD623-8EF4-4BC0-9F29-7313A447BF97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9370B1C0-3355-4C1E-8304-F7426A39EE24}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{113CDB4F-7723-4FBA-B717-D514D1FB1E4A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
20-11-2021 09:42:09 Scheduled checkpoint
24-11-2021 09:17:44 Installed Windows PC Health Check
24-11-2021 09:18:12 Windows Modules Installer
24-11-2021 09:20:03 Removed Windows PC Health Check
==================== Device Manager Error Items ============
==================== Event Log Errors: ========================
Application Errors:
==================
Error: (11/25/2021 07:42:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service Information: Unable to start COM server for CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem. [0x8007045b, A system shutdown is in progress.
]
Error: (11/25/2021 07:41:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Error calling the QueryFullProcessImageNameW routine. hr = 0x8007001f, A device attached to the system is not functioning correctly.
.
Operation:
Asynchronous operation in progress
Context:
Current state: DoSnapshotSet
Error: (11/25/2021 07:41:28 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Error querying the IVssWriterCallback interface. hr = 0x80070005, Access denied.
.
This error is often due to incorrect security settings in the writer or requester process.
Operation:
Data collecting from writer
Context:
Writer class ID: {e8132975-6f93-4464-a53e-1050253ae220}
Writer name: System Writer
Writer instance ID: {36c9ac60-1bed-4b99-ac6a-1eec9c07f840}
Error: (11/20/2021 05:54:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Faulting module name: ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Exception code: 0xc0000005
Fault offset: 0x00000000005b0808
Faulting process ID: 0x1e44
Start time of the faulty application: 0x01d7de2f297e1df5
Faulting application path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Faulting module path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Fault report ID: fe43f5f0-e27b-4a73-8be7-2271cb85ca51
Fault package full name:
Relative application ID of the fault package:
Error: (11/20/2021 05:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Faulting module name: ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Exception code: 0xc0000005
Fault offset: 0x00000000005b0808
Faulting process ID: 0xaa8
Start time of the faulty application: 0x01d7de2f00de8b0a
Faulting application path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Faulting module path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Fault report ID: 619cb528-9378-4846-8bf7-32e3e00047fe
Fault package full name:
Relative application ID of the fault package:
Error: (11/20/2021 05:51:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Faulting module name: ForzaHorizon5.exe, version: 1.405.2.0, timestamp: 0x6178b41e
Exception code: 0xc0000005
Fault offset: 0x00000000005b0808
Faulting process ID: 0x1540
Start time of the faulty application: 0x01d7de2eced4cf1c
Faulting application path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Faulting module path: C:\Games\Forza Horizon 5\ForzaHorizon5.exe
Fault report ID: 65feb7db-676a-435d-84e1-9fc072f80ce4
Fault package full name:
Relative application ID of the fault package:
Error: (11/19/2021 05:31:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name ForzaHorizon5.exe,
Hi,
So this morning I opened the PC and noticed that on a long connector with plenty of little pins, one of them was bent down. I straightened it and restarted the computer, and so far it hasn't bugged out; maybe there was a bad connection there.
I'll turn it back on tomorrow to see how it goes, fingers crossed lol
Have a good day
So this morning I opened the PC and noticed that on a long connector with plenty of little pins, one of them was bent down. I straightened it and restarted the computer, and so far it hasn't bugged out; maybe there was a bad connection there.
I'll turn it back on tomorrow to see how it goes, fingers crossed lol
Have a good day
Hi,
I have already removed Forza, Daemon Tools; I will take it out, and yes, I'm playing Anno. Office is downloaded and activated.
A lot of things to do tomorrow ???? Okay, I’ll do it tomorrow morning and get back to you.
Thank you very much for your help
Have a good evening
I have already removed Forza, Daemon Tools; I will take it out, and yes, I'm playing Anno. Office is downloaded and activated.
A lot of things to do tomorrow ???? Okay, I’ll do it tomorrow morning and get back to you.
Thank you very much for your help
Have a good evening
re
no problem for the help :)
personally, I'm working from 6 to 2 this week, and I'll check your reply after work
cya
--
the radiation level is higher at the employment office than in Chernobyl
no problem for the help :)
personally, I'm working from 6 to 2 this week, and I'll check your reply after work
cya
--
the radiation level is higher at the employment office than in Chernobyl
Report No. 2
Good luck with all that lol I'm lost.
I ran a disk and memory test with the BIOS and no errors were found.
Farbar Recovery Scan Tool (FRST) Analysis Results (x64) Version: 24-11-2021
Executed by dan (administrator) on DESKTOP-O6662KD (HP HP Pavilion Wave Desktop PC 600-a1xx) (25-11-2021 08:31:20)
Executed from C:\Users\danla\OneDrive\Desktop
Profiles loaded: dan
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: French (France)
Default browser: Chrome
Boot mode: Normal
==================== Processes (Whitelisted) =================
(If an item is included in the fixlist.txt file, the process will be stopped. The file will not be moved.)
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Logitech -> Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Whitelisted) ===================
(If an item is included in the fixlist.txt file, the Registry item will be restored to default or deleted. The file will not be moved.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\...\Run: [ut] => C:\Users\danla\AppData\Roaming\uTorrent\uTorrent.exe [2091560 2021-11-11] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\...\MountPoints2: {12ef1938-42cb-11ec-bba6-30e37a36a825} - "D:\mSetup.exe"
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\Windows\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-17] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless separately listed.)
Task: {34A97FA3-46DF-44A0-AE30-1246D61DD5D6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-10-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {488F3F49-6437-4403-9A7A-F507CE5928F6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {705343F5-CB4B-4BDA-8A9A-F9BA29CD07CD} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1826264 2020-07-29] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {9F08F505-1901-4004-8FEF-BD3D47544A35} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B67F9D1B-BE3E-4F47-918F-B5DD9946EFDD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5F0A0D0-E469-4F50-A239-E3B0EE0F3274} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC153349-6C5D-435C-8BDA-4BF449D9E83B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-11] (Google LLC -> Google LLC)
Task: {DEAFDB25-6517-453C-B7C7-978F4DB43383} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {EAF3030D-0AC6-4DE8-A443-69FD9EA14122} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F94EFB45-8BE7-4D1C-A68C-CE25D618EB7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-11] (Google LLC -> Google LLC)
(If an item is included in the fixlist.txt file, the task file (.job) will be moved. The file executed by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist.txt file and is a Registry item, it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{c9da6caa-311b-4a27-a988-c73403337c9a}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{f9e74e71-5dd4-4daf-9810-857f8233b177}: [DhcpNameServer] 192.168.0.254
Edge:
=======
Edge Profile: C:\Users\danla\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default [2021-11-25]
CHR Notifications: Default -> hxxps://www73.nathanaeldan.pro
CHR Extension: (Slides) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-11]
CHR Extension: (Docs) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-11]
CHR Extension: (Google Drive) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-11]
CHR Extension: (YouTube) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-11]
CHR Extension: (Sheets) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-11]
CHR Extension: (Google Docs offline) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-25]
CHR Extension: (Payments via Chrome Web Store) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-11]
CHR Extension: (Sea Turtle) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\phoipoigjbbgjcnedafgfnpichbmlbim [2021-11-14]
CHR Extension: (Gmail) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-11]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless separately listed.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-11-25] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless separately listed.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 IntelReadyModeDriver; C:\Windows\System32\drivers\IntelReadyModeDriver.sys [33504 2015-10-21] (Intel CASE -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149424 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless separately listed.)
==================== One month (created) (Whitelisted) =========
(If an item is included in the fixlist.txt file, the file/folder will be moved.)
2021-11-25 08:23 - 2021-11-25 08:23 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-11-25 08:23 - 2021-11-25 08:23 - 000149424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-11-25 08:23 - 2021-11-25 08:23 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-11-25 08:22 - 2021-11-25 08:22 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-11-25 08:22 - 2021-11-25 08:22 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-11-25 08:22 - 2021-11-25 08:22 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-25 08:22 - 2021-11-25 08:22 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-25 08:22 - 2021-11-25 08:22 - 000000000 ____D C:\Users\danla\AppData\Local\mbam
2021-11-25 08:22 - 2021-11-25 08:21 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-11-25 08:22 - 2021-11-25 08:21 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-11-25 08:21 - 2021-11-25 08:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-25 08:20 - 2021-11-25 08:21 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-25 08:20 - 2021-11-25 08:20 - 002101944 _____ (Malwarebytes) C:\Users\danla\Downloads\MBSetup.exe
2021-11-25 07:44 - 2021-11-25 08:22 - 000000000 ____D C:\Users\danla\AppData\LocalLow\uTorrent
2021-11-25 07:41 - 2021-11-25 07:42 - 000003109 _____ C:\Users\danla\Downloads\Fixlog.txt
2021-11-25 07:40 - 2021-11-25 07:40 - 000000000 ____D C:\Users\danla\Downloads\FRST-OlderVersion
2021-11-24 09:21 - 2021-11-24 09:21 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-24 09:17 - 2021-11-24 09:17 - 014233600 _____ C:\Users\danla\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-24 09:17 - 2021-11-24 09:17 - 000001349 _____ C:\Users\danla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-24 08:39 - 2021-11-25 08:31 - 000000000 ____D C:\FRST
2021-11-23 09:20 - 2021-11-23 09:20 - 000000000 ____D C:\Users\danla\OneDrive\Documents\Custom Office Templates
2021-11-23 08:35 - 2021-11-24 08:02 - 000360448 _____ C:\Users\danla\OneDrive\Documents\Database1.accdb
2021-11-20 16:42 - 2021-11-20 16:42 - 000000000 ____D C:\Users\danla\AppData\Local\ElevatedDiagnostics
2021-11-20 07:37 - 2021-11-20 08:48 - 000007734 _____ C:\Users\danla\Downloads\OCCT.config.json
2021-11-20 07:35 - 2021-11-20 07:35 - 020614896 _____ (OCCT - Ocbase - Adrien Mercier) C:\Users\danla\Downloads\OCCT.exe
2021-11-19 17:09 - 2021-11-25 07:41 - 000000000 ____D C:\Users\danla\AppData\LocalLow\Temp
2021-11-19 17:02 - 2021-11-19 17:02 - 000000000 ____D C:\Windows\system32\Tasks\Canon
2021-11-19 17:02 - 2021-11-19 17:02 - 000000000 ____D C:\ProgramData\Canon
2021-11-19 17:01 - 2021-11-19 17:01 - 000000000 ___HD C:\Windows\system32\CanonMF Uninstaller Information
2021-11-19 17:01 - 2016-04-11 15:54 - 000133120 _____ (CANON INC.) C:\Windows\system32\CNCLSD56c.DLL
2021-11-19 17:01 - 2016-04-11 15:54 - 000118272 _____ (CANON INC.) C:\Windows\system32\CNCLSI56c.DLL
2021-11-19 17:01 - 2016-04-11 15:54 - 000105472 _____ (CANON INC.) C:\Windows\system32\CNCLST56c.DLL
2021-11-19 17:01 - 2016-04-11 15:54 - 000090624 _____ (CANON INC.) C:\Windows\system32\CNCLSC56c.DLL
2021-11-19 17:01 - 2016-04-11 15:54 - 000083968 _____ (CANON INC.) C:\Windows\system32\CNCLSU56c.DLL
2021-11-19 17:01 - 2016-04-11 15:53 - 000443904 _____ (CANON INC.) C:\Windows\system32\CNCC1225.DLL
2021-11-19 17:01 - 2016-04-11 15:53 - 000154624 _____ (CANON INC.) C:\Windows\system32\CNCL1225.DLL
2021-11-19 17:01 - 2016-04-11 15:53 - 000154112 _____ (CANON INC.) C:\Windows\system32\CNCE1225.DLL
2021-11-19 17:01 - 2016-04-11 15:53 - 000118272 _____ (CANON INC.) C:\Windows\system32\CNCI1225.DLL
2021-11-19 17:01 - 2016-03-14 11:42 - 000000522 _____ C:\Windows\system32\CNCMFP56.INI
2021-11-19 17:00 - 2021-11-19 17:02 - 000000000 ____D C:\Program Files\Canon
2021-11-19 17:00 - 2012-08-09 12:59 - 001006080 _____ (CANON INC.) C:\Windows\system32\CNAS0MOK.DLL
2021-11-19 16:49 - 2021-11-19 16:52 - 269709224 _____ C:\Users\danla\Downloads\iRC1225MFDriverV530WPFR (1).exe
2021-11-19 16:48 - 2021-11-19 16:59 - 000000000 ____D C:\Users\danla\Downloads\iRC1225MFDriverV530WPFR
2021-11-19 16:26 - 2021-11-19 16:48 - 269709224 _____ C:\Users\danla\Downloads\iRC1225MFDriverV530WPFR.exe
2021-11-19 16:16 - 2021-11-20 17:54 - 000000000 ____D C:\Users\danla\AppData\Local\CrashDumps
2021-11-19 16:16 - 2021-11-20 17:53 - 000000000 ____D C:\Users\danla\AppData\Local\ForzaHorizon5
2021-11-18 14:55 - 2021-11-25 07:38 - 000000000 ____D C:\Users\danla\AppData\Roaming\Disc-Soft
2021-11-18 14:55 - 2021-11-25 07:38 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-11-18 14:55 - 2021-11-18 14:55 - 000063704 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtultrausbbus.sys
2021-11-18 14:54 - 2021-11-18 14:54 - 028132000 _____ (Disc Soft Ltd) C:\Users\danla\Downloads\DAEMONToolsUltra610-1746.exe
2021-11-14 13:51 - 2021-11-14 13:53 - 000000000 ____D C:\Users\danla\AppData\Local\AmusementAPPLICATION
2021-11-14 13:35 - 2021-11-14 13:35 - 000000000 ____D C:\Users\danla\AppData\Roaming\WinRAR
2021-11-14 13:34 - 2021-11-14 13:34 - 000000000 ____D C:\Users\danla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-11-14 13:34 - 2021-11-14 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-11-14 13:34 - 2021-11-14 13:34 - 000000000 ____D C:\Program Files (x86)\WinRAR
2021-11-14 09:07 - 2021-11-14 14:05 - 000000000 ____D C:\Users\danla\AppData\Roaming\VLTD App Executable
2021-11-14 08:15 - 2021-11-14 08:15 - 000000000 ___HD C:\Windows\msdownld.tmp
2021-11-12 09:39 - 2021-11-12 09:39 - 000000000 ____D C:\Users\danla\AppData\Roaming\HOODLUM
2021-11-12 09:39 - 2021-11-12 09:39 - 000000000 ____D C:\Users\danla\AppData\Local\ForzaHorizon4
2021-11-12 09:05 -
Good luck with all that lol I'm lost.
I ran a disk and memory test with the BIOS and no errors were found.
Farbar Recovery Scan Tool (FRST) Analysis Results (x64) Version: 24-11-2021
Executed by dan (administrator) on DESKTOP-O6662KD (HP HP Pavilion Wave Desktop PC 600-a1xx) (25-11-2021 08:31:20)
Executed from C:\Users\danla\OneDrive\Desktop
Profiles loaded: dan
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: French (France)
Default browser: Chrome
Boot mode: Normal
==================== Processes (Whitelisted) =================
(If an item is included in the fixlist.txt file, the process will be stopped. The file will not be moved.)
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Logitech -> Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Whitelisted) ===================
(If an item is included in the fixlist.txt file, the Registry item will be restored to default or deleted. The file will not be moved.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\...\Run: [ut] => C:\Users\danla\AppData\Roaming\uTorrent\uTorrent.exe [2091560 2021-11-11] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\...\MountPoints2: {12ef1938-42cb-11ec-bba6-30e37a36a825} - "D:\mSetup.exe"
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\Windows\system32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-17] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless separately listed.)
Task: {34A97FA3-46DF-44A0-AE30-1246D61DD5D6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-10-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {488F3F49-6437-4403-9A7A-F507CE5928F6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {705343F5-CB4B-4BDA-8A9A-F9BA29CD07CD} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1826264 2020-07-29] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {9F08F505-1901-4004-8FEF-BD3D47544A35} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B67F9D1B-BE3E-4F47-918F-B5DD9946EFDD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5F0A0D0-E469-4F50-A239-E3B0EE0F3274} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC153349-6C5D-435C-8BDA-4BF449D9E83B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-11] (Google LLC -> Google LLC)
Task: {DEAFDB25-6517-453C-B7C7-978F4DB43383} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {EAF3030D-0AC6-4DE8-A443-69FD9EA14122} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F94EFB45-8BE7-4D1C-A68C-CE25D618EB7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-11-11] (Google LLC -> Google LLC)
(If an item is included in the fixlist.txt file, the task file (.job) will be moved. The file executed by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist.txt file and is a Registry item, it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{c9da6caa-311b-4a27-a988-c73403337c9a}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{f9e74e71-5dd4-4daf-9810-857f8233b177}: [DhcpNameServer] 192.168.0.254
Edge:
=======
Edge Profile: C:\Users\danla\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-12] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default [2021-11-25]
CHR Notifications: Default -> hxxps://www73.nathanaeldan.pro
CHR Extension: (Slides) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-11-11]
CHR Extension: (Docs) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-11-11]
CHR Extension: (Google Drive) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-11-11]
CHR Extension: (YouTube) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-11-11]
CHR Extension: (Sheets) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-11-11]
CHR Extension: (Google Docs offline) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-25]
CHR Extension: (Payments via Chrome Web Store) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-11]
CHR Extension: (Sea Turtle) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\phoipoigjbbgjcnedafgfnpichbmlbim [2021-11-14]
CHR Extension: (Gmail) - C:\Users\danla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-11-11]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless separately listed.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-11-25] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless separately listed.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 IntelReadyModeDriver; C:\Windows\System32\drivers\IntelReadyModeDriver.sys [33504 2015-10-21] (Intel CASE -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149424 2021-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-11-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435424 2021-11-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist.txt file, it will be removed from the Registry. The file will not be moved unless separately listed.)
==================== One month (created) (Whitelisted) =========
(If an item is included in the fixlist.txt file, the file/folder will be moved.)
2021-11-25 08:23 - 2021-11-25 08:23 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-11-25 08:23 - 2021-11-25 08:23 - 000149424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-11-25 08:23 - 2021-11-25 08:23 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-11-25 08:22 - 2021-11-25 08:22 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-11-25 08:22 - 2021-11-25 08:22 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-11-25 08:22 - 2021-11-25 08:22 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-25 08:22 - 2021-11-25 08:22 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-25 08:22 - 2021-11-25 08:22 - 000000000 ____D C:\Users\danla\AppData\Local\mbam
2021-11-25 08:22 - 2021-11-25 08:21 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-11-25 08:22 - 2021-11-25 08:21 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-11-25 08:21 - 2021-11-25 08:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-25 08:20 - 2021-11-25 08:21 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-25 08:20 - 2021-11-25 08:20 - 002101944 _____ (Malwarebytes) C:\Users\danla\Downloads\MBSetup.exe
2021-11-25 07:44 - 2021-11-25 08:22 - 000000000 ____D C:\Users\danla\AppData\LocalLow\uTorrent
2021-11-25 07:41 - 2021-11-25 07:42 - 000003109 _____ C:\Users\danla\Downloads\Fixlog.txt
2021-11-25 07:40 - 2021-11-25 07:40 - 000000000 ____D C:\Users\danla\Downloads\FRST-OlderVersion
2021-11-24 09:21 - 2021-11-24 09:21 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-24 09:17 - 2021-11-24 09:17 - 014233600 _____ C:\Users\danla\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-24 09:17 - 2021-11-24 09:17 - 000001349 _____ C:\Users\danla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-24 08:39 - 2021-11-25 08:31 - 000000000 ____D C:\FRST
2021-11-23 09:20 - 2021-11-23 09:20 - 000000000 ____D C:\Users\danla\OneDrive\Documents\Custom Office Templates
2021-11-23 08:35 - 2021-11-24 08:02 - 000360448 _____ C:\Users\danla\OneDrive\Documents\Database1.accdb
2021-11-20 16:42 - 2021-11-20 16:42 - 000000000 ____D C:\Users\danla\AppData\Local\ElevatedDiagnostics
2021-11-20 07:37 - 2021-11-20 08:48 - 000007734 _____ C:\Users\danla\Downloads\OCCT.config.json
2021-11-20 07:35 - 2021-11-20 07:35 - 020614896 _____ (OCCT - Ocbase - Adrien Mercier) C:\Users\danla\Downloads\OCCT.exe
2021-11-19 17:09 - 2021-11-25 07:41 - 000000000 ____D C:\Users\danla\AppData\LocalLow\Temp
2021-11-19 17:02 - 2021-11-19 17:02 - 000000000 ____D C:\Windows\system32\Tasks\Canon
2021-11-19 17:02 - 2021-11-19 17:02 - 000000000 ____D C:\ProgramData\Canon
2021-11-19 17:01 - 2021-11-19 17:01 - 000000000 ___HD C:\Windows\system32\CanonMF Uninstaller Information
2021-11-19 17:01 - 2016-04-11 15:54 - 000133120 _____ (CANON INC.) C:\Windows\system32\CNCLSD56c.DLL
2021-11-19 17:01 - 2016-04-11 15:54 - 000118272 _____ (CANON INC.) C:\Windows\system32\CNCLSI56c.DLL
2021-11-19 17:01 - 2016-04-11 15:54 - 000105472 _____ (CANON INC.) C:\Windows\system32\CNCLST56c.DLL
2021-11-19 17:01 - 2016-04-11 15:54 - 000090624 _____ (CANON INC.) C:\Windows\system32\CNCLSC56c.DLL
2021-11-19 17:01 - 2016-04-11 15:54 - 000083968 _____ (CANON INC.) C:\Windows\system32\CNCLSU56c.DLL
2021-11-19 17:01 - 2016-04-11 15:53 - 000443904 _____ (CANON INC.) C:\Windows\system32\CNCC1225.DLL
2021-11-19 17:01 - 2016-04-11 15:53 - 000154624 _____ (CANON INC.) C:\Windows\system32\CNCL1225.DLL
2021-11-19 17:01 - 2016-04-11 15:53 - 000154112 _____ (CANON INC.) C:\Windows\system32\CNCE1225.DLL
2021-11-19 17:01 - 2016-04-11 15:53 - 000118272 _____ (CANON INC.) C:\Windows\system32\CNCI1225.DLL
2021-11-19 17:01 - 2016-03-14 11:42 - 000000522 _____ C:\Windows\system32\CNCMFP56.INI
2021-11-19 17:00 - 2021-11-19 17:02 - 000000000 ____D C:\Program Files\Canon
2021-11-19 17:00 - 2012-08-09 12:59 - 001006080 _____ (CANON INC.) C:\Windows\system32\CNAS0MOK.DLL
2021-11-19 16:49 - 2021-11-19 16:52 - 269709224 _____ C:\Users\danla\Downloads\iRC1225MFDriverV530WPFR (1).exe
2021-11-19 16:48 - 2021-11-19 16:59 - 000000000 ____D C:\Users\danla\Downloads\iRC1225MFDriverV530WPFR
2021-11-19 16:26 - 2021-11-19 16:48 - 269709224 _____ C:\Users\danla\Downloads\iRC1225MFDriverV530WPFR.exe
2021-11-19 16:16 - 2021-11-20 17:54 - 000000000 ____D C:\Users\danla\AppData\Local\CrashDumps
2021-11-19 16:16 - 2021-11-20 17:53 - 000000000 ____D C:\Users\danla\AppData\Local\ForzaHorizon5
2021-11-18 14:55 - 2021-11-25 07:38 - 000000000 ____D C:\Users\danla\AppData\Roaming\Disc-Soft
2021-11-18 14:55 - 2021-11-25 07:38 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-11-18 14:55 - 2021-11-18 14:55 - 000063704 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtultrausbbus.sys
2021-11-18 14:54 - 2021-11-18 14:54 - 028132000 _____ (Disc Soft Ltd) C:\Users\danla\Downloads\DAEMONToolsUltra610-1746.exe
2021-11-14 13:51 - 2021-11-14 13:53 - 000000000 ____D C:\Users\danla\AppData\Local\AmusementAPPLICATION
2021-11-14 13:35 - 2021-11-14 13:35 - 000000000 ____D C:\Users\danla\AppData\Roaming\WinRAR
2021-11-14 13:34 - 2021-11-14 13:34 - 000000000 ____D C:\Users\danla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-11-14 13:34 - 2021-11-14 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-11-14 13:34 - 2021-11-14 13:34 - 000000000 ____D C:\Program Files (x86)\WinRAR
2021-11-14 09:07 - 2021-11-14 14:05 - 000000000 ____D C:\Users\danla\AppData\Roaming\VLTD App Executable
2021-11-14 08:15 - 2021-11-14 08:15 - 000000000 ___HD C:\Windows\msdownld.tmp
2021-11-12 09:39 - 2021-11-12 09:39 - 000000000 ____D C:\Users\danla\AppData\Roaming\HOODLUM
2021-11-12 09:39 - 2021-11-12 09:39 - 000000000 ____D C:\Users\danla\AppData\Local\ForzaHorizon4
2021-11-12 09:05 -
Hello
So this morning I opened the PC and noticed that on a rather long connector with lots of small pins, one of them was bent downwards. I straightened it and started the computer; so far it hasn't bugged, maybe there was a bad connection in that area.
I'll turn it back on tomorrow to see how it goes, fingers crossed lol
Okay
For MBAM (Malwarebytes), you didn't put the detected items in quarantine, then delete (no user action)
Or maybe you didn't post the correct report?
Registry Key: 6
PUP.Optional.Restoro, HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Restoro, No user action, 818, 551610, 1.0.47632, , name, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No user action, 818, 551612, 1.0.47632, , name, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No user action, 818, 551614, 1.0.47632, , name, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, No user action, 818, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No user action, 818, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No user action, 818, 551619, 1.0.47632, , name, , ,
File: 2
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No user action, 818, 551609, 1.0.47632, , name, , DA2DC819F76C6E677C373A98CFA92655, 9431A76A6410E87FC143A6A5A72BCA21EEE9EDDA9CD7FBE5D7A38128C84CA620
PUP.Optional.BundleInstaller, C:\USERS\DANLA\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_46090.EXE, No user action, 514, 977807, 1.0.47632, , name, , 316C70E0D79DBC9C1430AD49FF56BD6D, 628E54FD63A30DA509B1E6006639BFBB457C753D5E029CA0EDA32197B06EBB58
For the FRST and Addition reports, you need to post them via Cjoint --> click here
@+
--
The radiation level is higher at the employment center than at Chernobyl.
So this morning I opened the PC and noticed that on a rather long connector with lots of small pins, one of them was bent downwards. I straightened it and started the computer; so far it hasn't bugged, maybe there was a bad connection in that area.
I'll turn it back on tomorrow to see how it goes, fingers crossed lol
Okay
For MBAM (Malwarebytes), you didn't put the detected items in quarantine, then delete (no user action)
Or maybe you didn't post the correct report?
Registry Key: 6
PUP.Optional.Restoro, HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Restoro, No user action, 818, 551610, 1.0.47632, , name, , ,
PUP.Optional.Restoro, HKU\S-1-5-21-1945953897-2715794965-3388662925-1001\SOFTWARE\Local AppWizard-Generated Applications\Restoro, No user action, 818, 551612, 1.0.47632, , name, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\Restoro, No user action, 818, 551614, 1.0.47632, , name, , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}, No user action, 818, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, No user action, 818, 551619, , , , , ,
PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine, No user action, 818, 551619, 1.0.47632, , name, , ,
File: 2
PUP.Optional.Restoro, C:\WINDOWS\RESTORO.INI, No user action, 818, 551609, 1.0.47632, , name, , DA2DC819F76C6E677C373A98CFA92655, 9431A76A6410E87FC143A6A5A72BCA21EEE9EDDA9CD7FBE5D7A38128C84CA620
PUP.Optional.BundleInstaller, C:\USERS\DANLA\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_46090.EXE, No user action, 514, 977807, 1.0.47632, , name, , 316C70E0D79DBC9C1430AD49FF56BD6D, 628E54FD63A30DA509B1E6006639BFBB457C753D5E029CA0EDA32197B06EBB58
For the FRST and Addition reports, you need to post them via Cjoint --> click here
@+
--
The radiation level is higher at the employment center than at Chernobyl.
re
If I deleted them later actually
I'll check tomorrow how it's going with my repair lol but since then it hasn't bugged
ok for everything :)
just let me know tomorrow how the pc is working, and if you still have any issues
@+
--
the radiation level is higher at the unemployment office than at Chernobyl
If I deleted them later actually
I'll check tomorrow how it's going with my repair lol but since then it hasn't bugged
ok for everything :)
just let me know tomorrow how the pc is working, and if you still have any issues
@+
--
the radiation level is higher at the unemployment office than at Chernobyl
re
no problem for the help :)
@+
--
the radiation level is higher at the unemployment office than at Chernobyl
no problem for the help :)
@+
--
the radiation level is higher at the unemployment office than at Chernobyl
Hi, the PC has been running for 7 hours and 30 minutes, I think it's all good ????
It was that little plug that was twisted in the socket.
Thank you very much for your help
Have a great day
It was that little plug that was twisted in the socket.
Thank you very much for your help
Have a great day
hi
ok, to uninstall FRST, rename it to uninstall.exe
run uninstall.exe as administrator (right-click)
once it's done, remember to mark your topic as resolved --> click here
thank you
@+
--
the radiation level is higher at the employment center than at Chernobyl
ok, to uninstall FRST, rename it to uninstall.exe
run uninstall.exe as administrator (right-click)
once it's done, remember to mark your topic as resolved --> click here
thank you
@+
--
the radiation level is higher at the employment center than at Chernobyl
What worries me is that it happens even without doing anything, I hope it's not a motherboard issue or something else.
The PC is only 4 years old and I paid €860 for it.