Can't open Command Prompt & Other issue

**Malnutrition** · 03-22-2022, 02:02 AM

Wait until the program is complete, then reboot and check and see if you are able to open command as admin.

**khval94** · 03-22-2022, 02:04 AM

After reboot, still cannot run as admin

**Malnutrition** · 03-22-2022, 02:13 AM

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"
[IMG alt=“icon2.jpg”]https://pchelpforum.net/attachments/icon2-jpg.794/
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
[IMG alt=“frst disclaimer.jpg”]https://pchelpforum.net/attachments/...aimer-jpg.795/

[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it.[/li][li]Then select Scan[/li][/ol]
[IMG alt=“frst.jpg”]https://pchelpforum.net/attachments/frst-jpg.796/
Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.
[IMG alt=“2016-08-12_152002.jpg”]https://pchelpforum.net/attachments/...52002-jpg.797/

Please Copy and Paste the contents of these logs in your next post for review by our Security Team[/IMG]

**Malnutrition** · 03-22-2022, 02:16 AM

Attach the FRST and addition.txt

**Malnutrition** · 03-22-2022, 02:36 AM

Note: If you are unable to run FRST as admin. Drag and drop FRST onto the Power run tool. [COLOR=rgb(184, 49, 47)]You must be running the 64 bit version of Power run

Open notepad, and copy and paste the content of the codebox below into an open notepad.

Code:

Start::
CreateRestorePoint:
CloseProcesses:
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
cmd: DISM.exe /Online /Cleanup-image /Scanhealth
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: fltmc instances
SetDefaultFilePermissions: C:\Windows\System32\cmd.exe
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: sfc /scannow
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
Reboot:
End::

Save it to your desktop, name it fixlist.txt

Right click Frst and run as admin.
FRST must also be on the desktop.
Click the fix button.

This fix may take a little while, allow it to complete.[/COLOR]

**khval94** · 03-22-2022, 02:45 AM

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-03-2022
Ran by khval (administrator) on LAPTOP-OH5CF8OA (HP HP Pavilion Laptop 15-cs1xxx) (21-03-2022 20:41:43)
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval & Kristian
Platform: Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brave Software, Inc. → BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(Brave Software, Inc. → BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe ->) (Intel(R) pGFX 2020 → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION → ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION → ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION → ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (Brave Software, Inc. → Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <14>
(explorer.exe ->) (Google LLC → ) C:\Program Files\Google\Drive File Stream\55.0.3.0\crashpad_handler.exe
(explorer.exe ->) (HP Inc → HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Intel(R) Rapid Storage Technology → Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(services.exe ->) (Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. → Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (Conexant Systems LLC → Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(services.exe ->) (Conexant Systems LLC → Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION → ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_28a78a8b4b54e457\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_28a78a8b4b54e457\x64\DiagsCap.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_28a78a8b4b54e457\x64\NetworkCap.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_28a78a8b4b54e457\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation → Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation → Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation → Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) C:\Windows\System32\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 → ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a2d86d775f73d911\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 → Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a2d86d775f73d911\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology → Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions → Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(services.exe ->) (Intuit, Inc. → Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Smart Sound Technology → Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation → Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(svchost.exe ->) (HP Inc → HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Tweaking LLC → [URL='http://Tweaking.com']Tweaking.com[/URL]) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319520 2018-07-05] (Intel(R) Rapid Storage Technology → Intel Corporation)
HKLM...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [525312 2021-08-05] (HP Inc.) [File not signed]
HKLM...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2617208 2022-03-20] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3769248 2019-03-19] (HP Inc → HP Inc.)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC → Google, Inc.)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1004...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2617208 2022-03-20] (Microsoft Corporation → Microsoft Corporation)
HKLM...\Print\Monitors\HP CD11 Status Monitor: C:\WINDOWS\system32\hpinkstsCD11LM.dll [391992 2019-03-15] (HP Inc → HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] → C:\Program Files\BraveSoftware\Brave-Browser\Application\99.1.36.119\Installer\chrmstp.exe [2022-03-21] (Brave Software, Inc. → Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → “C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe” --configure-user-settings --verbose-logging --system-level
IFEO\EOSnotify.exe: [Debugger] /
IFEO\InstallAgent.exe: [Debugger] /
IFEO\MusNotification.exe: [Debugger] /
IFEO\MusNotificationUx.exe: [Debugger] /
IFEO\remsh.exe: [Debugger] /
IFEO\SihClient.exe: [Debugger] /
IFEO\UpdateAssistant.exe: [Debugger] /
IFEO\upfc.exe: [Debugger] /
IFEO\UsoClient.exe: [Debugger] /
IFEO\WaaSMedic.exe: [Debugger] /
IFEO\WaasMedicAgent.exe: [Debugger] /
IFEO\Windows10Upgrade.exe: [Debugger] /
IFEO\Windows10UpgraderApp.exe: [Debugger] /
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2019-11-11]
ShortcutTarget: Intuit Data Protect.lnk → C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. → Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2019-11-11]
ShortcutTarget: QuickBooks Update Agent.lnk → C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. → Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2019-11-11]
ShortcutTarget: QuickBooks_Standard_21.lnk → C:\Program Files (x86)\Intuit\QuickBooks 2019\QBW32.EXE (Intuit, Inc. → Intuit Inc.)
GroupPolicy-x32: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EA64369-2001-407A-907B-654C30280A5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-02-25] (HP Inc. → HP Inc.)
Task: {0F71293E-CBF4-4407-9CCF-0BE8F0E651D7} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC → [URL='http://Tweaking.com']Tweaking.com[/URL])
Task: {3467DB36-0F33-4675-9D16-F459A811B6D3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2544099675-2571443181-3956208610-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158880 2022-03-20] (Microsoft Corporation → Microsoft Corporation)
Task: {419C26BB-0D60-4072-869F-E7911E00D61E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {458B4077-FA03-44A4-81D0-316612926FDF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. → Adobe Inc.)
Task: {4DBAF91F-0623-434E-8BBF-884853A1A3D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [314032 2022-02-25] (HP Inc. → HP Inc.)
Task: {534AEC6C-2A94-480D-ACB6-6B5738D1C77E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task “308046B0AF4A39CB”
Task: {5B420D48-6FF7-40B9-B249-B8D4B53AF55F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH6425X15V => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-02-25] (HP Inc. → HP Inc.)
Task: {5F67B163-4B94-430B-9208-093D03774194} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001Core => C:\Users\khval\AppData\Local\Google\Update\GoogleUpdate.exe [156104 2020-01-18] (Google LLC → Google LLC)
Task: {71B5CA04-E204-4EEB-8299-7FEF688C13DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {725E65AD-2921-413D-988E-C9071B7E0112} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {93C342FA-1411-4F53-A678-B0F277E43240} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [6437792 2019-03-19] (HP Inc → HP Inc.)
Task: {97BE0E21-31E8-473B-99D4-AD79226193D4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-05] (Google LLC → Google LLC)
Task: {99CBD18C-8340-47E6-9689-0074EC64B6D2} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo → Zemana Ltd.)
Task: {A209A6EB-4166-45B6-A169-BCAE0625B6DF} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-27] (Brave Software, Inc. → BraveSoftware Inc.)
Task: {A606683D-C66D-47FF-B445-00DA3419A867} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158880 2022-03-20] (Microsoft Corporation → Microsoft Corporation)
Task: {ACBCAD2C-EE11-4D49-B465-BE718DC39A6F} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-27] (Brave Software, Inc. → BraveSoftware Inc.)
Task: {AD1595BE-D334-4005-A63F-C93516AEE4E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-02-05] (Google LLC → Google LLC)
Task: {C03E7A5C-D5C1-4979-992C-65CED8CDB60E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001UA => C:\Users\khval\AppData\Local\Google\Update\GoogleUpdate.exe [156104 2020-01-18] (Google LLC → Google LLC)
Task: {C4D402AC-C986-4058-960C-C0F1378D3EAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-02-25] (HP Inc. → HP Inc.)
Task: {C96D7A3D-0589-4050-A782-AD0E1A776697} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {DCC33EAF-A59A-40DB-ACB1-87E9242A6BFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-02-25] (HP Inc. → HP Inc.)
Task: {EB297B3B-B80C-49A2-907B-B4290A54F8AE} - System32\Tasks\RtkAudUService64_BG => C:\windows\system32\RtkAudUService64.exe [838648 2019-06-07] (Realtek Semiconductor Corp. → Realtek Semiconductor)
Task: {EF2E4DD0-2476-4F6E-BFD8-C0A08EA0B5AF} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2544099675-2571443181-3956208610-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158880 2022-03-20] (Microsoft Corporation → Microsoft Corporation)
Task: {F0FD26F3-D080-40D1-BE96-FD2C2909D980} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382672 2021-09-17] (Intuit, Inc. → Intuit Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{7e294a8c-888c-4920-8d9a-f93bee67c64b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip..\Interfaces{96dd34bf-6f66-4179-8d23-a8116cb9f37a}: [DhcpNameServer] 40.23.1.13
[HEADING=1]Edge:[/HEADING]
DownloadDir: C:\Users\khval\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 → hxxps://www.ecosia.org/
Edge Notifications: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 → hxxps://mail.google.com
Edge Extension: (No Name) → AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) → BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (Honey) → EdgeExtension_HoneyScienceCorporationHoney_cbe4c63gm1mzr => C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2019-08-07]
Edge Extension: (No Name) → LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) → PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-21]
Edge DownloadDir: Default → C:\Users\khval\Downloads
Edge Notifications: Default → hxxps://business.facebook.com; hxxps://calendar.google.com; hxxps://direct.chownow.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://www.facebook.com
Edge HomePage: Default → hxxps://www.ecosia.org/
Edge StartupUrls: Default → “hxxps://www.ecosia.org/”
Edge Extension: (Honey) - C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2022-03-11]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-18]
Edge HKLM-x32...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: xpnyqjre.default-1623777132643
FF ProfilePath: C:\Users\khval\AppData\Roaming\Mozilla\Firefox\Profiles\xpnyqjre.default-1623777132643 [2022-03-20]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\khval\AppData\Roaming\Mozilla\Firefox\Profiles\xpnyqjre.default-1623777132643\Extensions{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-01-14]
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN → VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. → Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default [2022-03-21]
CHR HomePage: Default → hxxp://www.google.com/
CHR StartupUrls: Default → “hxxp://www.google.com/”
CHR DefaultNewTabURL: Default → hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D110919-N0630A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
CHR Extension: (Slides) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-29]
CHR Extension: (Docs) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-29]
CHR Extension: (YouTube) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-29]
CHR Extension: (Sheets) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-28]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-19]
CHR Extension: (Gmail) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-28]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\khval\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx 
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [jdanfkhnfpagoijgfmklhgakdicpnfil]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
[HEADING=1]Brave:[/HEADING]
BRA Profile: C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-03-21]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-03-20]
BRA Extension: (Brave NTP background images) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-03-11]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-03-20]
BRA Extension: (Brave NTP sponsored images) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-03-21]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2022-01-27]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-11]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-03-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. → Adobe Inc.)
R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2020-02-05] (Apple Inc. → Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-27] (Brave Software, Inc. → BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-27] (Brave Software, Inc. → BraveSoftware Inc.)
S2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1775264 2021-12-16] (voidtools → voidtools)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncHelper.exe [3381152 2022-03-20] (Microsoft Corporation → Microsoft Corporation)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_28a78a8b4b54e457\x64\AppHelperCap.exe [762920 2022-01-19] (HP Inc. → HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_28a78a8b4b54e457\x64\DiagsCap.exe [759800 2022-01-19] (HP Inc. → HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_28a78a8b4b54e457\x64\NetworkCap.exe [756736 2022-01-19] (HP Inc. → HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_28a78a8b4b54e457\x64\SysInfoCap.exe [760304 2022-01-19] (HP Inc. → HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe [494672 2021-11-22] (HP Inc. → HP Inc.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.033.0213.0002\OneDriveUpdaterService.exe [3852152 2022-03-20] (Microsoft Corporation → Microsoft Corporation)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2017-11-14] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2019-06-07] (Intuit Inc.) [File not signed]
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-12-15] (ADLICE (ASCOET JULIEN) → )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher → Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [50616 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 → HP)
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2022-03-19] (Zemana D.O.O. Sarajevo → Copyright 2018.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [108480 2018-06-25] (Alcorlink Corp. → )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher → Google, Inc.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. → HP Inc.)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [60448 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 → HP)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows → Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows → Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. → HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-21 19:10 - 2022-03-21 19:10 - 000001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything.lnk
2022-03-21 19:10 - 2022-03-21 19:10 - 000001111 _____ C:\Users\Public\Desktop\Everything.lnk
2022-03-21 19:10 - 2022-03-21 19:10 - 000000000 ____D C:\Users\khval\AppData\Roaming\Everything
2022-03-21 19:10 - 2022-03-21 19:10 - 000000000 ____D C:\Program Files (x86)\Everything
2022-03-21 18:23 - 2022-03-21 18:23 - 000000000 ____D C:\Users\khval\Downloads\HP Downloads
2022-03-21 07:56 - 2022-03-21 07:56 - 000000000 ___HD C:$Windows.~WS
2022-03-21 07:56 - 2022-03-21 07:56 - 000000000 ____D C:$WINDOWS.~BT
2022-03-21 07:29 - 2022-03-21 07:29 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-03-21 07:25 - 2022-03-21 07:25 - 000000020 ___SH C:\Users\khval\ntuser.ini
2022-03-21 01:08 - 2022-03-20 23:39 - 000000000 ____D C:\Windows.old
2022-03-21 01:05 - 2022-03-21 01:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-03-21 01:04 - 2022-03-21 01:05 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-03-21 01:04 - 2022-03-21 01:04 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-03-21 01:01 - 2022-03-21 01:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-03-21 00:58 - 2022-03-21 00:58 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-03-21 00:57 - 2022-03-21 00:57 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-03-21 00:57 - 2022-03-21 00:57 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-21 00:57 - 2022-03-21 00:57 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-21 00:56 - 2022-03-21 00:56 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-03-21 00:56 - 2022-03-21 00:56 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-03-21 00:54 - 2022-03-21 00:54 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-21 00:54 - 2022-03-21 00:54 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-03-21 00:54 - 2022-03-21 00:54 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-03-21 00:53 - 2022-03-21 00:53 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-03-21 00:30 - 2022-03-21 07:30 - 000000000 ____D C:\WINDOWS\HoloShell
2022-03-21 00:30 - 2022-03-21 01:01 - 000000000 ____D C:\WINDOWS\TextInput
2022-03-21 00:29 - 2019-10-15 15:45 - 001368296 _____ C:\WINDOWS\system32\PerceptionSimulationRightHandModel.glb
2022-03-21 00:29 - 2019-10-15 15:45 - 001366268 _____ C:\WINDOWS\system32\PerceptionSimulationLeftHandModel.glb
2022-03-21 00:28 - 2019-10-15 15:45 - 000000002 _____ C:\WINDOWS\system32\hologramcompositor.lock
2022-03-21 00:26 - 2019-10-15 15:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2022-03-21 00:26 - 2019-04-18 20:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2022-03-20 23:37 - 2022-03-21 19:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-20 23:37 - 2022-03-21 07:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-03-20 23:37 - 2022-03-20 23:37 - 000003586 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001UA
2022-03-20 23:37 - 2022-03-20 23:37 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-03-20 23:37 - 2022-03-20 23:37 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-20 23:37 - 2022-03-20 23:37 - 000003370 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2022-03-20 23:37 - 2022-03-20 23:37 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-03-20 23:37 - 2022-03-20 23:37 - 000003318 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001Core
2022-03-20 23:37 - 2022-03-20 23:37 - 000003244 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-20 23:37 - 2022-03-20 23:37 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b6d0ca8e983d
2022-03-20 23:37 - 2022-03-20 23:37 - 000003146 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2022-03-20 23:37 - 2022-03-20 23:37 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-03-20 23:37 - 2022-03-20 23:37 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2544099675-2571443181-3956208610-1004
2022-03-20 23:37 - 2022-03-20 23:37 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2544099675-2571443181-3956208610-1001
2022-03-20 23:37 - 2022-03-20 23:37 - 000003014 _____ C:\WINDOWS\system32\Tasks\QBScheduledReport
2022-03-20 23:37 - 2022-03-20 23:37 - 000003008 _____ C:\WINDOWS\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2022-03-20 23:37 - 2022-03-20 23:37 - 000002726 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP Officejet 5740 series
2022-03-20 23:37 - 2022-03-20 23:37 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-03-20 23:37 - 2022-03-20 23:37 - 000002522 _____ C:\WINDOWS\system32\Tasks\AMHelper
2022-03-20 23:37 - 2022-03-20 23:37 - 000002370 _____ C:\WINDOWS\system32\Tasks\RtkAudUService64_BG
2022-03-20 23:37 - 2022-03-20 23:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-03-20 23:37 - 2022-03-20 23:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2022-03-20 23:37 - 2022-03-20 23:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-03-20 23:37 - 2018-10-11 00:00 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2548962678-2227627121-3813296117-500
2022-03-20 23:36 - 2022-03-20 23:37 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2022-03-20 23:36 - 2022-03-20 23:37 - 000011433 _____ C:\WINDOWS\diagerr.xml
2022-03-20 23:23 - 2022-03-21 19:31 - 000847768 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-20 23:16 - 2022-03-21 20:01 - 000000000 ____D C:\Users\khval
2022-03-20 23:16 - 2022-03-20 23:20 - 000000000 ____D C:\Users\Kristian
2022-03-20 23:16 - 2019-12-07 03:10 - 000001105 _____ C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-20 23:10 - 2022-03-21 20:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-20 23:10 - 2022-03-20 23:10 - 000307864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-20 20:32 - 2022-03-20 21:54 - 000000000 ____D C:\Users\Kristian\AppData\Local\CrashDumps
2022-03-20 19:55 - 2022-03-20 19:55 - 000000000 ____D C:\Users\Kristian\AppData\Local\HP
2022-03-20 19:51 - 2022-03-21 07:56 - 000000000 ___DC C:\WINDOWS\Panther
2022-03-20 19:42 - 2022-03-20 19:42 - 000000000 ____D C:\Users\Kristian\AppData\Local\Comms
2022-03-20 19:31 - 2022-03-20 19:51 - 000000000 ____D C:\ESD
2022-03-20 19:28 - 2022-03-20 19:28 - 000000000 ____D C:\Users\Kristian\AppData\Roaming\Intel Corporation
2022-03-20 19:27 - 2022-03-20 19:27 - 000000000 ____D C:\Users\Kristian\AppData\Local\D3DSCache
2022-03-20 19:26 - 2022-03-20 19:56 - 000000000 ____D C:\Users\Kristian\AppData\Local\Publishers
2022-03-20 19:25 - 2022-03-20 23:16 - 000000000 ____D C:\Users\Kristian\AppData\Local\Packages
2022-03-20 19:25 - 2022-03-20 19:26 - 000000000 ____D C:\Users\Kristian\AppData\Local\Intel
2022-03-20 19:25 - 2022-03-20 19:25 - 000000000 __SHD C:\Users\Kristian\IntelGraphicsProfiles
2022-03-20 19:25 - 2022-03-20 19:25 - 000000000 ___RD C:\Users\Kristian\3D Objects
2022-03-20 19:25 - 2022-03-20 19:25 - 000000000 ____D C:\Users\Kristian\AppData\Roaming\Intel
2022-03-20 19:25 - 2022-03-20 19:25 - 000000000 ____D C:\Users\Kristian\AppData\Roaming\Adobe
2022-03-20 19:25 - 2022-03-20 19:25 - 000000000 ____D C:\Users\Kristian\AppData\LocalLow\Intel
2022-03-20 19:25 - 2022-03-20 19:25 - 000000000 ____D C:\Users\Kristian\AppData\Local\VirtualStore
2022-03-20 19:25 - 2022-03-20 19:25 - 000000000 ____D C:\Users\Kristian\AppData\Local\ConnectedDevicesPlatform
2022-03-20 19:25 - 2022-03-20 19:25 - 000000000 ____D C:\Users\Kristian\AppData\Local\BraveSoftware
2022-03-20 19:25 - 2022-02-07 13:29 - 000001866 _____ C:\Users\Kristian\Desktop\Google Slides.lnk
2022-03-20 19:25 - 2022-02-07 13:29 - 000001866 _____ C:\Users\Kristian\Desktop\Google Sheets.lnk
2022-03-20 19:25 - 2022-02-07 13:29 - 000001854 _____ C:\Users\Kristian\Desktop\Google Docs.lnk
2022-03-20 19:25 - 2019-09-09 17:25 - 000000000 ___RD C:\Users\Kristian\OneDrive
2022-03-19 14:32 - 2022-03-21 01:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2022-03-19 14:32 - 2022-03-19 14:33 - 000388898 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2022-03-19 14:32 - 2022-03-19 14:32 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2022-03-19 12:01 - 2022-03-21 20:42 - 000133945 _____ C:\WINDOWS\ZAM.krnl.trace
2022-03-19 12:01 - 2022-03-21 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2022-03-19 12:01 - 2022-03-19 12:01 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2022-03-19 12:01 - 2022-03-19 12:01 - 000001340 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2022-03-19 12:01 - 2022-03-19 12:01 - 000000000 ____D C:\Users\khval\AppData\Local\Zemana
2022-03-19 12:01 - 2022-03-19 12:01 - 000000000 ____D C:\Program Files (x86)\Zemana
2022-03-19 12:00 - 2022-03-19 12:01 - 000000000 ____D C:\Users\khval\AppData\Local\AMSDK
2022-03-19 11:02 - 2022-03-19 11:02 - 000117212 _____ C:\WINDOWS\system32\CWindowsSystem32cmd.exe.zip
2022-03-19 11:02 - 2022-03-19 11:02 - 000098823 _____ C:\WINDOWS\SysWOW64\CWindowsSysWOW64cmd.exe.zip
2022-03-18 12:58 - 2022-03-18 12:58 - 000000000 ____D C:\WINDOWS\pss
2022-03-11 14:37 - 2022-03-11 14:37 - 000000000 ___HD C:$WinREAgent
2022-03-03 17:11 - 2022-03-04 16:21 - 000000000 ____D C:\Users\khval\AppData\Local\Adobe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-21 20:41 - 2021-07-11 16:43 - 000000000 ____D C:\FRST
2022-03-21 20:30 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-21 20:28 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-21 20:02 - 2020-02-05 10:24 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-21 20:02 - 2019-03-14 13:44 - 000000000 __SHD C:\Users\khval\IntelGraphicsProfiles
2022-03-21 19:26 - 2020-11-09 13:25 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-21 19:26 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-21 19:12 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-03-21 18:24 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-03-21 18:23 - 2019-03-15 15:11 - 000000000 ____D C:\swsetup
2022-03-21 13:14 - 2022-01-27 10:25 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-03-21 13:14 - 2022-01-27 10:25 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-03-21 08:54 - 2021-12-20 11:23 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-03-21 07:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-21 07:30 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-03-21 07:30 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-21 07:27 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-21 07:25 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-21 07:25 - 2019-03-14 13:44 - 000000000 ___RD C:\Users\khval\3D Objects
2022-03-21 07:25 - 2019-03-14 13:44 - 000000000 ____D C:\Users\khval\AppData\Local\ConnectedDevicesPlatform
2022-03-21 07:25 - 2018-10-10 23:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-03-21 01:08 - 2022-01-17 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-03-21 01:08 - 2019-12-07 03:18 - 000000000 ____D C:\WINDOWS\Setup
2022-03-21 01:08 - 2019-12-07 03:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-03-21 01:08 - 2019-12-07 03:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-03-21 01:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-03-21 01:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-03-21 01:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-03-21 01:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-21 01:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-03-21 01:08 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-03-21 01:08 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-03-21 01:08 - 2019-11-11 15:13 - 000000000 ____D C:\WINDOWS\SysWOW64\spool
2022-03-21 01:08 - 2019-11-11 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2022-03-21 01:08 - 2019-11-08 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-03-21 01:08 - 2019-08-07 20:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2022-03-21 01:08 - 2019-08-07 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
2022-03-21 01:08 - 2019-08-07 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-03-21 01:08 - 2019-06-20 12:44 - 000000000 ____D C:\Program Files\UNP
2022-03-21 01:08 - 2019-03-15 11:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-21 01:08 - 2019-01-18 11:38 - 000000000 ____D C:\WINDOWS\SysWOW64\WildTangent
2022-03-21 01:08 - 2019-01-18 11:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Amazon
2022-03-21 01:08 - 2019-01-18 11:15 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2022-03-21 01:08 - 2019-01-18 11:04 - 000000000 ____D C:\WINDOWS\system32\cAVS
2022-03-21 01:08 - 2019-01-18 11:00 - 000000000 ____D C:\Program Files\Intel
2022-03-21 01:08 - 2018-11-03 09:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2022-03-21 01:08 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-03-21 01:05 - 2021-02-18 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2022-03-21 01:05 - 2019-03-21 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-21 01:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-21 01:01 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-21 00:30 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemApps
2022-03-20 23:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-20 23:38 - 2019-12-07 03:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-03-20 23:37 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-03-20 23:36 - 2019-03-14 13:47 - 000000000 ___RD C:\Users\khval\OneDrive
2022-03-20 23:22 - 2019-12-07 03:14 - 000000000 __RSD C:\WINDOWS\Media
2022-03-20 23:17 - 2022-02-14 10:09 - 000000000 ____D C:\Users\khval\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-03-20 23:17 - 2020-01-10 11:58 - 000000000 ____D C:\Users\khval\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Halloran Software
2022-03-20 23:16 - 2019-03-14 13:44 - 000000000 ____D C:\Users\khval\AppData\Local\Packages
2022-03-20 23:15 - 2020-07-11 00:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-20 23:15 - 2020-07-11 00:43 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-03-20 23:15 - 2019-01-18 11:04 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-03-20 23:14 - 2021-02-17 10:16 - 000000000 ____D C:\WINDOWS\Firmware
2022-03-20 23:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-03-20 23:13 - 2019-01-18 11:08 - 000000000 ____D C:\Intel
2022-03-20 19:27 - 2021-08-21 15:23 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-03-20 19:27 - 2019-09-09 17:25 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-19 11:13 - 2019-03-14 14:12 - 000000000 ____D C:\Users\khval\AppData\Local\Spotify
2022-03-19 11:12 - 2019-03-14 14:11 - 000000000 ____D C:\Users\khval\AppData\Roaming\Spotify
2022-03-18 19:14 - 2019-08-07 19:12 - 000000000 ____D C:\Users\khval\AppData\Local\Battle.net
2022-03-18 17:37 - 2019-08-07 19:15 - 000000000 ____D C:\Program Files (x86)\StarCraft
2022-03-18 12:36 - 2022-01-17 18:01 - 000000000 ____D C:\ProgramData\RogueKiller
2022-03-17 17:38 - 2019-08-07 19:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-03-17 11:14 - 2021-07-22 10:39 - 000000000 ____D C:\Users\khval\AppData\Local\CrashDumps
2022-03-15 18:23 - 2020-08-23 15:35 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-15 18:15 - 2018-10-10 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 14:23 - 2019-03-15 11:47 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-02 10:54 - 2019-12-30 12:16 - 000000000 ____D C:\Users\khval\AppData\Roaming\Toolkit
2022-03-02 10:48 - 2019-08-02 14:44 - 000000000 ____D C:\Users\khval\AppData\Local\ElevatedDiagnostics
0-12-00 61033:33309 - 2019-01-18 11:05 - 000004664 ____R C:\WINDOWS\system32\Drivers\CxSfPt.DAT

==================== Files in the root of some directories ========

2019-12-08 20:23 - 2019-12-08 20:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D211B1.tmp
2020-08-05 14:09 - 2020-08-05 14:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D21345.tmp
2019-10-05 15:08 - 2019-10-05 15:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D21500.tmp
2019-10-20 14:38 - 2019-10-20 14:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D21690.tmp
2019-09-22 15:56 - 2019-09-22 15:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D216B7.tmp
2020-04-04 14:29 - 2020-04-04 14:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2173E.tmp
2019-09-07 13:07 - 2019-09-07 13:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D219A0.tmp
2020-08-06 19:02 - 2020-08-06 19:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D21A09.tmp
2020-12-22 18:27 - 2020-12-22 18:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D21B08.tmp
2019-11-30 19:13 - 2019-11-30 19:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D21C5B.tmp
2020-07-31 17:11 - 2020-07-31 17:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D21C97.tmp
2019-08-11 18:55 - 2019-08-11 18:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D21CE.tmp
2019-08-30 10:42 - 2019-08-30 10:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D21D26.tmp
2019-10-05 22:32 - 2019-10-05 22:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D21D81.tmp
2019-09-21 09:44 - 2019-09-21 09:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D21DC2.tmp
2019-12-15 16:06 - 2019-12-15 16:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D21F7E.tmp
2020-08-07 18:20 - 2020-08-07 18:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D22070.tmp
2019-10-20 14:30 - 2019-10-20 14:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D22108.tmp
2019-08-29 22:01 - 2019-08-29 22:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D22156.tmp
2020-12-26 20:40 - 2020-12-26 20:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D223E4.tmp
2019-10-10 20:51 - 2019-10-10 20:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D225D7.tmp
2019-09-04 21:44 - 2019-09-04 21:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D22810.tmp
2020-08-07 20:22 - 2020-08-07 20:22 - 000000000 _____ () C:\Users\khval\AppData\Local\D2290B.tmp
2019-08-11 16:27 - 2019-08-11 16:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D22A6A.tmp
2020-12-20 16:28 - 2020-12-20 16:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D22A80.tmp
2019-12-15 17:32 - 2019-12-15 17:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D22AF7.tmp
2019-08-23 15:10 - 2019-08-23 15:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D22B6.tmp
2020-12-13 17:36 - 2020-12-13 17:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D22D0D.tmp
2019-08-22 19:58 - 2019-08-22 19:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D22D1D.tmp
2019-09-15 20:48 - 2019-09-15 20:48 - 000000000 _____ () C:\Users\khval\AppData\Local\D22F27.tmp
2019-09-28 22:36 - 2019-09-28 22:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D23201.tmp
2020-08-11 11:42 - 2020-08-11 11:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D237FA.tmp
2021-01-10 15:16 - 2021-01-10 15:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D23893.tmp
2019-11-10 16:38 - 2019-11-10 16:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D238C8.tmp
2019-12-20 17:24 - 2019-12-20 17:24 - 000000000 _____ () C:\Users\khval\AppData\Local\D2394E.tmp
2019-11-16 16:53 - 2019-11-16 16:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D23BAC.tmp
2019-08-11 15:30 - 2019-08-11 15:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D23C97.tmp
2019-08-30 14:28 - 2019-08-30 14:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D23EE8.tmp
2019-09-22 11:21 - 2019-09-22 11:21 - 000000000 _____ () C:\Users\khval\AppData\Local\D23F76.tmp
2019-09-11 17:56 - 2019-09-11 17:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D23FAE.tmp
2019-08-25 22:39 - 2019-08-25 22:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D240BF.tmp
2019-09-18 19:33 - 2019-09-18 19:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D241BF.tmp
2020-12-26 19:01 - 2020-12-26 19:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D24201.tmp
2021-01-14 16:53 - 2021-01-14 16:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D24331.tmp
2019-08-08 23:26 - 2019-08-08 23:26 - 000000000 _____ () C:\Users\khval\AppData\Local\D24435.tmp
2019-09-03 18:00 - 2019-09-03 18:00 - 000000000 _____ () C:\Users\khval\AppData\Local\D24637.tmp
2019-09-21 09:38 - 2019-09-21 09:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D24679.tmp
2019-08-19 14:53 - 2019-08-19 14:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D247AC.tmp
2020-08-09 19:28 - 2020-08-09 19:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D247E8.tmp
2019-08-23 16:20 - 2019-08-23 16:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D247F5.tmp
2020-07-31 20:33 - 2020-07-31 20:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D24A10.tmp
2019-09-03 15:29 - 2019-09-03 15:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D24C94.tmp
2019-12-13 23:32 - 2019-12-13 23:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D24E29.tmp
2019-12-23 10:02 - 2019-12-23 10:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D24E74.tmp
2019-10-27 15:53 - 2019-10-27 15:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D24F5E.tmp
2020-12-07 14:59 - 2020-12-07 14:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D24F77.tmp
2019-10-22 18:40 - 2019-10-22 18:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D25438.tmp
2019-11-29 13:13 - 2019-11-29 13:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D254A6.tmp
2020-07-19 15:56 - 2020-07-19 15:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D2568C.tmp
2019-09-22 15:12 - 2019-09-22 15:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D256F3.tmp
2019-08-13 15:40 - 2019-08-13 15:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D257D7.tmp
2019-08-22 13:28 - 2019-08-22 13:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D25984.tmp
2020-04-13 15:52 - 2020-04-13 15:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D25C54.tmp
2019-08-07 20:47 - 2019-08-07 20:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D25D6B.tmp
2019-08-28 14:14 - 2019-08-28 14:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D25E12.tmp
2019-08-20 15:47 - 2019-08-20 15:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D25F8B.tmp
2020-08-03 21:17 - 2020-08-03 21:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D25FAC.tmp
2019-09-17 15:51 - 2019-09-17 15:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D2604E.tmp
2019-10-27 17:43 - 2019-10-27 17:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D263DA.tmp
2019-08-12 13:52 - 2019-08-12 13:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D2642C.tmp
2019-09-25 16:37 - 2019-09-25 16:37 - 000000000 _____ () C:\Users\khval\AppData\Local\D264BE.tmp
2019-09-25 20:56 - 2019-09-25 20:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D266A1.tmp
2019-12-16 16:02 - 2019-12-16 16:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D26876.tmp
2019-11-09 18:54 - 2019-11-09 18:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2697C.tmp
2019-09-21 09:41 - 2019-09-21 09:41 - 000000000 _____ () C:\Users\khval\AppData\Local\D269D.tmp
2020-08-01 18:03 - 2020-08-01 18:03 - 000000000 _____ () C:\Users\khval\AppData\Local\D26A69.tmp
2020-05-16 18:10 - 2020-05-16 18:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D26CB2.tmp
2019-09-17 22:07 - 2019-09-17 22:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D27005.tmp
2019-09-27 22:12 - 2019-09-27 22:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2730B.tmp
2019-10-13 14:12 - 2019-10-13 14:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2776C.tmp
2020-12-30 18:02 - 2020-12-30 18:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D27813.tmp
2019-08-25 14:56 - 2019-08-25 14:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D27868.tmp
2019-09-24 17:10 - 2019-09-24 17:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D27A04.tmp
2019-10-22 14:52 - 2019-10-22 14:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D27A08.tmp
2019-09-06 16:11 - 2019-09-06 16:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D27AC5.tmp
2019-08-19 16:10 - 2019-08-19 16:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D27E57.tmp
2019-10-20 14:01 - 2019-10-20 14:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D27F76.tmp
2020-07-30 16:14 - 2020-07-30 16:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D27FF1.tmp
2020-12-30 15:59 - 2020-12-30 15:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D28102.tmp
2019-09-26 17:29 - 2019-09-26 17:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D281B9.tmp
2019-12-12 11:41 - 2019-12-12 11:41 - 000000000 _____ () C:\Users\khval\AppData\Local\D281D5.tmp
2019-11-03 19:52 - 2019-11-03 19:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D281DA.tmp
2019-09-28 22:16 - 2019-09-28 22:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D282FB.tmp
2019-08-09 16:28 - 2019-08-09 16:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D2833D.tmp
2019-09-15 14:11 - 2019-09-15 14:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D28495.tmp
2019-12-14 21:07 - 2019-12-14 21:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D284B1.tmp
2019-09-26 16:20 - 2019-09-26 16:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D284E6.tmp
2019-09-03 13:34 - 2019-09-03 13:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D287B7.tmp
2019-10-09 17:40 - 2019-10-09 17:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D28961.tmp
2019-09-02 14:14 - 2019-09-02 14:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D28BF8.tmp
2019-10-24 17:29 - 2019-10-24 17:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D28C85.tmp
2020-08-09 17:38 - 2020-08-09 17:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D28E02.tmp
2020-01-05 16:38 - 2020-01-05 16:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D28E08.tmp
2019-09-15 10:12 - 2019-09-15 10:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D28EB0.tmp
2019-09-21 14:19 - 2019-09-21 14:19 - 000000000 _____ () C:\Users\khval\AppData\Local\D28FFE.tmp
2019-12-23 10:09 - 2019-12-23 10:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D29033.tmp
2019-08-14 14:29 - 2019-08-14 14:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2907C.tmp
2019-08-08 22:09 - 2019-08-08 22:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2922F.tmp
2019-09-22 21:08 - 2019-09-22 21:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D29504.tmp
2019-09-27 09:12 - 2019-09-27 09:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D29569.tmp
2019-09-04 20:34 - 2019-09-04 20:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D2973C.tmp
2020-08-09 18:44 - 2020-08-09 18:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D297E3.tmp
2019-09-04 13:43 - 2019-09-04 13:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D2987E.tmp
2019-12-08 16:31 - 2019-12-08 16:31 - 000000000 _____ () C:\Users\khval\AppData\Local\D298CF.tmp
2019-08-17 23:29 - 2019-08-17 23:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D298FB.tmp
2021-01-02 17:33 - 2021-01-02 17:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D29C14.tmp
2019-09-20 21:18 - 2019-09-20 21:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D29E6D.tmp
2020-12-27 20:08 - 2020-12-27 20:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D29E8D.tmp
2021-01-12 18:27 - 2021-01-12 18:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D29F72.tmp
2019-09-21 09:43 - 2019-09-21 09:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D29F8E.tmp
2019-11-09 11:05 - 2019-11-09 11:05 - 000000000 _____ () C:\Users\khval\AppData\Local\D29FD5.tmp
2019-08-11 20:11 - 2019-08-11 20:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A0EC.tmp
2019-12-16 18:36 - 2019-12-16 18:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A12C.tmp
2019-08-15 17:01 - 2019-08-15 17:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A211.tmp
2019-09-14 17:07 - 2019-09-14 17:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A452.tmp
2019-09-07 17:39 - 2019-09-07 17:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A4A4.tmp
2019-09-23 19:27 - 2019-09-23 19:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A526.tmp
2019-09-22 11:52 - 2019-09-22 11:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A5AB.tmp
2020-07-18 16:08 - 2020-07-18 16:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A6D9.tmp
2019-09-14 22:31 - 2019-09-14 22:31 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A71C.tmp
2019-11-30 12:39 - 2019-11-30 12:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A7F2.tmp
2019-09-04 15:33 - 2019-09-04 15:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A9D8.tmp
2019-08-13 22:58 - 2019-08-13 22:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AB2.tmp
2019-08-09 21:40 - 2019-08-09 21:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AC23.tmp
2019-09-02 13:09 - 2019-09-02 13:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AD11.tmp
2019-09-22 22:51 - 2019-09-22 22:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AD18.tmp
2019-08-10 21:58 - 2019-08-10 21:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AECA.tmp
2019-12-14 16:54 - 2019-12-14 16:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AF06.tmp
2019-08-12 17:16 - 2019-08-12 17:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B0F7.tmp
2020-08-02 15:09 - 2020-08-02 15:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B2A8.tmp
2019-08-19 20:13 - 2019-08-19 20:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B425.tmp
2019-10-05 20:23 - 2019-10-05 20:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B83C.tmp
2019-08-13 21:58 - 2019-08-13 21:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B942.tmp
2019-09-05 23:39 - 2019-09-05 23:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B9D7.tmp
2019-08-26 14:26 - 2019-08-26 14:26 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BBC7.tmp
2019-08-28 10:22 - 2019-08-28 10:22 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BBD9.tmp
2019-08-12 21:45 - 2019-08-12 21:45 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BD9D.tmp
2019-12-15 13:30 - 2019-12-15 13:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BF40.tmp
2020-08-08 16:42 - 2020-08-08 16:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C19D.tmp
2019-08-22 15:27 - 2019-08-22 15:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C25E.tmp
2019-12-16 21:18 - 2019-12-16 21:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C3C8.tmp
2019-08-19 17:55 - 2019-08-19 17:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C7B2.tmp
2019-12-20 19:18 - 2019-12-20 19:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D2CF1.tmp
2019-10-10 15:44 - 2019-10-10 15:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2CFF8.tmp
2020-01-15 13:54 - 2020-01-15 13:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D17A.tmp
2020-08-05 16:34 - 2020-08-05 16:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D1E0.tmp
2019-09-25 22:50 - 2019-09-25 22:50 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D34C.tmp
2019-09-25 23:17 - 2019-09-25 23:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D4E.tmp
2019-09-23 12:25 - 2019-09-23 12:25 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DAB7.tmp
2019-12-20 21:16 - 2019-12-20 21:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DAC7.tmp
2020-08-11 16:03 - 2020-08-11 16:03 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DB49.tmp
2019-08-15 17:30 - 2019-08-15 17:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DCA4.tmp
2019-10-10 15:38 - 2019-10-10 15:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DE67.tmp
2019-08-21 22:09 - 2019-08-21 22:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DFCB.tmp
2020-12-07 15:36 - 2020-12-07 15:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DFFF.tmp
2019-09-07 16:23 - 2019-09-07 16:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E1CC.tmp
2020-01-29 14:44 - 2020-01-29 14:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E402.tmp
2019-08-07 20:42 - 2019-08-07 20:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E456.tmp
2019-08-28 12:59 - 2019-08-28 12:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E4C6.tmp
2019-09-07 13:09 - 2019-09-07 13:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E567.tmp
2019-09-22 18:49 - 2019-09-22 18:49 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E5B3.tmp
2019-11-25 21:32 - 2019-11-25 21:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E972.tmp
2019-10-10 17:49 - 2019-10-10 17:49 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E9FE.tmp
2019-08-28 21:42 - 2019-08-28 21:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EC4E.tmp
2020-12-21 18:16 - 2020-12-21 18:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ECEE.tmp
2019-09-14 18:37 - 2019-09-14 18:37 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED10.tmp
2020-09-08 15:44 - 2020-09-08 15:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED1D.tmp
2019-08-13 11:06 - 2019-08-13 11:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED79.tmp
2019-08-26 15:55 - 2019-08-26 15:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EDA6.tmp
2020-08-02 19:38 - 2020-08-02 19:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EF76.tmp
2019-08-19 11:47 - 2019-08-19 11:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F011.tmp
2019-12-13 13:06 - 2019-12-13 13:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F019.tmp
2019-12-20 16:58 - 2019-12-20 16:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F05E.tmp
2019-08-07 20:13 - 2019-08-07 20:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F06F.tmp
2019-09-07 19:17 - 2019-09-07 19:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F0BB.tmp
2019-09-21 10:29 - 2019-09-21 10:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F254.tmp
2020-12-30 21:19 - 2020-12-30 21:19 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F404.tmp
2019-12-30 12:57 - 2019-12-30 12:57 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F73.tmp
2019-09-14 21:42 - 2019-09-14 21:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FB52.tmp
2019-12-20 20:32 - 2019-12-20 20:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FBA1.tmp
2019-10-20 20:06 - 2019-10-20 20:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FDD5.tmp
2019-12-09 19:38 - 2019-12-09 19:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FF6E.tmp
2019-08-12 00:12 - 2019-08-12 00:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FFE4.tmp
2022-02-16 12:32 - 2022-02-16 12:32 - 000002230 _____ () C:\Users\khval\AppData\Local\recently-used.xbel
2020-02-23 16:58 - 2020-02-23 16:58 - 000000017 _____ () C:\Users\khval\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)
[HEADING=1]==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022
Ran by khval (21-03-2022 20:42:46)
Running from C:\Users\khval\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) (2022-03-21 05:39:18)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2544099675-2571443181-3956208610-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2544099675-2571443181-3956208610-503 - Limited - Disabled)
Guest (S-1-5-21-2544099675-2571443181-3956208610-501 - Limited - Disabled)
khval (S-1-5-21-2544099675-2571443181-3956208610-1001 - Administrator - Enabled) => C:\Users\khval
Kristian (S-1-5-21-2544099675-2571443181-3956208610-1004 - Administrator - Enabled) => C:\Users\Kristian
WDAGUtilityAccount (S-1-5-21-2544099675-2571443181-3956208610-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABS PDF Install (HKLM-x32...{C42DD564-7DCD-4555-A7F3-15C0F46221D0}) (Version: 4.2.2 - Atlas Business Solutions, Inc.)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.011.20039 - Adobe Systems Incorporated)
Astrology for Windows (HKLM-x32...\ST6UNST #1) (Version: - )
[URL='http://Battle.net']Battle.net[/URL] (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
Blackmagic RAW Common Components (HKLM...{0F3BD969-5F12-4734-A4EF-91B30FB9B1D5}) (Version: 2.0 - Blackmagic Design)
Brave (HKLM-x32...\BraveSoftware Brave-Browser) (Version: 99.1.36.119 - Brave Software Inc)
CCleaner Update Helper (HKLM-x32...{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1187.1 - Piriform Software) Hidden
Diablo II (HKLM-x32...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Everything 1.4.1.1015 (x86) (HKLM-x32...\Everything) (Version: 1.4.1.1015 - voidtools)
Express Zip File Compression (HKLM-x32...\ExpressZip) (Version: 7.02 - NCH Software)
Fairlight Audio Accelerator Utility (HKLM...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
GIMP 2.10.28 (HKLM...\GIMP-2_is1) (Version: 2.10.28 - The GIMP Team)
Google Drive (HKLM...{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 55.0.3.0 - Google LLC)
Google Video Support Plugin (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
HP Audio Switch (HKLM-x32...{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Documentation (HKLM...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Dropbox Plugin (HKLM-x32...{C54DEA1F-7A8D-410B-A675-04E0FB562CB0}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32...{533B4739-13DD-4AAB-9524-070B3F0CE6ED}) (Version: 40.13.54.81239 - HP)
HP JumpStart Bridge (HKLM-x32...{016FBF6D-AEDE-4D33-87B4-DF6815EF674A}) (Version: 1.4.0.485 - HP Inc.)
HP Officejet 5740 series Basic Device Software (HKLM...{8C417009-7889-42BC-8164-C74FFF358CE6}) (Version: 40.13.1176.1978 - HP Inc.)
HP Officejet 5740 series Help (HKLM-x32...{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
I.R.I.S. OCR (HKLM-x32...{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Intel(R) Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.1.1030 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM...{88667F43-B63E-4046-AF02-35E5412B8FAF}) (Version: 16.5.1.1030 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32...{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 99.0.1150.46 - Microsoft Corporation)
Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32...{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32...{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM...\Mozilla Firefox 95.0.2 (x64 en-US)) (Version: 95.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 89.0 - Mozilla)
PhotoPad Image Editor (HKLM-x32...\PhotoPad) (Version: 5.50 - NCH Software)
Product Improvement Study for HP Officejet 5740 series (HKLM...{D4B37902-C484-4AAC-B3B8-70C203C4FAB3}) (Version: 40.13.1176.1978 - HP Inc.)
Project Diablo 2 (HKLM-x32...{822B3055-5F16-4934-A1FC-378AB0181A66}_is1) (Version: 1.0 - [URL='http://projectdiablo2.com']projectdiablo2.com[/URL])
QuickBooks (HKLM-x32...{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version: 29.0.4016.2901 - Intuit Inc.) Hidden
QuickBooks Pro 2019 (HKLM-x32...{FD44271B-DAFF-4C50-8E9B-998AA008606A}) (Version: 29.0.4009.2901 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM...{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
RogueKiller version 15.1.5.0 (HKLM...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.5.0 - Adlice Software)
Spotify (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\Spotify) (Version: 1.1.81.604.gccacfc8c - Spotify AB)
StarCraft (HKLM-x32...\StarCraft) (Version: - Blizzard Entertainment)
Toolkit (HKLM-x32...\Toolkit) (Version: 1.29.0.81 - Seagate)
[URL='http://Tweaking.com']Tweaking.com[/URL] - Windows Repair (HKLM-x32...\Tweaking.com - Windows Repair) (Version: 4.12.4 - [URL='http://Tweaking.com']Tweaking.com[/URL])
VLC media player (HKLM-x32...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows PC Health Check (HKLM...{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zemana AntiMalware version 3.2.28 (HKLM-x32...{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)
Zoom (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Dropbox promotion → C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2022-03-20] (Dropbox Inc.)
ELAN Touchpad Setting → C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2022-03-20] (ELAN Microelectronics Corporation)
Energy Star → C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2022-03-20] (HP Inc.)
Honey → C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2019-08-07] (Honey Science Corporation)
HP Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.2.173.0_x64__dt26b99r8h8gj [2022-03-20] (Realtek Semiconductor Corp)
HP CoolSense → C:\Program Files\WindowsApps\AD2F1837.HPCoolSense_1.0.6.0_x64__v10z8vjag6ke6 [2022-03-20] (HP Inc.)
HP JumpStart → C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2022-03-20] (HP Inc.)
HP PC Hardware Diagnostics Windows → C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.1.0_x64__v10z8vjag6ke6 [2022-03-20] (HP Inc.)
HP Privacy Settings → C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2022-03-20] (HP Inc.)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-03-20] (HP Inc.)
HP Support Assistant → C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.14.42.0_x64__v10z8vjag6ke6 [2022-03-20] (HP Inc.)
HP System Event Utility → C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6 [2022-03-20] (HP Inc.)
Intel® Graphics Command Center → C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2022-03-20] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel → C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2022-03-20] (INTEL CORP)
Intel® Optane™ Memory and Storage Management → C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1024.0_x64__8j3eq9eme6ctt [2022-03-20] (INTEL CORP)
Microsoft Access → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation) [MS Ad]
Microsoft Excel → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Office Desktop Apps → C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Outlook → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft PowerPoint → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Publisher → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-03-20] (Microsoft Studios) [MS Ad]
Microsoft Word → C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-03-20] (Netflix, Inc.)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-09] (Microsoft Corporation)
Phototastic Collage → C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.5.0_x64__nfy108tqq3p12 [2021-12-19] (Thumbmunkeys Ltd)
Plex → C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-03-14] (Plex)
Simple Solitaire → C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2022-03-20] (Random Salad Games LLC)
WildTangent Games → C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2022-03-20] (WildTangent Games)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC → Google LLC)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC → Google LLC)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC → Google LLC)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 → C:\Users\khval\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] → {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC → Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] → {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC → Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] → {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC → Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] → {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC → Google, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] → {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-12] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] → {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo → Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [DriveFS 28 or later] → {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC → Google, Inc.)
ContextMenuHandlers1: [ExpressZip] → {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2020-02-09] () [File not signed]
ContextMenuHandlers3: [OptaneContextMenu] → {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-12] () [File not signed] [File is in use]
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] → {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC → Google, Inc.)
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.033.0213.0002\FileSyncShell64.dll [2022-03-20] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] → {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC → Google, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] → {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo → Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [ExpressZip] → {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2020-02-09] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-02-09 15:47 - 2020-02-09 15:47 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2020-06-20 00:19 - 2020-06-20 00:19 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2018-06-12 22:01 - 2018-06-12 22:01 - 000125952 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => “”=“Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com
HKU\S-1-5-21-2544099675-2571443181-3956208610-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2544099675-2571443181-3956208610-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper → {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} → C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2022-02-25] (HP Inc. → HP Inc.)
BHO-x32: HP Network Check Helper → {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} → C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2022-02-25] (HP Inc. → HP Inc.)
Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} - C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll [2021-09-17] (Intuit, Inc. → Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2019-12-07] (Microsoft Windows → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\localhost → localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 01:31 - 2018-09-15 01:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Control Panel\Desktop\Wallpaper → C:\Users\khval\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_0332.jpg
HKU\S-1-5-21-2544099675-2571443181-3956208610-1004\Control Panel\Desktop\Wallpaper → C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\StartupFolder: => “Intuit Data Protect.lnk”
HKLM...\StartupApproved\StartupFolder: => “QuickBooks Update Agent.lnk”
HKLM...\StartupApproved\StartupFolder: => “QuickBooks_Standard_21.lnk”
HKLM...\StartupApproved\Run32: => “SecurityHealth”
HKLM...\StartupApproved\Run32: => “IAStorIcon”
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001...\StartupApproved\Run: => “GoogleDriveFS”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6227D470-0D4D-4D05-8009-76A212FE530B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14931.20132.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{44EC6CE6-5323-4FFD-BA12-ABACDFFA2774}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{1000D003-BA28-463B-8A09-9230A4A82AAD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{EF57565E-FB65-41EA-8FFA-D9C1EE878254}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{C20D7386-D035-4779-A1D1-DCD9B7AD5547}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{79D487FF-A063-4A2F-BA37-9FDDFE380E24}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{C61CEB76-8A69-4D76-98A0-E8A690B01591}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{86872B2F-9BAE-4D47-8816-AE5015869386}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{97705E2A-65F7-4F3B-BFED-27C389B1CB3B}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. → HP Development Company, L.P.)
FirewallRules: [{363F653C-6020-4F95-93D0-403AB68A5FD9}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. → HP Development Company, L.P.)
FirewallRules: [{2B40B7D9-B322-4CBF-9B2B-8DB5C57FB0E5}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{14B25BCD-6865-4596-93E4-D377BFE96CE6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [UDP Query User{9732A1A1-65B4-401F-8F9D-C701550D754F}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC → Seagate Technology LLC)
FirewallRules: [TCP Query User{737D3CE6-7DA0-4B88-99DD-879F712D8F25}C:\program files (x86)\toolkit\toolkit.exe] => (Allow) C:\program files (x86)\toolkit\toolkit.exe (SEAGATE TECHNOLOGY LLC → Seagate Technology LLC)
FirewallRules: [{F1E0EFD7-5C5B-40CB-B5F6-506440FD7A93}] => (Block) C:\users\khval\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{83591743-BC0A-45D0-B959-DC27946057EA}] => (Block) C:\users\khval\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [UDP Query User{EA4F6471-2A93-4FD7-87AB-DF7F84251AA6}C:\users\khval\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khval\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [TCP Query User{7420BA45-4C8C-474D-AD22-F904F8FC48D3}C:\users\khval\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\khval\appdata\roaming\spotify\spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{014B2C47-683C-4385-93A0-699C14508B70}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{1DEF9FCD-B668-49FC-831E-1F03EBDBD31C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation → Mozilla Corporation)
FirewallRules: [{07B5228F-097A-4C2F-91A2-5C984C8CDA5F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation → )
FirewallRules: [TCP Query User{2F25C5D1-AA3A-4AE2-B37B-16F4F4932446}C:\program files (x86)\starcraft\x86_64\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. → Blizzard Entertainment)
FirewallRules: [UDP Query User{8A7BB2C8-5A62-4073-86D5-A05F2AEFEE21}C:\program files (x86)\starcraft\x86_64\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. → Blizzard Entertainment)
FirewallRules: [{3F67C76D-477C-4D52-95F1-9445419AFEB1}] => (Block) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. → Blizzard Entertainment)
FirewallRules: [{F1769024-6712-4396-A096-738ABD52E3A1}] => (Block) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. → Blizzard Entertainment)
FirewallRules: [{76B6D491-CFAF-4311-8182-7819837BCED8}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{B7027DBC-D27A-43AD-8579-81DD0FC48C57}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe (HP Inc → HP Inc.)
FirewallRules: [{6214A0D6-2F85-41FC-92A1-A9069EA65C4D}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe (HP Inc → HP Inc.)
FirewallRules: [{AEBA2185-B3DA-479D-BA25-DF70C707FA39}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe (HP Inc → HP Inc.)
FirewallRules: [{D27D481C-871C-428D-BA2F-2120D078D4B3}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxPrinterUtility.exe (HP Inc → HP Inc.)
FirewallRules: [{C8F0D69D-74C3-4F33-B747-5A3A3612F256}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe (HP Inc → HP Inc.)
FirewallRules: [{CAFF5CA6-8465-481A-AFAA-DD1DCE44B5E8}] => (Allow) LPort=5357
FirewallRules: [{CDC8530E-50D6-4E97-914F-610CA66D9765}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc → HP Inc.)
FirewallRules: [{04A45153-2198-4D3B-8DA2-4B279F3B7800}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. → Brave Software, Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:930.28 GB) (Free:831.04 GB) (89%)

==================== Faulty Device Manager Devices ============

Name: System Firmware
Description: System Firmware
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: HP Inc.
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (03/21/2022 08:41:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 20.3.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2ea0

Start Time: 01d83d94c1972f81

Termination Time: 5

Application Path: C:\Users\khval\OneDrive\Desktop\FRST64.exe

Report Id: 0eeba3b1-a589-4a95-8543-81432e1d7c72

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (03/21/2022 08:05:54 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: LAPTOP-OH5CF8OA)
Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893

Error: (03/21/2022 07:30:42 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: LAPTOP-OH5CF8OA)
Description: microsoft.windows.cortana_cw5n1h2txyewy-2147024893

Error: (03/21/2022 07:27:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-OH5CF8OA.local already in use; will try LAPTOP-OH5CF8OA-2.local instead

Error: (03/21/2022 07:27:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 LAPTOP-OH5CF8OA.local. Addr 10.0.0.95

Error: (03/21/2022 07:27:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.95:5353 16 LAPTOP-OH5CF8OA.local. AAAA 2601:0285:8380:2A10:C9AA:6AD4:4994:35B6

Error: (03/21/2022 07:27:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-OH5CF8OA.local. AAAA FE80:0000:0000:0000:C9AA:6AD4:4994:35B6

Error: (03/21/2022 07:27:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.95:5353 16 LAPTOP-OH5CF8OA.local. AAAA 2601:0285:8380:2A10:C9AA:6AD4:4994:35B6
[HEADING=1]System errors:[/HEADING]
Error: (03/21/2022 08:01:52 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-OH5CF8OA)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (03/21/2022 08:01:52 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-OH5CF8OA)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (03/21/2022 08:01:52 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-OH5CF8OA)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (03/21/2022 07:27:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XTU3SERVICE service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/21/2022 07:27:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the XTU3SERVICE service to connect.

Error: (03/21/2022 07:26:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:19:39 PM on ‎3/‎21/‎2022 was unexpected.

Error: (03/21/2022 04:17:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XTU3SERVICE service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/21/2022 04:17:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the XTU3SERVICE service to connect.

Windows Defender:
================Event[0]:

Date: 2022-03-21 08:54:16
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

==================== Memory info ===========================

BIOS: Insyde F.24 09/10/2021
Motherboard: HP 84C0
Processor: Intel(R) Core™ i5-8265U CPU @ 1.60GHz
Percentage of memory in use: 61%
Total physical RAM: 8079.3 MB
Available physical RAM: 3083.98 MB
Total Virtual: 9807.3 MB
Available Virtual: 4794.45 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.28 GB) (Free:831.04 GB) NTFS

\?\Volume{8c56e236-a086-4de7-8ff4-ce3b2b78d37e}\ () (Fixed) (Total:0.96 GB) (Free:0.23 GB) NTFS
\?\Volume{0371b469-1b5f-488d-ad9e-8d94e5d312e0}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.12 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D094F5B8)

Partition: GPT.

==================== End of Addition.txt =======================

**Malnutrition** · 03-22-2022, 02:49 AM

OK, please run the fix and post the results, this particular fix may take 15 or so minutes.

**Malnutrition** · 03-22-2022, 03:09 AM

After FRST reboots your machine…
If you are still unable to open Command prompt as admin.

Download the attached file, then open the following location on your machine.

C:\Windows\System32

Delete the current copy of cmd.exe in that folder.
Or simply right click and rename it to cmd.bak instead of cmd.exe
Drag the attached file into this folder then unzip it there.
Reboot and check to see if you are able to open Command as admin.
Another member here was nice enough to help out with this…

**khval94** · 03-22-2022, 03:22 AM

[HEADING=1]

Code:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022
Ran by khval (21-03-2022 20:46:59) Run:2
Running from C:\Users\khval\OneDrive\Desktop
Loaded Profiles: khval & Kristian
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
CreateRestorePoint:
CloseProcesses:
CMD: “%WINDIR%\SYSTEM32\lodctr.exe” /R
CMD: “%WINDIR%\SysWOW64\lodctr.exe” /R
CMD: “C:\Windows\SysWOW64\lodctr.exe” /R
CMD: “C:\Windows\SYSTEM32\lodctr.exe” /R
cmd: DISM.exe /Online /Cleanup-image /Scanhealth
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: fltmc instances
SetDefaultFilePermissions: C:\Windows\System32\cmd.exe
CMD:del /s /q C:\Windows\SoftwareDistribution\download*.*
CMD: del /s /q "%userprofile%\AppData\Local\temp*."
CMD: sfc /scannow
C:\Windows\Temp*.
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
Reboot:
[HR][/HR]
Restore point was successfully created.
Processes closed successfully.

========= “%WINDIR%\SYSTEM32\lodctr.exe” /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= “%WINDIR%\SysWOW64\lodctr.exe” /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= “C:\Windows\SysWOW64\lodctr.exe” /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= “C:\Windows\SYSTEM32\lodctr.exe” /R =========

Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========

========= DISM.exe /Online /Cleanup-image /Scanhealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19044.1586

[== 4.9% ]

[== 4.9% ]

[=== 5.3% ]

[=== 6.0% ]

[=== 6.0% ]

[=== 6.4% ]

[=== 6.5% ]

[==== 7.1% ]

[==== 7.4% ]

[==== 7.8% ]

[==== 8.3% ]

[===== 9.1% ]

[===== 9.2% ]

[===== 9.7% ]

[===== 10.1% ]

[====== 10.8% ]

[====== 11.1% ]

[====== 11.6% ]

[====== 11.7% ]

[====== 11.8% ]

[======= 12.3% ]

[======= 12.7% ]

[======= 13.3% ]

[======= 13.5% ]

[======== 14.0% ]

[======== 14.9% ]

[======== 15.3% ]

[========= 16.3% ]

[========== 17.3% ]

[========== 18.2% ]

[=========== 19.2% ]

[=========== 20.2% ]

[============ 21.2% ]

[============ 22.1% ]

[============= 23.1% ]

[============= 24.1% ]

[============== 25.1% ]

[============== 25.7% ]

[=============== 26.1% ]

[=============== 27.1% ]

[================ 28.1% ]

[================ 29.1% ]

[================= 30.0% ]

[================= 31.0% ]

[================== 32.0% ]

[================== 32.6% ]

[=================== 32.9% ]

[=================== 33.2% ]

[=================== 33.9% ]

[==================== 34.5% ]

[==================== 34.8% ]

[==================== 35.2% ]

[==================== 35.6% ]

[==================== 35.7% ]

[==================== 35.8% ]

[==================== 35.9% ]

[==================== 36.1% ]

[==================== 36.2% ]

[===================== 37.0% ]

[===================== 37.9% ]

[====================== 38.7% ]

[======================= 39.7% ]

[======================= 40.7% ]

[======================== 41.7% ]

[======================== 42.6% ]

[========================= 43.6% ]

[========================= 44.6% ]

[========================== 45.6% ]

[========================== 45.9% ]

[===========================46.7% ]

[===========================47.5% ]

[===========================47.7% ]

[===========================48.7% ]

[===========================49.0% ]

[===========================49.3% ]

[===========================49.7% ]

[===========================50.0% ]

[===========================50.7% ]

[===========================51.4% ]

[===========================52.2% ]

[===========================52.5% ]

[===========================52.7% ]

[===========================53.4% ]

[===========================53.6% ]

[===========================54.5% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.6% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.1% ]

[===========================56.2% ]

[===========================56.5% ]

[===========================56.5% ]

[===========================56.7% ]

[===========================56.8% ]

[===========================57.0%= ]

[===========================57.3%= ]

[===========================57.4%= ]

[===========================57.7%= ]

[===========================57.9%= ]

[===========================57.9%= ]

[===========================58.1%= ]

[===========================58.3%= ]

[===========================58.5%= ]

[===========================58.5%= ]

[===========================58.9%== ]

[===========================59.0%== ]

[===========================59.1%== ]

[===========================59.3%== ]

[===========================59.7%== ]

[===========================60.0%== ]

[===========================60.4%=== ]

[===========================60.4%=== ]

[===========================61.2%=== ]

[===========================61.6%=== ]

[===========================61.7%=== ]

[===========================62.0%=== ]

[===========================62.1%==== ]

[===========================62.7%==== ]

[===========================62.9%==== ]

[===========================63.3%==== ]

[===========================63.3%==== ]

[===========================63.7%==== ]

[===========================64.0%===== ]

[===========================64.5%===== ]

[===========================64.9%===== ]

[===========================65.4%===== ]

[===========================66.0%====== ]

[===========================66.5%====== ]

[===========================66.7%====== ]

[===========================66.7%====== ]

[===========================66.7%====== ]

[===========================67.6%======= ]

[===========================68.1%======= ]

[===========================68.4%======= ]

[===========================68.7%======= ]

[===========================68.8%======= ]

[===========================68.9%======= ]

[===========================69.2%======== ]

[===========================69.5%======== ]

[===========================69.9%======== ]

[===========================70.0%======== ]

[===========================70.2%======== ]

[===========================70.3%======== ]

[===========================70.7%========= ]

[===========================71.1%========= ]

[===========================71.8%========= ]

[===========================72.8%========== ]

[===========================73.6%========== ]

[===========================73.6%========== ]

[===========================74.5%=========== ]

[===========================75.4%=========== ]

[===========================76.4%============ ]

[===========================77.4%============ ]

[===========================78.3%============= ]

[===========================79.3%============== ]

[===========================80.3%============== ]

[===========================81.3%=============== ]

[===========================82.2%=============== ]

[===========================83.2%================ ]

[===========================84.2%================ ]

[===========================84.5%================= ]

[===========================84.6%================= ]

[===========================84.7%================= ]

[===========================84.7%================= ]

[===========================84.7%================= ]

[===========================84.8%================= ]

[===========================85.0%================= ]

[===========================85.0%================= ]

[===========================85.1%================= ]

[===========================85.2%================= ]

[===========================85.2%================= ]

[===========================85.2%================= ]

[===========================85.3%================= ]

[===========================85.3%================= ]

[===========================85.4%================= ]

[===========================85.4%================= ]

[===========================85.5%================= ]

[===========================85.6%================= ]

[===========================85.6%================= ]

[===========================85.6%================= ]

[===========================85.7%================= ]

[===========================85.7%================= ]

[===========================85.8%================= ]

[===========================85.9%================= ]

[===========================85.9%================= ]

[===========================86.0%================= ]

[===========================86.0%================= ]

[===========================86.0%================= ]

[===========================86.0%================= ]

[===========================86.1%================= ]

[===========================86.2%================== ]

[===========================86.2%================== ]

[===========================86.4%================== ]

[===========================86.5%================== ]

[===========================86.6%================== ]

[===========================86.7%================== ]

[===========================86.8%================== ]

[===========================86.8%================== ]

[===========================86.8%================== ]

[===========================86.9%================== ]

[===========================87.0%================== ]

[===========================87.1%================== ]

[===========================87.2%================== ]

[===========================87.2%================== ]

[===========================87.3%================== ]

[===========================87.4%================== ]

[===========================87.4%================== ]

[===========================87.5%================== ]

[===========================87.5%================== ]

[===========================87.6%================== ]

[===========================87.6%================== ]

[===========================87.7%================== ]

[===========================87.7%================== ]

[===========================87.7%================== ]

[===========================87.8%================== ]

[===========================87.8%================== ]

[===========================87.9%================== ]

[===========================87.9%================== ]

[===========================88.0%=================== ]

[===========================88.0%=================== ]

[===========================88.1%=================== ]

[===========================88.1%=================== ]

[===========================88.2%=================== ]

[===========================88.2%=================== ]

[===========================88.3%=================== ]

[===========================88.3%=================== ]

[===========================88.4%=================== ]

[===========================88.4%=================== ]

[===========================88.5%=================== ]

[===========================88.6%=================== ]

[===========================88.7%=================== ]

[===========================88.9%=================== ]

[===========================89.0%=================== ]

[===========================89.2%=================== ]

[===========================89.3%=================== ]

[===========================89.4%=================== ]

[===========================89.5%=================== ]

[===========================89.6%=================== ]

[===========================89.7%==================== ]

[===========================89.7%==================== ]

[===========================89.9%==================== ]

[===========================89.9%==================== ]

[===========================89.9%==================== ]

[===========================90.0%==================== ]

[===========================90.1%==================== ]

[===========================90.2%==================== ]

[===========================90.2%==================== ]

[===========================90.2%==================== ]

[===========================90.3%==================== ]

[===========================90.3%==================== ]

[===========================91.0%==================== ]

[===========================91.3%==================== ]

[===========================91.4%===================== ]

[===========================91.5%===================== ]

[===========================91.6%===================== ]

[===========================91.6%===================== ]

[===========================91.7%===================== ]

[===========================92.0%===================== ]

[===========================92.2%===================== ]

[===========================92.2%===================== ]

[===========================93.2%====================== ]

[===========================93.2%====================== ]

[===========================93.5%====================== ]

[===========================94.4%====================== ]

[===========================95.4%======================= ]

[===========================95.8%======================= ]

[===========================96.8%======================== ]

[==========================100.0%==========================]
No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========

========= DISM.exe /Online /Cleanup-image /Restorehealth =========

Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19044.1586

[== 3.8% ]

[== 4.5% ]

[== 4.9% ]

[=== 5.4% ]

[=== 5.7% ]

[=== 6.2% ]

[=== 6.8% ]

[==== 6.9% ]

[==== 7.8% ]

[==== 7.8% ]

[==== 7.9% ]

[==== 8.2% ]

[==== 8.5% ]

[===== 9.4% ]

[===== 10.2% ]

[====== 11.2% ]

[======= 12.2% ]

[======= 13.1% ]

[======== 14.1% ]

[======== 14.9% ]

[========= 15.8% ]

[========= 16.5% ]

[========== 17.4% ]

[========== 18.3% ]

[========== 18.7% ]

[=========== 19.7% ]

[=========== 19.8% ]

[=========== 20.5% ]

[============ 20.8% ]

[============ 21.0% ]

[============ 21.1% ]

[============ 21.1% ]

[============ 21.5% ]

[============ 21.8% ]

[============ 22.0% ]

[============ 22.1% ]

[============= 22.5% ]

[============= 22.6% ]

[============= 22.6% ]

[============= 22.6% ]

[============= 22.7% ]

[============= 22.8% ]

[============= 23.4% ]

[============= 24.1% ]

[============== 25.1% ]

[=============== 26.0% ]

[=============== 27.0% ]

[================ 28.0% ]

[================ 29.0% ]

[================= 29.8% ]

[================= 30.7% ]

[================= 31.0% ]

[================== 31.3% ]

[================== 31.3% ]

[================== 31.8% ]

[================== 31.9% ]

[=================== 32.9% ]

[=================== 33.2% ]

[=================== 33.7% ]

[=================== 34.3% ]

[=================== 34.4% ]

[==================== 34.6% ]

[==================== 34.9% ]

[==================== 34.9% ]

[==================== 35.1% ]

[==================== 35.3% ]

[==================== 35.5% ]

[==================== 35.9% ]

[==================== 36.2% ]

[===================== 36.3% ]

[===================== 36.4% ]

[===================== 36.8% ]

[===================== 36.9% ]

[===================== 37.1% ]

[===================== 37.4% ]

[===================== 37.7% ]

[===================== 37.7% ]

[====================== 38.3% ]

[====================== 38.6% ]

[====================== 39.0% ]

[====================== 39.1% ]

[====================== 39.2% ]

[====================== 39.5% ]

[====================== 39.6% ]

[======================= 39.7% ]

[======================= 39.8% ]

[======================= 40.2% ]

[======================= 40.5% ]

[======================= 41.1% ]

[======================== 41.4% ]

[======================== 41.5% ]

[======================== 42.5% ]

[======================== 42.8% ]

[========================= 43.5% ]

[========================= 44.0% ]

[========================= 44.2% ]

[========================== 44.9% ]

[========================== 45.7% ]

[===========================46.7% ]

[===========================47.7% ]

[===========================48.7% ]

[===========================49.7% ]

[===========================50.6% ]

[===========================51.6% ]

[===========================52.5% ]

[===========================52.5% ]

[===========================52.5% ]

[===========================52.7% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.9% ]

[===========================52.9% ]

[===========================53.0% ]

[===========================53.0% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.2% ]

[===========================53.2% ]

[===========================53.3% ]

[===========================53.4% ]

[===========================53.5% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================53.8% ]

[===========================53.8% ]

[===========================53.9% ]

[===========================54.0% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.4% ]

[===========================54.5% ]

[===========================54.5% ]

[===========================54.5% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.6% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================55.9% ]

[===========================55.9% ]

[===========================56.1% ]

[===========================56.4% ]

[===========================56.6% ]

[===========================56.7% ]

[===========================56.8% ]

[===========================56.9%= ]

[===========================57.1%= ]

[===========================57.1%= ]

[===========================57.7%= ]

[===========================58.6%== ]

[===========================59.5%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========

========= fltmc instances =========

Filter Volume Name Altitude Instance Name Frame SprtFtrs VlStatus
[HR][/HR]
CldFlt C: 180451 CldFlt 0 00000007
FileInfo 40500 FileInfo 0 00000007
FileInfo C: 40500 FileInfo 0 00000007
FileInfo 40500 FileInfo 0 00000007
FileInfo \Device\Mup 40500 FileInfo 0 00000007
WdFilter 328010 WdFilter Instance 0 00000007
WdFilter C: 328010 WdFilter Instance 0 00000007
WdFilter 328010 WdFilter Instance 0 00000007
WdFilter \Device\Mup 328010 WdFilter Instance 0 00000007
Wof C: 40700 Wof Instance 0 00000007
Wof 40700 Wof Instance 0 00000007
amsdk 80682 AMSDKDefaultFilter 0 00000000
amsdk C: 80682 AMSDKDefaultFilter 0 00000000
amsdk 80682 AMSDKDefaultFilter 0 00000000
amsdk \Device\Mup 80682 AMSDKDefaultFilter 0 00000000
bindflt C: 409800 bindflt Instance 0 00000007
luafv C: 135000 luafv 0 00000007
npsvctrig \Device\NamedPipe 46000 npsvctrig 0 00000000
wcifs C: 189900 wcifs Instance 0 00000007

========= End of CMD: =========

“C:\Windows\System32\cmd.exe” => Default permissions restored successfully.

========= del /s /q C:\Windows\SoftwareDistribution\download*.* =========

Deleted file - C:\Windows\SoftwareDistribution\download\2990613525d3b95cc8823a31beede6770c2f9333
Deleted file - C:\Windows\SoftwareDistribution\download\3cab46ca93a43eecb050f5b667b1c226a7d238e6
Deleted file - C:\Windows\SoftwareDistribution\download\4f3e8bba3362b9186811a73fd8fe9cd28355cfe3
Deleted file - C:\Windows\SoftwareDistribution\download\cf1f882ed91af90efcf071c2fa5245472d0b0a4d
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\ActionList.xml
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\compdb.xml.cab
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\DownloadList.xml
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\DownloadList_old.xml
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\ExeUpdateAgentDeployment.cab
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\unifiedinstaller.exe
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\UpdHealthTools.cab
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\windlp.state-old.xml
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\windlp.state.xml
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\Metadata\compdb.xml
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\Metadata\compdb.xml.cab
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\Metadata\DeviceInventory.xml
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\Metadata\Dpx.dll
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\Metadata\ExeUpdateAgent.dll
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\Metadata\Mitigation.dll
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\Metadata\UAOneSettings.dll
Deleted file - C:\Windows\SoftwareDistribution\download\242652aff243f4825db874c8f5f29bc0\Metadata\UpdateAgent.dll
Deleted file - C:\Windows\SoftwareDistribution\download\fca65f505b0aebab6016a6208e928e1f\Windows10.0-KB5009467-x64-NDP48.cab
Deleted file - C:\Windows\SoftwareDistribution\download\fca65f505b0aebab6016a6208e928e1f\cbshandler\state
Deleted file - C:\Windows\SoftwareDistribution\download\Install\AM_Delta_Patch_1.361.426.0.exe
Deleted file - C:\Windows\SoftwareDistribution\download\SharedFileCache\8146361f2fed245c6b07f681b47c7054e73a72764ff52e398fe307630a274986
Deleted file - C:\Windows\SoftwareDistribution\download\SharedFileCache\eadf8c9b03826359e339e5b95ea3ab022ee74e0d7cac9d64ba61a94cb0c1637b

========= End of CMD: =========

========= del /s /q “%userprofile%\AppData\Local\temp*.*” =========

Deleted file - C:\Users\khval\AppData\Local\temp.ses
Deleted file - C:\Users\khval\AppData\Local\temp\04566a5e-866e-44f4-b2cd-a553041f8474.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\0c35ffca-20c6-43c1-9513-2e3a780d0c82.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\0e1102a6-a602-40ef-9908-804ece302f17.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\1992-1700-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\1992-3384-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\1992-3412-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\1992-7736-3.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\2028-5044-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\2028-616-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\3181f1fc-612c-46d2-b310-2bc42aa07e35.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\521917ee-ac30-40af-8882-3cba6c14cc13.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\5ed18bfd-4870-4e12-acc3-d46d50535dbe.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\64476b87-4fc7-4007-a8fb-e5809833d35f.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\66cd23c7-a9d1-4b65-ab3d-3733bbe302f6.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7516-10492-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-10456-12.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-1056-16.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-1072-3.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-10948-11.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-11348-6.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-11508-15.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-11512-4.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-11988-14.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-2096-17.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-2872-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-3104-8.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-4352-5.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-4380-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-4612-13.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-5020-10.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-5084-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-5636-7.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-6728-9.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\7596-7712-18.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\77982e49-1195-42f5-a370-2f679a367314.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8100-2008-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8100-3672-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8100-9252-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8176-10384-1.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8176-10680-2.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8176-1260-0.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\855480b7-9595-41b1-8c2b-eea93bb23502.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8607a52f-f07b-4c63-88ff-4a31cbc84741.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\87d5bdb7-54f7-43b6-a5e2-690e89cd473f.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\8e998394-3433-4c84-8f39-d14c81cb865f.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\957eb41d-f6fc-4690-8eed-af5868d3ae51.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9dfdb5f7-aba1-40e9-9aaa-f4d26cb83552.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\9f098a82-4482-4127-a954-3863b2ad1420.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\a6c6cb86-913d-4ba3-a618-a316205f889b.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\ae2cbf75-9aa4-4951-94c6-bcad682db557.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\b49a4d1c-e583-413f-aabf-bd3b97807507.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\bcc08175-175f-48f3-9679-2077cb0a1d85.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\c213d384-391c-4795-9f18-82ab1c23ee83.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\cbc1d657-3832-4240-9887-213504b17e62.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\cce0ba6f-8740-475e-ab54-a90817905050.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\chromium_installer.log
Deleted file - C:\Users\khval\AppData\Local\temp\codeint7623
Deleted file - C:\Users\khval\AppData\Local\temp\cv_debug.log
Deleted file - C:\Users\khval\AppData\Local\temp\d3eb78aa-390c-41a1-9166-1fcef08a9394.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\db21998a-f07e-4904-a152-9d048284cf78.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\e225f186-cc65-4596-85f5-f606cacdf747.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\e8a4b23b-393a-4535-b955-fa8c1171f500.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\eedad660-8b8a-4633-a46d-b68e14e51850.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\ef892ff0-cfa8-4898-b963-21cf78a3d247.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\LibraryConfigurationS.xml
Deleted file - C:\Users\khval\AppData\Local\temp\msedge_installer.log
Deleted file - C:\Users\khval\AppData\Local\temp\OptaneIconOverlay.ico
Deleted file - C:\Users\khval\AppData\Local\temp\QBEasyUpgrader29.log
Deleted file - C:\Users\khval\AppData\Local\temp\QBSearchIndexerError.txt
Deleted file - C:\Users\khval\AppData\Local\temp\r2u5EF.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\StructuredQuery.log
Deleted file - C:\Users\khval\AppData\Local\temp\u2h6DB.htm
Deleted file - C:\Users\khval\AppData\Local\temp\u2h6DB.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\UpdatesMeta.json
Deleted file - C:\Users\khval\AppData\Local\temp\wct34DA.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\wctE975.tmp
Deleted file - C:\Users\khval\AppData\Local\temp\wmsetup.log
Deleted file - C:\Users\khval\AppData\Local\temp{079A0D0C-EA4C-403B-AFFA-B7978A9ECFB6} - OProcSessId.dat
Deleted file - C:\Users\khval\AppData\Local\temp{5C4620B7-DB8E-4B62-861A-3D977BA8BA73} - OProcSessId.dat
Deleted file - C:\Users\khval\AppData\Local\temp{7FB887B6-2C20-441A-862E-305C96604B75}.png
Deleted file - C:\Users\khval\AppData\Local\temp{D4CA086B-3F18-4CDF-823E-16B1124E390A} - OProcSessId.dat
Deleted file - C:\Users\khval\AppData\Local\temp~DF1340F449317776CA.TMP
Deleted file - C:\Users\khval\AppData\Local\temp~DF13BD7F6FFE6C5850.TMP
Deleted file - C:\Users\khval\AppData\Local\temp~DF55F188736BE2E207.TMP
Deleted file - C:\Users\khval\AppData\Local\temp~DFB661EF307EE3D830.TMP
Deleted file - C:\Users\khval\AppData\Local\temp~DFC66556DA2CEE3110.TMP
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647883525784031400_656C2329-B39C-44C9-B567-49EA7DD23A5E.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647884061449294500_16183586-2694-4385-A850-8BC5B3E754D5.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647884066363272300_DA45C191-FB7B-4A83-8420-DFD080FA2F30.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647884555489673400_BBB9A015-D94C-4BA5-BFF8-18AEFF698003.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647906760019972000_E369B713-78B0-4C46-A211-4D186E90CBE8.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\EXCEL\App1647906760020399900_E369B713-78B0-4C46-A211-4D186E90CBE8.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\WINWORD\App1647879790830267800_FBC93C53-6C78-4586-889E-3F6F03A3F9A7.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\WINWORD\App1647879850748987100_DE31AEB7-68E0-4823-9B9D-9C4DA4E47CE8.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\WINWORD\App1647886919024020800_5C4620B7-DB8E-4B62-861A-3D977BA8BA73.log
Deleted file - C:\Users\khval\AppData\Local\temp\Diagnostics\WINWORD\App1647886919024527400_5C4620B7-DB8E-4B62-861A-3D977BA8BA73.log
Deleted file - C:\Users\khval\AppData\Local\temp\HP\AtStatus\hpinkstscd11lm.log
Deleted file - C:\Users\khval\AppData\Local\temp\MicroImageDir\IMG_0332.jpg
Deleted file - C:\Users\khval\AppData\Local\temp\TCD43C9.tmp\gosttitle.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD43CA.tmp\iso690.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD43DB.tmp\harvardanglia2008officeonline.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD43FD.tmp\turabian.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD43FE.tmp\mlaseventheditionofficeonline.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD44AC.tmp\sist02.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD44DF.tmp\gb.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD44E0.tmp\chicago.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD44F1.tmp\APASixthEditionOfficeOnline.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD4531.tmp\Text Sidebar (Annual Report Red and Black design).docx
Deleted file - C:\Users\khval\AppData\Local\temp\TCD45A3.tmp\iso690nmerical.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD45B3.tmp\ieee2006officeonline.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\TCD45B4.tmp\gostname.xsl
Deleted file - C:\Users\khval\AppData\Local\temp\Temp1_PowerRun.zip\PowerRun\PowerRun.exe
Deleted file - C:\Users\khval\AppData\Local\temp\Temp1_Wub.zip\Wub\Wub.exe
Deleted file - C:\Users\khval\AppData\Local\temp{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1704_1\dbdata17.dll

========= End of CMD: =========

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========

=========== “C:\Windows\Temp*.*” ==========

C:\Windows\Temp\chromium_installer.log => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpCopyAccelerator.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\MSI40936.LOG => moved successfully
C:\Windows\Temp\tem8F8F.tmp => moved successfully
C:\Windows\Temp\u1w8.0 => moved successfully
C:\Windows\Temp\u1w8.1 => moved successfully
C:\Windows\Temp\u1w8.2 => moved successfully
C:\Windows\Temp\u1w8.3 => moved successfully
C:\Windows\Temp\u1ys.0 => moved successfully
C:\Windows\Temp\u1ys.1 => moved successfully
C:\Windows\Temp\u1ys.2 => moved successfully
C:\Windows\Temp\u1ys.3 => moved successfully
C:\Windows\Temp\wct23F4.tmp => moved successfully
C:\Windows\Temp\wct35A8.tmp => moved successfully
C:\Windows\Temp~DFA605791D6C89368B.TMP => moved successfully

========= End → “C:\Windows\Temp*.*” ========

=========== “C:\WINDOWS\system32*.tmp” ==========

not found

========= End → “C:\WINDOWS\system32*.tmp” ========

=========== “C:\WINDOWS\syswow64*.tmp” ==========

not found

========= End → “C:\WINDOWS\syswow64*.tmp” ========

The system needed a reboot.

==== End of Fixlog 21:15:23 ====

[/HEADING]

**Malnutrition** · 03-22-2022, 03:27 AM

Let me know if you are able to open the command prompt as admin.

**khval94** · 03-22-2022, 03:39 AM

It still won’t open as admin!

I really truly appreciate all the help!!

**Malnutrition** · 03-22-2022, 03:42 AM

You placed the newest file there?

Forums - PC Help Forum

https://pchelpforum.net/t/cant-open-command-prompt-other-issue.74005/post-141944

PCHF Forums

**khval94** · 03-22-2022, 03:44 AM

Yep! I did as you suggested… on the plus side all the thumbnails are showing up

**Malnutrition** · 03-22-2022, 03:57 AM

Can you now run the All in one tool as admin? If so please run it in safe mode with all boxes ticked,

**khval94** · 03-22-2022, 03:58 AM

No that won’t run as admin either.

ACtually yes, now it will run

Can't open Command Prompt & Other issue

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment