Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.02.2024 01 Ran by twist (administrator) on CHUCHOTIS (Hewlett-Packard CQ2904EF) (04-02-2024 11:11:30) Running from C:\Users\twist\Desktop\FRST64.exe Loaded Profiles: twist Platform: Microsoft Windows 11 Pro Version 22H2 22621.525 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe ->) (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) C:\Program Files\Microvirt\MEmuHyperv\MEmuHeadless.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19> (explorer.exe ->) (Shanghai Microvirt Software Technology Co., Ltd. -> Microvirt Software Technology Co. Ltd.) C:\Program Files\Microvirt\MEmu\MEmu.exe (g3n-h@ckm@n -> SosVirus) [File not signed] [File is in use] C:\Users\twist\Downloads\pre-scan_V9_18.10.19.1.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\microsoftwindows.client.webexperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (svchost.exe ->) (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKU\S-1-5-21-1367221443-249768293-1022394803-1001\...\Run: [MicrosoftEdgeAutoLaunch_7508D274883AC008CB6CB3C3195F0733] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788840 2024-02-01] (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {BC319B42-BAEB-4771-8162-CA6C46AA1C33} - System32\Tasks\Avast Software\Overseer => C:\Windows\OEM\CustomizationFiles\Overseer.exe [2144664 2024-01-31] (Avast Software s.r.o. -> Avast Software) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{819a7478-59f5-43bb-a570-24b64d1949e1}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{819a7478-59f5-43bb-a570-24b64d1949e1}: [DhcpDomain] home Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\twist\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-04] Edge Extension: (Google Docs Offline) - C:\Users\twist\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-04] Edge Extension: (Edge relevant text changes) - C:\Users\twist\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-04] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed] S2 MEmuSVC; C:\Program Files\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [249344 2024-02-04] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [113888 2018-05-02] (CyberLink Corp. -> CyberLink) R3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [320360 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) R3 ser2pl_1; C:\WINDOWS\system32\DRIVERS\ser2pl64_1.sys [343216 2023-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.) R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [76832 2022-09-30] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three months (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-02-04 10:35 - 2024-02-04 10:41 - 000000000 ____D C:\Pre_Scan 2024-02-04 10:35 - 2024-02-04 10:35 - 000001563 _____ C:\Users\twist\Desktop\Pre_Scan_Restore.lnk 2024-02-04 10:35 - 2024-02-04 10:35 - 000001223 _____ C:\Users\twist\Desktop\Pre_Scan_Donate.lnk 2024-02-04 10:31 - 2024-02-04 10:33 - 003082136 _____ (SosVirus) C:\Users\twist\Downloads\pre-scan_V9_18.10.19.1.exe 2024-02-04 10:31 - 2022-09-30 05:24 - 000174112 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2024-02-04 10:24 - 2024-02-04 10:24 - 000000000 ____D C:\Users\twist\AppData\Local\Comms 2024-02-04 10:19 - 2024-02-04 10:19 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2024-02-04 10:14 - 2024-02-04 10:14 - 000000966 _____ C:\Users\twist\Desktop\Multi-MEmu.lnk 2024-02-04 10:14 - 2024-02-04 10:14 - 000000927 _____ C:\Users\twist\Desktop\MEmu.lnk 2024-02-04 10:13 - 2024-02-04 10:14 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEmu 2024-02-04 10:13 - 2024-02-04 10:13 - 000000000 ____D C:\Users\twist\Downloads\MEmu Download 2024-02-04 10:03 - 2021-01-04 11:00 - 000320360 _____ (Maiwei Corporation) C:\WINDOWS\system32\Drivers\MEmuDrv.sys 2024-02-04 10:02 - 2024-02-04 10:37 - 000000000 ____D C:\Users\twist\.MemuHyperv 2024-02-04 10:02 - 2024-02-04 10:12 - 000000000 ____D C:\Users\twist\.android 2024-02-04 10:01 - 2024-02-04 10:01 - 000000000 ____D C:\Users\twist\AppData\Local\Publishers 2024-02-04 09:46 - 2024-02-04 10:20 - 000000000 ____D C:\Program Files\Microvirt 2024-02-04 09:45 - 2024-02-04 10:21 - 000000000 ____D C:\Users\twist\AppData\Local\Microvirt 2024-02-04 09:44 - 2024-02-04 09:45 - 024084360 _____ (Microvirt Software Technology Co. Ltd.) C:\Users\twist\Downloads\MEmu-setup-abroad-sdk-mv (1).exe 2024-02-04 09:44 - 2024-02-04 09:45 - 000002379 _____ C:\Users\twist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2024-02-04 09:40 - 2024-02-04 09:45 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1367221443-249768293-1022394803-1001 2024-02-04 09:40 - 2024-02-04 09:43 - 024084360 _____ (Microvirt Software Technology Co. Ltd.) C:\Users\twist\Downloads\MEmu-setup-abroad-sdk-mv.exe 2024-02-04 09:39 - 2024-02-04 09:45 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1367221443-249768293-1022394803-1001 2024-02-04 09:34 - 2024-02-04 10:11 - 000000000 ____D C:\Users\twist\AppData\Local\AMD 2024-02-04 09:33 - 2024-02-04 09:33 - 000000000 ____D C:\Users\twist\AppData\Roaming\ATI 2024-02-04 09:33 - 2024-02-04 09:33 - 000000000 ____D C:\Users\twist\AppData\Local\ATI 2024-02-04 09:33 - 2024-02-04 09:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2024-02-04 09:33 - 2024-02-04 09:33 - 000000000 ____D C:\ProgramData\ATI 2024-02-04 09:30 - 2024-02-04 09:30 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\Network 2024-02-04 09:27 - 2024-02-04 10:20 - 000000000 ____D C:\ProgramData\Packages 2024-02-04 09:27 - 2024-02-04 09:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2024-02-04 09:26 - 2024-02-04 10:20 - 000000000 ____D C:\Users\twist\AppData\Local\Packages 2024-02-04 09:26 - 2024-02-04 09:26 - 000000000 ____D C:\Users\twist\AppData\Roaming\Adobe 2024-02-04 09:25 - 2024-02-04 10:36 - 000000000 ____D C:\Users\twist\AppData\Local\ConnectedDevicesPlatform 2024-02-04 09:25 - 2024-02-04 09:25 - 000000020 ___SH C:\Users\twist\ntuser.ini 2024-02-04 09:11 - 2024-02-04 09:11 - 000000000 ____D C:\WINDOWS\OEM 2024-02-04 09:00 - 2024-02-04 01:27 - 000000000 ____D C:\WINDOWS\Panther 2024-02-04 09:00 - 2024-02-04 01:27 - 000000000 ____D C:\Windows.old 2024-02-04 08:58 - 2024-02-04 08:59 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2024-02-04 08:26 - 2024-02-04 08:26 - 000000000 ____D C:\Program Files\Reference Assemblies 2024-02-04 08:26 - 2024-02-04 08:26 - 000000000 ____D C:\Program Files\MSBuild 2024-02-04 08:26 - 2024-02-04 08:26 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2024-02-04 08:26 - 2024-02-04 08:26 - 000000000 ____D C:\Program Files (x86)\MSBuild 2024-02-04 08:20 - 2024-02-04 08:20 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2024-02-04 00:42 - 2024-02-04 00:42 - 000850316 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-02-04 00:40 - 2024-02-04 00:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-02-04 00:40 - 2024-02-04 00:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2024-02-04 00:39 - 2024-02-04 00:39 - 000016158 _____ C:\Users\twist\Desktop\Removed Apps.html 2024-02-04 00:39 - 2024-02-04 00:39 - 000014712 _____ C:\Users\_ashbackup_\Desktop\Removed Apps.html 2024-02-04 00:38 - 2024-02-04 00:38 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\SystemCertificates 2024-02-04 00:38 - 2024-02-04 00:38 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\Crypto 2024-02-04 00:36 - 2024-02-04 00:36 - 000000000 ____D C:\ProgramData\AMD 2024-02-04 00:33 - 2024-02-04 10:50 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\Spelling 2024-02-04 00:33 - 2024-02-04 10:02 - 000000000 ____D C:\Users\twist 2024-02-04 00:33 - 2024-02-04 09:32 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\Windows 2024-02-04 00:33 - 2024-02-04 00:38 - 000000000 ____D C:\Users\_ashbackup_\AppData\Roaming\Microsoft\Windows 2024-02-04 00:33 - 2024-02-04 00:38 - 000000000 ____D C:\Users\_ashbackup_ 2024-02-04 00:33 - 2022-05-07 06:24 - 000000000 ____D C:\Users\_ashbackup_\AppData\Roaming\Microsoft\Spelling 2024-02-04 00:20 - 2024-02-04 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2024-02-04 00:20 - 2024-02-04 00:20 - 000000000 ____D C:\Program Files\ATI Technologies 2024-02-04 00:19 - 2024-02-04 00:20 - 000000000 ____D C:\Program Files (x86)\ATI Technologies 2024-02-04 00:18 - 2024-02-04 00:19 - 000000000 ____D C:\ProgramData\Package Cache 2024-02-04 00:18 - 2024-02-04 00:18 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2024-02-04 00:18 - 2024-02-04 00:18 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2024-02-04 00:18 - 2024-02-04 00:18 - 000000000 ____D C:\WINDOWS\system32\SRSLabs 2024-02-04 00:18 - 2024-02-04 00:18 - 000000000 ____D C:\Program Files\Realtek 2024-02-04 00:17 - 2024-02-04 00:17 - 000000000 ____D C:\Program Files\AMD 2024-02-04 00:17 - 2024-02-04 00:17 - 000000000 _____ C:\WINDOWS\ativpsrm.bin 2024-02-04 00:14 - 2024-02-04 00:14 - 000000000 ____D C:\WINDOWS\system32\config\BFS 2024-02-04 00:13 - 2024-02-04 00:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-02-04 00:13 - 2024-02-04 00:13 - 000293656 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-02-03 20:17 - 2024-02-04 00:40 - 000000000 ___HD C:\$SysReset 2024-02-03 20:13 - 2024-02-03 20:13 - 000000000 ____D C:\Users\twist\Desktop\FRST-OlderVersion 2024-02-03 18:54 - 2013-08-01 14:12 - 000518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll 2024-02-03 18:54 - 2013-08-01 14:12 - 000211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll 2024-02-03 18:54 - 2013-08-01 14:12 - 000198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll 2024-02-03 18:54 - 2013-08-01 14:12 - 000155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 003564376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2024-02-03 18:53 - 2013-08-01 14:12 - 002795224 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 002743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 002585304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 001662024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2024-02-03 18:53 - 2013-08-01 14:12 - 001284680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 001004248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000147672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000110592 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll 2024-02-03 18:53 - 2013-08-01 14:12 - 000014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll 2024-02-03 17:46 - 2024-02-03 17:46 - 000000000 ___HD C:\$GetCurrent 2024-02-03 17:04 - 2024-02-03 17:04 - 002291214 _____ C:\Users\twist\Desktop\CBS.zip 2024-02-03 17:03 - 2024-02-03 17:03 - 000000940 _____ C:\Users\twist\Desktop\Resultat.txt 2024-02-03 11:59 - 2024-02-03 11:59 - 000000713 _____ C:\Users\twist\Desktop\ComponentsScanner.txt 2024-02-03 11:49 - 2024-02-03 11:50 - 038670744 _____ (Sysnative Forums Software Ltd) C:\Users\twist\Desktop\ComponentsScanner.exe 2024-02-03 11:49 - 2024-02-03 11:50 - 002316112 _____ (niemiro) C:\Users\twist\Desktop\SFCFix.exe 2024-02-03 11:47 - 2024-02-03 11:48 - 000088202 _____ C:\Users\twist\Desktop\services.txt 2024-02-02 21:05 - 2024-02-02 13:30 - 000026897 _____ C:\Users\twist\Desktop\Pre_Scan.txt 2024-02-02 21:01 - 2024-02-02 21:02 - 014071400 _____ (AVAST Software) C:\Users\twist\Downloads\avastclear.exe 2024-02-02 20:56 - 2024-02-03 20:14 - 000001152 _____ C:\Users\twist\Desktop\Fixlog.txt 2024-02-02 20:56 - 2024-02-02 20:56 - 000007056 _____ C:\Users\twist\Downloads\fixlist (1).txt 2024-02-02 15:10 - 2024-02-02 15:10 - 000066013 _____ C:\Users\twist\Desktop\Shortcut.txt 2024-02-02 15:03 - 2024-02-02 15:10 - 000027246 _____ C:\Users\twist\Desktop\Addition.txt 2024-02-02 14:27 - 2024-02-04 11:16 - 000006802 _____ C:\Users\twist\Desktop\FRST.txt 2024-02-02 14:25 - 2024-02-04 11:14 - 000000000 ____D C:\FRST 2024-02-02 14:20 - 2024-02-03 20:13 - 002389504 _____ (Farbar) C:\Users\twist\Desktop\FRST64.exe 2024-02-02 13:30 - 2024-02-04 10:42 - 000044617 _____ C:\Pre_Scan.txt 2024-02-02 13:09 - 2022-09-30 05:24 - 000076832 _____ (QUALCOMM Incorporated) C:\WINDOWS\system32\Drivers\ssudqcfilter.sys 2024-02-02 13:09 - 2022-09-30 05:23 - 000167440 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys 2024-02-02 13:04 - 2024-02-02 13:05 - 000000000 ____D C:\Users\twist\Desktop\Mobizen 2024-02-02 12:29 - 2024-02-02 12:29 - 000000000 ____D C:\Users\twist\AppData\LocalLow\uTorrent 2024-02-01 11:26 - 2024-02-01 11:28 - 000001672 _____ C:\Users\twist\Downloads\PROD_Start_DriverPack.hta 2024-01-31 23:46 - 2024-01-31 23:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Analyzer Pro 2024-01-31 23:22 - 2024-02-04 00:32 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-01-31 23:22 - 2024-02-04 00:32 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2024-01-31 23:18 - 2024-02-04 00:35 - 000012288 ___SH C:\DumpStack.log.tmp 2024-01-31 23:16 - 2024-01-31 23:16 - 000000112 ___SH C:\bootTel.dat 2024-01-31 22:58 - 2024-01-31 22:58 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 2024-01-31 22:51 - 2024-01-31 22:51 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2024-01-31 22:50 - 2024-01-31 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line 2024-01-31 21:37 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2024-01-31 20:48 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools Backup & Restore 2024-01-31 20:38 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo WinToUSB 2024-01-31 20:36 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows To Go Upgrader 2024-01-31 20:05 - 2024-01-31 20:05 - 000000643 _____ C:\Users\twist\Desktop\LiberKey.lnk 2024-01-31 20:05 - 2024-01-31 20:05 - 000000000 ____D C:\LiberKey 2024-01-31 19:49 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo Backup Suite 2024-01-31 19:08 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI 2024-01-31 18:57 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo BitLocker Anywhere 2024-01-31 18:50 - 2024-01-31 18:50 - 000933888 _____ (CyberLink Corp.) C:\Users\twist\Downloads\UWebinar_7.14.1.09605_production_PLK231123-01.tmp 2024-01-31 18:45 - 2024-01-31 18:45 - 000000000 ____D C:\Users\twist\Downloads\U Meeting Recordings 2024-01-31 18:39 - 2024-01-31 18:54 - 369989064 _____ C:\Users\twist\Downloads\YouCam_10.1.2717.1_Subscription_YUC231123-03.exe 2024-01-31 18:31 - 2018-05-02 16:02 - 000113888 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualBus01.sys 2024-01-31 18:26 - 2024-01-31 18:26 - 000000000 ____D C:\Users\twist\AppData\LocalLow\uTorrent.WebView2 2024-01-31 18:25 - 2024-02-02 12:29 - 000000000 ____D C:\Users\twist\Documents\PerfectCam 2024-01-31 18:23 - 2024-01-31 18:24 - 045760512 _____ C:\Users\twist\Downloads\Promeo_2531_7.3_Essential_PRP231215-01.tmp 2024-01-31 18:23 - 2024-01-31 18:23 - 000000876 _____ C:\Users\twist\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2024-01-31 18:15 - 2024-01-31 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2024-01-31 18:09 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware 2024-01-31 18:09 - 2024-01-31 18:52 - 163692544 _____ C:\Users\twist\Downloads\PowerDVD_23.0.1303.62_Essential_DVD231204-04.tmp 2024-01-31 18:07 - 2024-01-31 18:39 - 046183160 _____ (CyberLink Corp.) C:\Users\twist\Downloads\U_7.15.12118.25181551(7.15.0Prod)_Free_YOU231018-05.exe 2024-01-31 18:05 - 2024-01-31 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undelete360 2024-01-31 17:59 - 2024-01-31 18:02 - 202304800 _____ C:\Users\twist\Downloads\Power2Go_13.0.0718.0b_Essential_Essential_P2G190705-02.exe 2024-01-31 17:48 - 2024-01-31 17:48 - 000000000 ___SD C:\Users\_ashbackup_\AppData\Roaming\Microsoft\Protect 2024-01-31 17:47 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2024-01-31 17:42 - 2024-01-31 17:44 - 144189048 _____ C:\Users\twist\Downloads\PerfectCam_2.3.7124.0_Subscription_PFC231124-01.exe 2024-01-31 17:39 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Axon 2024-01-31 17:38 - 2024-02-04 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex 2024-01-31 17:33 - 2024-01-31 17:33 - 000000000 ___HD C:\OneDriveTemp 2024-01-31 17:28 - 2024-02-02 01:31 - 000000000 ___RD C:\Users\twist\OneDrive 2024-01-31 17:22 - 2024-01-31 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APFS for Windows by Paragon Software 2024-01-31 17:05 - 2024-02-04 09:27 - 000000000 __RHD C:\Users\Public\AccountPictures 2024-01-31 17:04 - 2024-01-31 17:04 - 000000000 ____D C:\Users\twist\AppData\Roaming\Microsoft\Vault 2024-01-31 16:51 - 2024-01-31 16:51 - 000000000 ___SD C:\Users\twist\AppData\Roaming\Microsoft\Protect 2024-01-31 16:51 - 2024-01-31 16:51 - 000000000 ___SD C:\Users\twist\AppData\Roaming\Microsoft\Credentials 2024-01-31 15:50 - 2024-01-31 15:50 - 000000000 ____D C:\WINDOWS\CSC 2024-01-31 10:56 - 2024-01-31 10:56 - 1286361926 _____ C:\Users\twist\Desktop\BitLockerAnywhere_Trial_sib.exe 2024-01-31 10:42 - 2024-01-31 10:42 - 550888982 _____ C:\Users\twist\Desktop\ProV10.ARM64_sib.exe 2024-01-30 17:30 - 2024-01-30 17:32 - 000000000 ____D C:\Aimersoft Video Suite 2024-01-30 16:45 - 2024-01-30 16:45 - 000000352 _____ C:\demande aide problème 301 & 300.txt 2024-01-26 13:16 - 2024-02-04 00:17 - 000000000 ____D C:\AMD 2024-01-26 11:47 - 2024-01-31 12:34 - 000000000 ____D C:\Users\twist\Desktop\twister1a63 ==================== Three months (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-02-04 10:37 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-02-04 10:36 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF 2024-02-04 10:20 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps 2024-02-04 10:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-02-04 09:53 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing 2024-02-04 09:53 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-02-04 09:48 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog 2024-02-04 09:27 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-02-04 09:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\AppLocker 2024-02-04 09:00 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup 2024-02-04 09:00 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2024-02-04 09:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2024-02-04 08:56 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP 2024-02-04 08:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS 2024-02-04 08:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2024-02-04 08:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources 2024-02-04 08:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2024-02-04 08:55 - 2022-05-07 08:39 - 000000000 ___SD C:\WINDOWS\system32\AppV 2024-02-04 08:55 - 2022-05-07 08:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Globalization 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-02-04 08:55 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System 2024-02-04 08:50 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2024-02-04 08:50 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2024-02-04 04:15 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat 2024-02-04 02:58 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-02-04 01:36 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate 2024-02-04 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool 2024-02-04 01:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-02-04 00:41 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2024-02-04 00:34 - 2022-05-07 06:17 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2024-02-04 00:14 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState ==================== SigCheckExt ========================= 2021-07-01 15:25 - 2021-07-01 15:25 - 008156672 _____ (Synergenics, LLC) C:\EchoLink.exe 2024-01-31 10:56 - 2024-01-31 10:56 - 1286361926 _____ C:\Users\twist\Desktop\BitLockerAnywhere_Trial_sib.exe 2024-02-02 14:20 - 2024-02-03 20:13 - 002389504 _____ (Farbar) C:\Users\twist\Desktop\FRST64.exe 2024-01-31 10:42 - 2024-01-31 10:42 - 550888982 _____ C:\Users\twist\Desktop\ProV10.ARM64_sib.exe 2024-02-04 10:31 - 2024-02-04 10:33 - 003082136 _____ (SosVirus) C:\Users\twist\Downloads\pre-scan_V9_18.10.19.1.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {4edaf063-bc7f-11ee-b814-c25f4c8da036} {4edaf062-bc7f-11ee-b814-c25f4c8da036} {4edaf058-bc7f-11ee-b814-c25f4c8da036} {4edaf05e-bc7f-11ee-b814-c25f4c8da036} {4edaf057-bc7f-11ee-b814-c25f4c8da036} {4edaf059-bc7f-11ee-b814-c25f4c8da036} {4edaf05b-bc7f-11ee-b814-c25f4c8da036} {4edaf05c-bc7f-11ee-b814-c25f4c8da036} {4edaf05d-bc7f-11ee-b814-c25f4c8da036} {4edaf05f-bc7f-11ee-b814-c25f4c8da036} {4edaf060-bc7f-11ee-b814-c25f4c8da036} {4edaf061-bc7f-11ee-b814-c25f4c8da036} {4edaf05a-bc7f-11ee-b814-c25f4c8da036} {4edaf065-bc7f-11ee-b814-c25f4c8da036} {4edaf067-bc7f-11ee-b814-c25f4c8da036} {4edaf064-bc7f-11ee-b814-c25f4c8da036} timeout 2 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {7fae32d3-c333-11ee-b602-9afc247ea2ec} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {4edaf057-bc7f-11ee-b814-c25f4c8da036} description UEFI: General USB Flash Disk 1.00 Firmware Application (101fffff) ------------------------------- identifier {4edaf058-bc7f-11ee-b814-c25f4c8da036} description USB Floppy/CD Firmware Application (101fffff) ------------------------------- identifier {4edaf059-bc7f-11ee-b814-c25f4c8da036} description UEFI: SanDisk Firmware Application (101fffff) ------------------------------- identifier {4edaf05a-bc7f-11ee-b814-c25f4c8da036} description Atheros Boot Agent Firmware Application (101fffff) ------------------------------- identifier {4edaf05b-bc7f-11ee-b814-c25f4c8da036} description UEFI: FixMeStick 8.07 Firmware Application (101fffff) ------------------------------- identifier {4edaf05c-bc7f-11ee-b814-c25f4c8da036} description UEFI: WD Elements 10A8 1042 Firmware Application (101fffff) ------------------------------- identifier {4edaf05d-bc7f-11ee-b814-c25f4c8da036} description UEFI: TOSHIBA TransMemory 1.00 Firmware Application (101fffff) ------------------------------- identifier {4edaf05e-bc7f-11ee-b814-c25f4c8da036} description USB Floppy/CD Firmware Application (101fffff) ------------------------------- identifier {4edaf05f-bc7f-11ee-b814-c25f4c8da036} description USB Hard Drive Firmware Application (101fffff) ------------------------------- identifier {4edaf060-bc7f-11ee-b814-c25f4c8da036} description UEFI: KingstonDataTraveler 2.01.00 Firmware Application (101fffff) ------------------------------- identifier {4edaf061-bc7f-11ee-b814-c25f4c8da036} description UEFI: ZALMAN ZM-VE350 1060 Firmware Application (101fffff) ------------------------------- identifier {4edaf062-bc7f-11ee-b814-c25f4c8da036} path \EFI\ubuntu\shimx64.efi description ubuntu Firmware Application (101fffff) ------------------------------- identifier {4edaf063-bc7f-11ee-b814-c25f4c8da036} path \EFI\debian\shimx64.efi description debian Firmware Application (101fffff) ------------------------------- identifier {4edaf064-bc7f-11ee-b814-c25f4c8da036} description CD/DVD Drive Firmware Application (101fffff) ------------------------------- identifier {4edaf065-bc7f-11ee-b814-c25f4c8da036} description USB Floppy/CD Firmware Application (101fffff) ------------------------------- identifier {4edaf067-bc7f-11ee-b814-c25f4c8da036} description Hard Drive Windows Boot Loader ------------------- identifier {4edaf06e-bc7f-11ee-b814-c25f4c8da036} device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{4edaf06f-bc7f-11ee-b814-c25f4c8da036} path \windows\system32\winload.efi description Windows Recovery Environment locale en-us inherit {bootloadersettings} displaymessage Recovery displaymessageoverride PushButtonReset osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{4edaf06f-bc7f-11ee-b814-c25f4c8da036} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 11 locale en-US inherit {bootloadersettings} recoverysequence {4edaf06e-bc7f-11ee-b814-c25f4c8da036} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {7fae32d3-c333-11ee-b602-9afc247ea2ec} nx OptIn bootmenupolicy Standard Resume from Hibernate --------------------- identifier {7fae32d3-c333-11ee-b602-9afc247ea2ec} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {4edaf06e-bc7f-11ee-b814-c25f4c8da036} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: custom:21000026 partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {4edaf06f-bc7f-11ee-b814-c25f4c8da036} description Windows Recovery ramdisksdidevice partition=C: ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== End of FRST.txt ========================