Hi PCHF,
Truly appreciate this community and all that goes into it! You've helped me a number of times in the past years.
My machine has seemed to be running progressively slower over the past few months. Done my best to keep it clean and optimized but I'm not sure what's going on. The fan runs on high at all times when I'm using the computer and start up seems to be reeeaally slow. I would love some help bringing this thing back into optimal condition. 🙂
Many thanks in advance to whomever offers to help!
Here are my logs:
FRST:
Addition:
Truly appreciate this community and all that goes into it! You've helped me a number of times in the past years.
My machine has seemed to be running progressively slower over the past few months. Done my best to keep it clean and optimized but I'm not sure what's going on. The fan runs on high at all times when I'm using the computer and start up seems to be reeeaally slow. I would love some help bringing this thing back into optimal condition. 🙂
Many thanks in advance to whomever offers to help!
Here are my logs:
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08.2024
Ran by khval (administrator) on LAPTOP-OH5CF8OA (HP HP Pavilion Laptop 15-cs1xxx) (03-09-2024 10:57:10)
Running from C:\Users\khval\OneDrive\Desktop\FRST64.exe
Loaded Profiles: khval
Platform: Microsoft Windows 11 Home Version 23H2 22631.4037 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <4>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.8806\Agent.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Microsoft Corporation) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\WebView2\msedgewebview2.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxEM.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\BridgeCommunication.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.20.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <18>
(explorer.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(services.exe ->) (Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Gen Digital Inc. -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_dc7a0fe3ada1cbf5\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_dc2a57d591329a30\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a2d86d775f73d911\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a2d86d775f73d911\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\XboxGameBarSpotify.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14931.20132.0_x86__8wekyb3d8bbwe\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14931.20132.0_x86__8wekyb3d8bbwe\Office16\SDXHelperBgt.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319520 2018-07-05] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [536624 2023-06-08] (HP Inc. -> HP Inc.)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2619296 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45120304 2024-08-16] (Gen Digital Inc. -> Piriform Software Ltd)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [45120304 2024-08-16] (Gen Digital Inc. -> Piriform Software Ltd)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3770528 2021-11-15] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\Run: [f.lux] => C:\Users\khval\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-02-21] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2619296 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP CD11 Status Monitor: C:\WINDOWS\system32\hpinkstsCD11LM.dll [391992 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\114.0.1823.41\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\128.1.69.160\Installer\chrmstp.exe [2024-08-30] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
IFEO\EOSnotify.exe: [Debugger] /
IFEO\InstallAgent.exe: [Debugger] /
IFEO\MusNotification.exe: [Debugger] /
IFEO\MusNotificationUx.exe: [Debugger] /
IFEO\remsh.exe: [Debugger] /
IFEO\SihClient.exe: [Debugger] /
IFEO\UpdateAssistant.exe: [Debugger] /
IFEO\upfc.exe: [Debugger] /
IFEO\UsoClient.exe: [Debugger] /
IFEO\WaaSMedic.exe: [Debugger] /
IFEO\WaasMedicAgent.exe: [Debugger] /
IFEO\Windows10Upgrade.exe: [Debugger] /
IFEO\Windows10UpgraderApp.exe: [Debugger] /
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {929409EE-549D-44E7-BA88-7AD72E73BB98} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1563080 2024-07-31] (Adobe Inc. -> Adobe Inc.)
Task: {99CBD18C-8340-47E6-9689-0074EC64B6D2} - System32\Tasks\AMHelper => "C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe" /UPDATE (No File)
Task: {ACBCAD2C-EE11-4D49-B465-BE718DC39A6F} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-27] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A209A6EB-4166-45B6-A169-BCAE0625B6DF} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-27] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {18394B87-91E7-4D56-B278-6E529F6493E0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [829408 2024-08-16] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {9F6B16B5-B7D7-439E-B74C-B99689CD1C27} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5075248 2024-08-16] (Gen Digital Inc. -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "6ed30874-c85c-4ab3-8435-16a065c5c583" --version "6.27.11214" --silent
Task: {0E35E801-82E6-4F70-8628-19BD970D67F2} - System32\Tasks\CCleanerSkipUAC - khval => C:\Program Files\CCleaner\CCleaner.exe [39072560 2024-08-16] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {5F67B163-4B94-430B-9208-093D03774194} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001Core => C:\Users\khval\AppData\Local\Google\Update\GoogleUpdate.exe [156104 2020-01-18] (Google LLC -> Google LLC)
Task: {C03E7A5C-D5C1-4979-992C-65CED8CDB60E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2544099675-2571443181-3956208610-1001UA => C:\Users\khval\AppData\Local\Google\Update\GoogleUpdate.exe [156104 2020-01-18] (Google LLC -> Google LLC)
Task: {4DBAF91F-0623-434E-8BBF-884853A1A3D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [314032 2022-02-25] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {DCC33EAF-A59A-40DB-ACB1-87E9242A6BFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-02-25] (HP Inc. -> HP Inc.)
Task: {07945B67-999E-4885-9EC9-AD636BFB2993} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-02-25] (HP Inc. -> HP Inc.)
Task: {0EA64369-2001-407A-907B-654C30280A5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-02-25] (HP Inc. -> HP Inc.)
Task: {B4ACCB5C-D087-4E9F-B22A-F85AFA5C9EFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH6425X15V => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145944 2022-02-25] (HP Inc. -> HP Inc.)
Task: {ECA6E8BA-AE0D-4A26-8DB3-3FD4C2FC7BBA} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [6439584 2021-11-15] (HP Inc. -> HP Inc.)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {767A9276-EE1B-4139-B86C-3E3C61CAD625} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {AFF02678-BBE8-446A-A292-93B59CAFE01A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {5524F5C0-F853-4288-9DD0-E454025D17BB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {B2A07C9A-E5CE-4F58-9F2B-A1ECCF19597B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {0861A3AB-D4D2-449D-9CDA-9932B0D8E782} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4DE2C763-EB69-4C75-B754-D55E97A8C50C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A383D39D-9854-4357-A0E9-BCF61B84791C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {11279282-4031-471B-9643-5942139D31C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5850DF9E-C54B-4AD0-84F5-8BD81678D529} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d998b9d5109660 => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {65EC7BA0-1D8A-4A84-B170-EB7E833B0D70} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {436F78DE-D50D-46F1-81A0-9BB2A3018CCD} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676936 2024-08-20] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7FB10D47-5F72-4F61-972C-C2F79DFD28AB} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2544099675-2571443181-3956208610-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676936 2024-08-20] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {5257060C-2E24-46CF-8CB4-3BAC513A38EE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-08-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {22F1D44E-CFD1-4D65-8EDE-6F86FF271ED6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {3467DB36-0F33-4675-9D16-F459A811B6D3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2544099675-2571443181-3956208610-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF2E4DD0-2476-4F6E-BFD8-C0A08EA0B5AF} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2544099675-2571443181-3956208610-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F0FD26F3-D080-40D1-BE96-FD2C2909D980} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe (No File)
Task: {EB297B3B-B80C-49A2-907B-B4290A54F8AE} - System32\Tasks\RtkAudUService64_BG => C:\windows\system32\RtkAudUService64.exe [838648 2019-06-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0e48ef0e-80c2-4576-a7e7-80de026ef422}: [NameServer] 198.101.242.72,23.253.163.53
Tcpip\..\Interfaces\{6a51abae-bb7c-4605-a0ad-23f625f9d4c1}: [NameServer] 198.101.242.72,23.253.163.53
Tcpip\..\Interfaces\{96dd34bf-6f66-4179-8d23-a8116cb9f37a}: [NameServer] 198.101.242.72,23.253.163.53
Tcpip\..\Interfaces\{96dd34bf-6f66-4179-8d23-a8116cb9f37a}: [DhcpNameServer] 40.23.1.13
Tcpip\..\Interfaces\{af5867c7-6a1d-4ef0-a9be-79014e895dec}: [NameServer] 198.101.242.72,23.253.163.53
Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}: [NameServer] 198.101.242.72,23.253.163.53,10.0.0.1
Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}: [DhcpDomain] hsd1.co.comcast.net
Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}\7303036427F6E647: [NameServer] 198.101.242.72,23.253.163.53,10.0.0.1
Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}\7303036427F6E647: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{d7cae278-d214-40d0-8b9a-e904aefec574}\7303036427F6E647: [DhcpDomain] hsd1.co.comcast.net
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-02]
Edge DownloadDir: Default -> C:\Users\khval\Downloads
Edge HomePage: Default -> hxxps://www.ecosia.org/
Edge StartupUrls: Default -> "hxxps://www.ecosia.org/"
Edge Extension: (Honey) - C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2022-03-11]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\khval\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: yqtpi9ki.default-1653582846801
FF ProfilePath: C:\Users\khval\AppData\Roaming\Mozilla\Firefox\Profiles\yqtpi9ki.default-1653582846801 [2024-09-02]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default [2022-03-22]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D110919-N0630A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
CHR Extension: (Slides) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-29]
CHR Extension: (Docs) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-29]
CHR Extension: (YouTube) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-29]
CHR Extension: (Sheets) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-29]
CHR Extension: (Google Docs Offline) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-28]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-19]
CHR Extension: (Gmail) - C:\Users\khval\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-28]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jdanfkhnfpagoijgfmklhgakdicpnfil]
CHR HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-09-03]
BRA Extension: (Solflare Wallet) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bhhhlbepdkbapadjdnnojkbgioiodbic [2024-09-02]
BRA Extension: (Trust Wallet) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\egjidjbpglichdcondbcbdnbeeppgdph [2024-09-02]
BRA Extension: (CapCut | All-in-one video editor) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jkcgndnbpedekonoofmlhcpdgminfeol [2024-05-09]
BRA Extension: (MetaMask) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-09-03]
BRA Extension: (Wallet Guard: Protect Your Crypto) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pdgbckgdncnhihllonhnjbdoighgpimk [2024-09-03]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-08-31]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-09-03]
BRA Extension: (Brave NTP background images) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-01]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-09-03]
BRA Extension: (Wallet Data Files Updater) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-22]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-09-03]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-12-03]
BRA Extension: (Brave NTP sponsored images) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2024-09-03]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-08-12]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2022-01-27]
BRA Extension: (Brave Ads Resources) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2024-08-28]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-09-03]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-11]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-08-28]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\khval\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-07-31] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2569352 2024-09-02] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2020-02-05] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-27] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\128.1.69.160\elevation_service.exe [2658840 2024-08-29] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2022-01-27] (Brave Software, Inc. -> BraveSoftware Inc.)
R3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1086256 2024-08-16] (Gen Digital Inc. -> Piriform Software Ltd)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncHelper.exe [3382176 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\AppHelperCap.exe [928192 2024-07-18] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\DiagsCap.exe [926768 2024-07-18] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\NetworkCap.exe [922672 2024-07-18] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [260256 2022-01-31] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe [926248 2024-07-18] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8965728 2024-08-12] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-07-11] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.045.0227.0004\OneDriveUpdaterService.exe [3861400 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15368624 2023-03-21] (ADLICE -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2022-03-19] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [108480 2018-06-25] (Alcorlink Corp. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-06] (Microsoft Corporation) [File not signed]
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218608 2024-06-24] (Microsoft Windows -> Microsoft Corporation)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [231504 2024-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-01-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl8217bd95; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DD5BD2E-0301-4886-9506-ACA825B097F7}\MpKslDrv.sys [271640 2024-09-03] (Microsoft Windows -> Microsoft Corporation)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [41920 2024-09-02] (ADLICE (Julien ASCOET) -> )
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2023-11-16] (Microsoft Windows -> )
S3 VSScanner; C:\WINDOWS\System32\DRIVERS\vsscanner.sys [29752 2018-06-25] (Microsoft Windows Hardware Compatibility Publisher -> VoodooSoft, LLC)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-08-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602504 2024-08-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-08-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-09-03 10:59 - 2024-09-03 10:59 - 008790880 _____ (Malwarebytes) C:\Users\khval\OneDrive\Desktop\adwcleaner.exe
2024-09-03 10:57 - 2024-09-03 10:58 - 000037894 _____ C:\Users\khval\OneDrive\Desktop\FRST.txt
2024-09-03 10:56 - 2024-09-03 10:56 - 002397184 _____ (Farbar) C:\Users\khval\OneDrive\Desktop\FRST64.exe
2024-09-02 16:20 - 2024-09-02 16:21 - 000000000 ____D C:\Users\khval\AppData\Local\Adobe
2024-09-02 16:13 - 2024-09-02 16:13 - 000000000 ____D C:\ProgramData\Battle.net_components
2024-09-02 10:42 - 2024-09-02 10:42 - 002961151 _____ C:\Users\khval\OneDrive\Desktop\geek.zip
2024-08-20 13:43 - 2024-08-20 13:43 - 016369448 _____ (Audacity Team ) C:\Users\khval\Downloads\audacity-win-3.6.1-64bit.exe
2024-08-20 13:41 - 2024-08-20 13:41 - 317370446 _____ C:\Users\khval\OneDrive\Desktop\Imbibe-The-Mystery-wav.wav
2024-08-20 13:39 - 2024-08-20 13:39 - 078917222 _____ C:\Users\khval\OneDrive\Desktop\Imbibe The Mystery 2024.06.24.m4a
2024-08-20 09:27 - 2024-08-31 09:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-08-14 12:31 - 2024-09-02 10:40 - 000041920 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2024-08-14 10:40 - 2024-08-14 10:40 - 000026169 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-08-14 10:37 - 2024-08-14 10:37 - 000026169 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-08-09 11:59 - 2024-08-09 11:59 - 000347772 _____ C:\Users\khval\OneDrive\Desktop\Client_K_HVAL_Policy_Issued_-_Please_Review.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-09-03 10:58 - 2021-07-11 16:43 - 000000000 ____D C:\FRST
2024-09-03 10:58 - 2019-08-07 19:12 - 000000000 ____D C:\Users\khval\AppData\Local\Battle.net
2024-09-03 10:54 - 2022-05-06 23:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-03 10:48 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-03 10:48 - 2019-08-07 19:15 - 000000000 ____D C:\Program Files (x86)\StarCraft
2024-09-03 10:25 - 2022-05-06 23:22 - 000000000 ____D C:\WINDOWS\INF
2024-09-03 10:23 - 2023-06-06 14:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-03 08:59 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-03 08:58 - 2019-03-15 18:27 - 000000000 ____D C:\Users\khval\AppData\Local\D3DSCache
2024-09-02 16:15 - 2019-08-07 19:18 - 000000000 ____D C:\Users\khval\OneDrive\Documents\StarCraft
2024-09-02 16:14 - 2019-08-07 19:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2024-09-02 16:10 - 2023-11-10 12:40 - 000000000 ___RD C:\Users\khval\iCloudPhotos
2024-09-02 16:10 - 2023-11-10 12:40 - 000000000 ___RD C:\Users\khval\iCloudDrive
2024-09-02 16:09 - 2022-03-30 16:02 - 000000000 ____D C:\Program Files\CCleaner
2024-09-02 15:48 - 2019-03-14 13:44 - 000000000 __SHD C:\Users\khval\IntelGraphicsProfiles
2024-09-02 11:21 - 2023-05-14 09:03 - 000000000 ____D C:\Users\khval\AppData\Local\Malwarebytes
2024-09-02 11:20 - 2020-02-09 16:18 - 000000000 ____D C:\Users\khval\OneDrive\Desktop\Tools
2024-09-02 11:20 - 2019-11-11 15:09 - 000000000 ____D C:\Program Files (x86)\Intuit
2024-09-02 11:19 - 2019-11-11 15:23 - 000000000 ____D C:\Users\khval\AppData\Local\Intuit
2024-09-02 11:19 - 2019-11-11 15:10 - 000000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2024-09-02 11:19 - 2019-11-11 15:10 - 000000000 ____D C:\ProgramData\Intuit
2024-08-30 11:40 - 2022-05-06 23:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-08-30 09:58 - 2022-01-27 10:25 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-08-29 09:12 - 2023-06-06 15:10 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-08-29 09:11 - 2022-10-18 07:47 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-08-28 11:35 - 2024-03-04 13:12 - 000000000 ____D C:\Users\khval\OneDrive\Documents\Audacity
2024-08-28 11:35 - 2024-03-04 13:12 - 000000000 ____D C:\Users\khval\AppData\Roaming\audacity
2024-08-26 08:39 - 2023-06-06 15:02 - 000946836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-08-26 08:35 - 2022-05-26 10:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-08-26 08:31 - 2023-06-06 15:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-08-26 08:31 - 2022-09-23 11:38 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-08-26 08:31 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-08-26 08:31 - 2020-11-09 13:25 - 000012288 ___SH C:\DumpStack.log.tmp
2024-08-26 08:31 - 2019-04-14 20:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-08-22 19:40 - 2023-06-06 15:10 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-08-22 19:40 - 2023-06-06 15:10 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-08-20 13:44 - 2024-03-04 13:12 - 000000872 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2024-08-20 13:44 - 2024-03-04 13:12 - 000000000 ____D C:\Program Files\Audacity
2024-08-20 09:34 - 2023-06-06 15:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-08-20 09:34 - 2019-04-14 20:36 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-08-20 09:00 - 2020-08-17 11:01 - 000000000 ____D C:\Users\khval\OneDrive\Documents\Zoom
2024-08-17 16:42 - 2019-03-14 13:44 - 000000000 ____D C:\Users\khval\AppData\Local\Packages
2024-08-17 16:42 - 2018-10-10 23:58 - 000000000 ____D C:\ProgramData\Packages
2024-08-17 16:25 - 2023-06-06 14:53 - 000000000 ____D C:\Users\khval
2024-08-17 16:23 - 2023-09-26 12:36 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-08-14 12:30 - 2022-05-06 23:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-08-14 12:28 - 2023-06-06 14:40 - 000345368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-08-14 12:24 - 2023-10-12 11:54 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\system32\lxss
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\WUModels
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\UUS
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\schemas
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-08-14 12:24 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-08-14 12:15 - 2022-05-06 23:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-08-14 12:13 - 2019-03-15 11:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-08-14 12:10 - 2019-03-15 11:47 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-08-14 10:47 - 2022-05-06 23:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-08-14 10:47 - 2022-05-06 23:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-08-08 16:01 - 2018-10-10 23:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
0-00-00 02:00 - 2019-01-18 11:05 - 000004664 ____R C:\WINDOWS\system32\Drivers\CxSfPt.DAT
==================== Files in the root of some directories ========
2019-12-08 20:23 - 2019-12-08 20:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D211B1.tmp
2020-08-05 14:09 - 2020-08-05 14:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D21345.tmp
2019-10-05 15:08 - 2019-10-05 15:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D21500.tmp
2019-10-20 14:38 - 2019-10-20 14:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D21690.tmp
2019-09-22 15:56 - 2019-09-22 15:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D216B7.tmp
2020-04-04 14:29 - 2020-04-04 14:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2173E.tmp
2019-09-07 13:07 - 2019-09-07 13:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D219A0.tmp
2020-08-06 19:02 - 2020-08-06 19:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D21A09.tmp
2020-12-22 18:27 - 2020-12-22 18:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D21B08.tmp
2019-11-30 19:13 - 2019-11-30 19:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D21C5B.tmp
2020-07-31 17:11 - 2020-07-31 17:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D21C97.tmp
2019-08-11 18:55 - 2019-08-11 18:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D21CE.tmp
2019-08-30 10:42 - 2019-08-30 10:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D21D26.tmp
2019-10-05 22:32 - 2019-10-05 22:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D21D81.tmp
2019-09-21 09:44 - 2019-09-21 09:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D21DC2.tmp
2019-12-15 16:06 - 2019-12-15 16:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D21F7E.tmp
2020-08-07 18:20 - 2020-08-07 18:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D22070.tmp
2019-10-20 14:30 - 2019-10-20 14:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D22108.tmp
2019-08-29 22:01 - 2019-08-29 22:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D22156.tmp
2020-12-26 20:40 - 2020-12-26 20:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D223E4.tmp
2019-10-10 20:51 - 2019-10-10 20:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D225D7.tmp
2019-09-04 21:44 - 2019-09-04 21:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D22810.tmp
2020-08-07 20:22 - 2020-08-07 20:22 - 000000000 _____ () C:\Users\khval\AppData\Local\D2290B.tmp
2019-08-11 16:27 - 2019-08-11 16:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D22A6A.tmp
2020-12-20 16:28 - 2020-12-20 16:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D22A80.tmp
2019-12-15 17:32 - 2019-12-15 17:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D22AF7.tmp
2019-08-23 15:10 - 2019-08-23 15:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D22B6.tmp
2020-12-13 17:36 - 2020-12-13 17:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D22D0D.tmp
2019-08-22 19:58 - 2019-08-22 19:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D22D1D.tmp
2019-09-15 20:48 - 2019-09-15 20:48 - 000000000 _____ () C:\Users\khval\AppData\Local\D22F27.tmp
2019-09-28 22:36 - 2019-09-28 22:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D23201.tmp
2020-08-11 11:42 - 2020-08-11 11:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D237FA.tmp
2021-01-10 15:16 - 2021-01-10 15:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D23893.tmp
2019-11-10 16:38 - 2019-11-10 16:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D238C8.tmp
2019-12-20 17:24 - 2019-12-20 17:24 - 000000000 _____ () C:\Users\khval\AppData\Local\D2394E.tmp
2019-11-16 16:53 - 2019-11-16 16:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D23BAC.tmp
2019-08-11 15:30 - 2019-08-11 15:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D23C97.tmp
2019-08-30 14:28 - 2019-08-30 14:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D23EE8.tmp
2019-09-22 11:21 - 2019-09-22 11:21 - 000000000 _____ () C:\Users\khval\AppData\Local\D23F76.tmp
2019-09-11 17:56 - 2019-09-11 17:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D23FAE.tmp
2019-08-25 22:39 - 2019-08-25 22:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D240BF.tmp
2019-09-18 19:33 - 2019-09-18 19:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D241BF.tmp
2020-12-26 19:01 - 2020-12-26 19:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D24201.tmp
2021-01-14 16:53 - 2021-01-14 16:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D24331.tmp
2019-08-08 23:26 - 2019-08-08 23:26 - 000000000 _____ () C:\Users\khval\AppData\Local\D24435.tmp
2019-09-03 18:00 - 2019-09-03 18:00 - 000000000 _____ () C:\Users\khval\AppData\Local\D24637.tmp
2019-09-21 09:38 - 2019-09-21 09:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D24679.tmp
2019-08-19 14:53 - 2019-08-19 14:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D247AC.tmp
2020-08-09 19:28 - 2020-08-09 19:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D247E8.tmp
2019-08-23 16:20 - 2019-08-23 16:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D247F5.tmp
2020-07-31 20:33 - 2020-07-31 20:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D24A10.tmp
2019-09-03 15:29 - 2019-09-03 15:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D24C94.tmp
2019-12-13 23:32 - 2019-12-13 23:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D24E29.tmp
2019-12-23 10:02 - 2019-12-23 10:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D24E74.tmp
2019-10-27 15:53 - 2019-10-27 15:53 - 000000000 _____ () C:\Users\khval\AppData\Local\D24F5E.tmp
2020-12-07 14:59 - 2020-12-07 14:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D24F77.tmp
2019-10-22 18:40 - 2019-10-22 18:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D25438.tmp
2019-11-29 13:13 - 2019-11-29 13:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D254A6.tmp
2020-07-19 15:56 - 2020-07-19 15:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D2568C.tmp
2019-09-22 15:12 - 2019-09-22 15:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D256F3.tmp
2019-08-13 15:40 - 2019-08-13 15:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D257D7.tmp
2019-08-22 13:28 - 2019-08-22 13:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D25984.tmp
2020-04-13 15:52 - 2020-04-13 15:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D25C54.tmp
2019-08-07 20:47 - 2019-08-07 20:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D25D6B.tmp
2019-08-28 14:14 - 2019-08-28 14:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D25E12.tmp
2019-08-20 15:47 - 2019-08-20 15:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D25F8B.tmp
2020-08-03 21:17 - 2020-08-03 21:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D25FAC.tmp
2019-09-17 15:51 - 2019-09-17 15:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D2604E.tmp
2019-10-27 17:43 - 2019-10-27 17:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D263DA.tmp
2019-08-12 13:52 - 2019-08-12 13:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D2642C.tmp
2019-09-25 16:37 - 2019-09-25 16:37 - 000000000 _____ () C:\Users\khval\AppData\Local\D264BE.tmp
2019-09-25 20:56 - 2019-09-25 20:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D266A1.tmp
2019-12-16 16:02 - 2019-12-16 16:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D26876.tmp
2019-11-09 18:54 - 2019-11-09 18:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2697C.tmp
2019-09-21 09:41 - 2019-09-21 09:41 - 000000000 _____ () C:\Users\khval\AppData\Local\D269D.tmp
2020-08-01 18:03 - 2020-08-01 18:03 - 000000000 _____ () C:\Users\khval\AppData\Local\D26A69.tmp
2020-05-16 18:10 - 2020-05-16 18:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D26CB2.tmp
2019-09-17 22:07 - 2019-09-17 22:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D27005.tmp
2019-09-27 22:12 - 2019-09-27 22:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2730B.tmp
2019-10-13 14:12 - 2019-10-13 14:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2776C.tmp
2020-12-30 18:02 - 2020-12-30 18:02 - 000000000 _____ () C:\Users\khval\AppData\Local\D27813.tmp
2019-08-25 14:56 - 2019-08-25 14:56 - 000000000 _____ () C:\Users\khval\AppData\Local\D27868.tmp
2019-09-24 17:10 - 2019-09-24 17:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D27A04.tmp
2019-10-22 14:52 - 2019-10-22 14:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D27A08.tmp
2019-09-06 16:11 - 2019-09-06 16:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D27AC5.tmp
2019-08-19 16:10 - 2019-08-19 16:10 - 000000000 _____ () C:\Users\khval\AppData\Local\D27E57.tmp
2019-10-20 14:01 - 2019-10-20 14:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D27F76.tmp
2020-07-30 16:14 - 2020-07-30 16:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D27FF1.tmp
2020-12-30 15:59 - 2020-12-30 15:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D28102.tmp
2019-09-26 17:29 - 2019-09-26 17:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D281B9.tmp
2019-12-12 11:41 - 2019-12-12 11:41 - 000000000 _____ () C:\Users\khval\AppData\Local\D281D5.tmp
2019-11-03 19:52 - 2019-11-03 19:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D281DA.tmp
2019-09-28 22:16 - 2019-09-28 22:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D282FB.tmp
2019-08-09 16:28 - 2019-08-09 16:28 - 000000000 _____ () C:\Users\khval\AppData\Local\D2833D.tmp
2019-09-15 14:11 - 2019-09-15 14:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D28495.tmp
2019-12-14 21:07 - 2019-12-14 21:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D284B1.tmp
2019-09-26 16:20 - 2019-09-26 16:20 - 000000000 _____ () C:\Users\khval\AppData\Local\D284E6.tmp
2019-09-03 13:34 - 2019-09-03 13:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D287B7.tmp
2019-10-09 17:40 - 2019-10-09 17:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D28961.tmp
2019-09-02 14:14 - 2019-09-02 14:14 - 000000000 _____ () C:\Users\khval\AppData\Local\D28BF8.tmp
2019-10-24 17:29 - 2019-10-24 17:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D28C85.tmp
2020-08-09 17:38 - 2020-08-09 17:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D28E02.tmp
2020-01-05 16:38 - 2020-01-05 16:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D28E08.tmp
2019-09-15 10:12 - 2019-09-15 10:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D28EB0.tmp
2019-09-21 14:19 - 2019-09-21 14:19 - 000000000 _____ () C:\Users\khval\AppData\Local\D28FFE.tmp
2019-12-23 10:09 - 2019-12-23 10:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D29033.tmp
2019-08-14 14:29 - 2019-08-14 14:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2907C.tmp
2019-08-08 22:09 - 2019-08-08 22:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2922F.tmp
2019-09-22 21:08 - 2019-09-22 21:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D29504.tmp
2019-09-27 09:12 - 2019-09-27 09:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D29569.tmp
2019-09-04 20:34 - 2019-09-04 20:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D2973C.tmp
2020-08-09 18:44 - 2020-08-09 18:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D297E3.tmp
2019-09-04 13:43 - 2019-09-04 13:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D2987E.tmp
2019-12-08 16:31 - 2019-12-08 16:31 - 000000000 _____ () C:\Users\khval\AppData\Local\D298CF.tmp
2019-08-17 23:29 - 2019-08-17 23:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D298FB.tmp
2021-01-02 17:33 - 2021-01-02 17:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D29C14.tmp
2019-09-20 21:18 - 2019-09-20 21:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D29E6D.tmp
2020-12-27 20:08 - 2020-12-27 20:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D29E8D.tmp
2021-01-12 18:27 - 2021-01-12 18:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D29F72.tmp
2019-09-21 09:43 - 2019-09-21 09:43 - 000000000 _____ () C:\Users\khval\AppData\Local\D29F8E.tmp
2019-11-09 11:05 - 2019-11-09 11:05 - 000000000 _____ () C:\Users\khval\AppData\Local\D29FD5.tmp
2019-08-11 20:11 - 2019-08-11 20:11 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A0EC.tmp
2019-12-16 18:36 - 2019-12-16 18:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A12C.tmp
2019-08-15 17:01 - 2019-08-15 17:01 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A211.tmp
2019-09-14 17:07 - 2019-09-14 17:07 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A452.tmp
2019-09-07 17:39 - 2019-09-07 17:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A4A4.tmp
2019-09-23 19:27 - 2019-09-23 19:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A526.tmp
2019-09-22 11:52 - 2019-09-22 11:52 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A5AB.tmp
2020-07-18 16:08 - 2020-07-18 16:08 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A6D9.tmp
2019-09-14 22:31 - 2019-09-14 22:31 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A71C.tmp
2019-11-30 12:39 - 2019-11-30 12:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A7F2.tmp
2019-09-04 15:33 - 2019-09-04 15:33 - 000000000 _____ () C:\Users\khval\AppData\Local\D2A9D8.tmp
2019-08-13 22:58 - 2019-08-13 22:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AB2.tmp
2019-08-09 21:40 - 2019-08-09 21:40 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AC23.tmp
2019-09-02 13:09 - 2019-09-02 13:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AD11.tmp
2019-09-22 22:51 - 2019-09-22 22:51 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AD18.tmp
2019-08-10 21:58 - 2019-08-10 21:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AECA.tmp
2019-12-14 16:54 - 2019-12-14 16:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2AF06.tmp
2019-08-12 17:16 - 2019-08-12 17:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B0F7.tmp
2020-08-02 15:09 - 2020-08-02 15:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B2A8.tmp
2019-08-19 20:13 - 2019-08-19 20:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B425.tmp
2019-10-05 20:23 - 2019-10-05 20:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B83C.tmp
2019-08-13 21:58 - 2019-08-13 21:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B942.tmp
2019-09-05 23:39 - 2019-09-05 23:39 - 000000000 _____ () C:\Users\khval\AppData\Local\D2B9D7.tmp
2019-08-26 14:26 - 2019-08-26 14:26 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BBC7.tmp
2019-08-28 10:22 - 2019-08-28 10:22 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BBD9.tmp
2019-08-12 21:45 - 2019-08-12 21:45 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BD9D.tmp
2019-12-15 13:30 - 2019-12-15 13:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D2BF40.tmp
2020-08-08 16:42 - 2020-08-08 16:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C19D.tmp
2019-08-22 15:27 - 2019-08-22 15:27 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C25E.tmp
2019-12-16 21:18 - 2019-12-16 21:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C3C8.tmp
2019-08-19 17:55 - 2019-08-19 17:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D2C7B2.tmp
2019-12-20 19:18 - 2019-12-20 19:18 - 000000000 _____ () C:\Users\khval\AppData\Local\D2CF1.tmp
2019-10-10 15:44 - 2019-10-10 15:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2CFF8.tmp
2020-01-15 13:54 - 2020-01-15 13:54 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D17A.tmp
2020-08-05 16:34 - 2020-08-05 16:34 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D1E0.tmp
2019-09-25 22:50 - 2019-09-25 22:50 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D34C.tmp
2019-09-25 23:17 - 2019-09-25 23:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D2D4E.tmp
2019-09-23 12:25 - 2019-09-23 12:25 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DAB7.tmp
2019-12-20 21:16 - 2019-12-20 21:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DAC7.tmp
2020-08-11 16:03 - 2020-08-11 16:03 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DB49.tmp
2019-08-15 17:30 - 2019-08-15 17:30 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DCA4.tmp
2019-10-10 15:38 - 2019-10-10 15:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DE67.tmp
2019-08-21 22:09 - 2019-08-21 22:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DFCB.tmp
2020-12-07 15:36 - 2020-12-07 15:36 - 000000000 _____ () C:\Users\khval\AppData\Local\D2DFFF.tmp
2019-09-07 16:23 - 2019-09-07 16:23 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E1CC.tmp
2020-01-29 14:44 - 2020-01-29 14:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E402.tmp
2019-08-07 20:42 - 2019-08-07 20:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E456.tmp
2019-08-28 12:59 - 2019-08-28 12:59 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E4C6.tmp
2019-09-07 13:09 - 2019-09-07 13:09 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E567.tmp
2019-09-22 18:49 - 2019-09-22 18:49 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E5B3.tmp
2019-11-25 21:32 - 2019-11-25 21:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E972.tmp
2019-10-10 17:49 - 2019-10-10 17:49 - 000000000 _____ () C:\Users\khval\AppData\Local\D2E9FE.tmp
2019-08-28 21:42 - 2019-08-28 21:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EC4E.tmp
2020-12-21 18:16 - 2020-12-21 18:16 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ECEE.tmp
2019-09-14 18:37 - 2019-09-14 18:37 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED10.tmp
2020-09-08 15:44 - 2020-09-08 15:44 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED1D.tmp
2019-08-13 11:06 - 2019-08-13 11:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2ED79.tmp
2019-08-26 15:55 - 2019-08-26 15:55 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EDA6.tmp
2020-08-02 19:38 - 2020-08-02 19:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2EF76.tmp
2019-08-19 11:47 - 2019-08-19 11:47 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F011.tmp
2019-12-13 13:06 - 2019-12-13 13:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F019.tmp
2019-12-20 16:58 - 2019-12-20 16:58 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F05E.tmp
2019-08-07 20:13 - 2019-08-07 20:13 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F06F.tmp
2019-09-07 19:17 - 2019-09-07 19:17 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F0BB.tmp
2019-09-21 10:29 - 2019-09-21 10:29 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F254.tmp
2020-12-30 21:19 - 2020-12-30 21:19 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F404.tmp
2019-12-30 12:57 - 2019-12-30 12:57 - 000000000 _____ () C:\Users\khval\AppData\Local\D2F73.tmp
2019-09-14 21:42 - 2019-09-14 21:42 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FB52.tmp
2019-12-20 20:32 - 2019-12-20 20:32 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FBA1.tmp
2019-10-20 20:06 - 2019-10-20 20:06 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FDD5.tmp
2019-12-09 19:38 - 2019-12-09 19:38 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FF6E.tmp
2019-08-12 00:12 - 2019-08-12 00:12 - 000000000 _____ () C:\Users\khval\AppData\Local\D2FFE4.tmp
2022-06-18 11:31 - 2022-06-18 11:31 - 000000904 _____ () C:\Users\khval\AppData\Local\recently-used.xbel
2020-02-23 16:58 - 2020-02-23 16:58 - 000000017 _____ () C:\Users\khval\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08.2024
Ran by khval (03-09-2024 11:01:41)
Running from C:\Users\khval\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.4037 (X64) (2023-06-08 16:28:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2544099675-2571443181-3956208610-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2544099675-2571443181-3956208610-503 - Limited - Disabled)
Guest (S-1-5-21-2544099675-2571443181-3956208610-501 - Limited - Disabled)
khval (S-1-5-21-2544099675-2571443181-3956208610-1001 - Administrator - Enabled) => C:\Users\khval
Kristian (S-1-5-21-2544099675-2571443181-3956208610-1004 - Administrator - Enabled) => C:\Users\Kristian
WDAGUtilityAccount (S-1-5-21-2544099675-2571443181-3956208610-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABS PDF Install (HKLM-x32\...\{C42DD564-7DCD-4555-A7F3-15C0F46221D0}) (Version: 4.2.2 - Atlas Business Solutions, Inc.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.003.20054 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Audacity 3.6.1 (HKLM\...\Audacity_is1) (Version: 3.6.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blackmagic RAW Common Components (HKLM\...\{0F3BD969-5F12-4734-A4EF-91B30FB9B1D5}) (Version: 2.0 - Blackmagic Design)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 128.1.69.160 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 6.27 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1187.1 - Piriform Software) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 7.02 - NCH Software)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
FastStone Photo Resizer 4.4 (HKLM-x32\...\FastStone Photo Resizer) (Version: 4.4 - FastStone Corporation)
Google Video Support Plugin (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Customer Experience Enhancements (HKLM-x32\...\{9720A595-3D2D-440E-9523-0B6F970745DD}) (Version: 6.0.11.1 - HP Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{C54DEA1F-7A8D-410B-A675-04E0FB562CB0}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32\...\{533B4739-13DD-4AAB-9524-070B3F0CE6ED}) (Version: 40.13.54.81239 - HP)
HP JumpStart Bridge (HKLM-x32\...\{016FBF6D-AEDE-4D33-87B4-DF6815EF674A}) (Version: 1.4.0.485 - HP Inc.)
HP Officejet 5740 series Basic Device Software (HKLM\...\{9F6F9BC1-D193-464A-A92E-6D455DE5137C}) (Version: 40.15.1230.21319 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{EBAF6DBF-ED9A-4B70-8EDB-599C8B4E0F4B}) (Version: 12.4.12.0 - HP)
iCloud Outlook (HKLM\...\{2B18FDBD-1C9F-485B-ADB3-9957F9020D9C}) (Version: 14.2.0.122 - Apple Inc.)
Intel(R) Graphics Driver Software (HKLM-x32\...\{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.1.1030 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{67C7719D-F922-4978-9CD3-0370125488CE}) (Version: 16.5.1.1030 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{88667F43-B63E-4046-AF02-35E5412B8FAF}) (Version: 16.5.1.1030 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{EF71AFFB-85B5-407C-A301-39EA25F98313}) (Version: 20.90.0.2270 - Intel Corporation) Hidden
Malwarebytes version 5.1.8.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.8.123 - Malwarebytes)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.045.0227.0004 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 129.0.1 (x64 en-US)) (Version: 129.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 100.0.2 - Mozilla)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 5.50 - NCH Software)
Product Improvement Study for HP Officejet 5740 series (HKLM\...\{2F60222F-C15F-4DD4-AAB1-0C73112C0335}) (Version: 40.15.1230.21319 - HP Inc.)
Project Diablo 2 (HKLM-x32\...\{822B3055-5F16-4934-A1FC-378AB0181A66}_is1) (Version: 1.0 - projectdiablo2.com)
PulseX (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\526fd77f50a43d3d23210a826a378e63) (Version: 1.0 - BraveSoftware\Brave-Browser)
RogueKiller version 15.8.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.8.2.0 - Adlice Software)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 12.01 - NCH Software)
Telegram Desktop (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.1.7 - Telegram FZ-LLC)
Toolkit (HKLM-x32\...\Toolkit) (Version: 1.29.0.81 - Seagate)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Subsystem for Linux Update (HKLM\...\{36EF257E-21D5-44F7-8451-07923A8C465E}) (Version: 5.10.16 - Microsoft Corporation)
Zoom Workplace (HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\ZoomUMX) (Version: 6.0.11 (39959) - Zoom Video Communications, Inc.)
Packages:
=========
5A894077.McAfeeSecurity -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2024-04-22] (McAfee LLC.)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-06-18] ()
AppleInc.iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.122.0_x64__nzyj5cx40ttqa [2024-05-27] (Apple Inc.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4979.0_x64__8j3eq9eme6ctt [2023-06-08] (INTEL CORP) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2022-03-21] (Dropbox Inc.)
ELAN Touchpad Setting -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2022-03-21] (ELAN Microelectronics Corporation)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
Honey -> C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2022-03-21] (Honey Science Corporation)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.2.173.0_x64__dt26b99r8h8gj [2022-03-21] (Realtek Semiconductor Corp)
HP CoolSense -> C:\Program Files\WindowsApps\AD2F1837.HPCoolSense_1.0.6.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.1.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.14.42.0_x64__v10z8vjag6ke6 [2022-03-21] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.20.0_x64__v10z8vjag6ke6 [2024-04-19] (HP Inc.)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-16] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2023-11-16] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-16] (Microsoft Corporation)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2022-03-21] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-06-08] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2022-03-21] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-03-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-03-23] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2023-06-08] (Microsoft Corp.)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-21] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2023-06-08] (Microsoft Studios) [MS Ad]
Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe [2024-08-17] (Microsoft) [Startup Task]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14931.20132.0_x86__8wekyb3d8bbwe [2022-03-20] (Microsoft Corporation)
Microsoft.HEVCVideoExtensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-10-09] (Microsoft Corporation)
Microsoft.Windows.Photos.DLC.Main -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2023-10-09] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-03-21] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-09] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.5.0_x64__nfy108tqq3p12 [2022-03-21] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2022-03-21] (Plex)
shellmenua -> C:\Program Files (x86)\NCH Software\Components\Shared\shellmenu [2024-04-25] ()
shellmenub -> C:\Program Files (x86)\NCH Software\Components\Shared\shellmenu [2024-04-25] ()
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2022-03-21] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0 [2023-10-13] (Spotify AB) [Startup Task]
Ubuntu 22.04.2 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu22.04LTS_2204.2.47.0_x64__79rhkp1fndgsc [2023-09-26] (Canonical Group Limited)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2022-03-21] (WildTangent Games)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-08-14] (Microsoft Windows)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{11D9CF73-6ABE-40D6-9FD4-65224164FC6B} -> [iCloud Drive] => C:\Users\khval\iCloudDrive [2023-11-10 12:40]
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\khval\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.19202\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{D8B08ED2-F35D-4BC9-8986-2C098DC1D0FB} -> [iCloud Photos] => C:\Users\khval\iCloudPhotos\Photos [2023-11-10 12:40]
CustomCLSID: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\khval\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-12] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => -> No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2020-02-09] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-01] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-12] () [File not signed] [File is in use]
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2020-02-09] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-01] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\khval\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps\PulseX.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=lfamnklbdkojhfhnhohenjdenjkiokge
==================== Loaded Modules (Whitelisted) =============
2024-09-02 16:12 - 2024-09-02 16:12 - 000379392 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\libegl.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 006679040 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\libglesv2.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 004325888 _____ () [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\vk_swiftshader.dll
2018-06-12 22:01 - 2018-06-12 22:01 - 000125952 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 001166336 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\chrome_elf.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000046080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\audio\qtaudio_windows.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000030720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\iconengines\qsvgicon.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\imageformats\qgif.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\imageformats\qico.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000353280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\imageformats\qjpeg.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\imageformats\qsvg.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000352256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\imageformats\qtiff.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000423424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\imageformats\qwebp.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 001239552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\platforms\qwindows.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000915456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\Qt5Network.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000362496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\Qt5QmlModels.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 004702208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\Qt5Widgets.dll
2024-09-02 16:12 - 2024-09-02 16:12 - 000165888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Battle.net\Battle.net.14956\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com
HKU\S-1-5-21-2544099675-2571443181-3956208610-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2544099675-2571443181-3956208610-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2022-02-25] (HP Inc. -> HP Inc.)
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2022-02-25] (HP Inc. -> HP Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2022-05-06] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 01:31 - 2022-03-30 16:26 - 000000089 __RSH C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2023-09-26 12:50 - 2023-10-05 09:59 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.112.1 LAPTOP-OH5CF8OA.mshome.net # 2028 10 2 3 15 59 13 223
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\khval\iCloudPhotos\Photos\IMG_2137.HEIC
HKU\S-1-5-21-2544099675-2571443181-3956208610-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 198.101.242.72 - 23.253.163.53
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Intel(R) Wireless-AC 9560 160MHz -> Netwtw08.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet: Realtek PCIe GbE Family Controller -> rtcx21x64.sys
vms_vsf: Hyper-V Virtual Switch Extension Filter
vms_vsp: Hyper-V Virtual Switch Extension Protocol
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "HPSEU_Host_Launcher"
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\StartupApproved\Run: => "Docker Desktop"
HKU\S-1-5-21-2544099675-2571443181-3956208610-1001\...\StartupApproved\Run: => "f.lux"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{65282F43-D8B1-43D1-826F-68263A5FB5A5}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{73AC748E-2D66-4CD5-B07C-38EEAC0FF8DB}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4056D5BB-56AE-41F3-AF8F-6911E0C07047}] => (Allow) C:\Users\khval\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{D4424612-7D5D-4C99-9007-E7DBA24DD71C}C:\users\khval\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\khval\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{8B981E5F-C701-459C-9BE2-06E3C07019DB}C:\users\khval\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\khval\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A8FE4A27-D0A6-4185-A72E-4A255C3235D0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32B49CA7-C278-4E61-961F-E84119535966}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BD1AEAF7-A003-4DC7-A44E-33626649AB68}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{8633D58E-4EF9-4EFA-8388-865ED351A98F}] => (Allow) LPort=5357
FirewallRules: [{6F628EF4-EB29-4C81-83DB-49ED11D20128}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{8BE86E4E-7064-4275-A37D-9E9B8CA84BEB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.)
FirewallRules: [{30479346-A24D-45C1-B9FD-9C269E373730}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E896806D-9C61-48AA-A811-EF6660363442}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe (HP Inc. -> HP Inc.)
FirewallRules: [{9AE5C887-A692-4E08-95A0-D9D4A4CE5CEB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe (HP Inc. -> HP Inc.)
FirewallRules: [{35B93676-9AAA-4848-B682-1B8DC8B2B69F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{A472030B-E107-4A61-9D1E-83D679C8FEE8}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{94C470A9-822D-4568-A3EA-8EB9DE5D169A}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{771CA6C7-C5F6-45E2-A7DA-4403B866C7CC}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{6D4F0572-348C-47D1-82E7-253271CAEEAB}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{855DEBD7-685C-423C-BA58-9327D52B0181}] => (Block) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{2575F6EA-4B2E-4615-BF16-3BCFFFDFE5D3}] => (Block) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{3A31BF8D-6C13-480D-BD28-0845A64D9492}C:\program files (x86)\starcraft\x86_64\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{11B22943-6CD1-4CE8-A07A-19D5F22821EC}C:\program files (x86)\starcraft\x86_64\starcraft.exe] => (Allow) C:\program files (x86)\starcraft\x86_64\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{54692DC1-C2EC-4476-B57D-DE5665AB4C18}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (HP Inc. -> HP Inc.)
FirewallRules: [TCP Query User{D26704BF-0EDB-42C4-AC9D-4DF1BD40AD43}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{AB0EA1DA-90D6-4C60-9988-D4505AD4824D}] => (Allow) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7CBA2328-A538-4686-B526-A6C2437AB925}] => (Allow) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4CA0E56F-3CFC-4F03-BD83-D6E9CF01AC3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{39C542B8-A9BF-4CD1-9232-286D2F011A23}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{51921107-A0D2-4E2E-9164-B1F36763E558}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0C7900E9-1D25-4159-BC10-D1E768CF798A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{97DAB2B4-89C9-4988-B593-2A1DCCE2CD80}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A2EBBE2A-18AE-4A55-80A3-5CF19F995A84}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6F6AF672-0B31-497B-B81F-C58D56EA4649}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9FC8CD39-E2F5-4A5B-957B-AA94877ADC30}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4981533B-3911-41B2-BFA9-2883BEBFDA0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6266EFDC-A53E-4495-BB17-1A19932F13B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{647EB1E8-D89A-464D-9269-25CB8D714719}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DD32CA73-8E1C-4D36-9DA5-5792C5ECE817}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8753C012-E179-450D-B3C7-E70D922084B1}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{BB711F54-2ED2-427D-8EC4-0B6C63C41A14}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24215.1105.3082.1600_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D6A362A7-7B81-4CC0-BCE2-07DBBFC89F82}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24215.1105.3082.1600_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
17-08-2024 17:02:17 Windows Update
22-08-2024 19:49:43 Windows Update
28-08-2024 08:56:37 Windows Update
28-08-2024 08:56:37 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/03/2024 10:00:40 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SysInfoCap.exe, version: 1.69.3844.0, time stamp: 0x668f4d02
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc000000d
Fault offset: 0x00000000001264c0
Faulting process id: 0x0x2be0
Faulting application start time: 0x0x1dafa4e39808e7b
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e9942e8d-24f5-4d5b-a04c-b8eccd7ce0aa
Faulting package full name:
Faulting package-relative application ID:
Error: (09/02/2024 04:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(CHAT:UhtredUhtredson._blizzard._udp.local.) active for over two minutes. This places considerable burden on the network.
Error: (09/02/2024 04:18:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(PNM:UhtredUhtredson._blizzard._udp.local.) active for over two minutes. This places considerable burden on the network.
Error: (09/02/2024 04:16:20 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program StarCraft.exe version 1.23.10.12409 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Error: (09/01/2024 03:15:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15766
Error: (09/01/2024 03:15:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15766
Error: (09/01/2024 03:15:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/29/2024 02:01:18 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SysInfoCap.exe, version: 1.69.3844.0, time stamp: 0x668f4d02
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc000000d
Fault offset: 0x00000000001264c0
Faulting process id: 0x0x2a90
Faulting application start time: 0x0x1daf961e1b22831
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 60eaca05-2d9a-492f-991d-3d87e39f88b8
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (09/03/2024 10:27:19 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24687) (User: NT AUTHORITY)
Description: BitLocker timed out attempting to enumerate bands during volume discovery on this hardware encrypting drive.
Error: (09/03/2024 10:27:17 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24687) (User: NT AUTHORITY)
Description: BitLocker timed out attempting to enumerate bands during volume discovery on this hardware encrypting drive.
Error: (09/03/2024 10:25:11 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24687) (User: NT AUTHORITY)
Description: BitLocker timed out attempting to enumerate bands during volume discovery on this hardware encrypting drive.
Error: (09/03/2024 10:00:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (09/03/2024 08:48:11 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
The SSPI client process is svchost (PID: 11380).
Error: (09/02/2024 11:29:49 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-OH5CF8OA)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (09/02/2024 11:23:09 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-OH5CF8OA)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (09/01/2024 08:25:14 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-OH5CF8OA)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2024-09-03 09:00:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-09-01 19:13:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-08-31 14:40:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-08-30 10:46:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-08-28 10:36:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2024-08-17 16:46:58
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.417.120.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24070.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2024-08-17 16:46:58
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.417.120.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24070.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2024-08-17 16:46:58
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.417.120.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24070.3
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2024-07-11 12:18:45
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.415.40.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24060.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2024-06-24 09:12:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.413.362.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24050.5
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
CodeIntegrity:
===============
Date: 2024-09-03 09:08:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a2d86d775f73d911\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2024-09-02 10:40:36
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\truesight.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).
Date: 2024-09-02 10:40:36
Description:
The driver \Device\HarddiskVolume3\Windows\System32\drivers\truesight.sys is blocked from loading as the driver has been revoked by Microsoft.
==================== Memory info ===========================
BIOS: Insyde F.24 09/10/2021
Motherboard: HP 84C0
Processor: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
Percentage of memory in use: 77%
Total physical RAM: 8079.3 MB
Available physical RAM: 1827.14 MB
Total Virtual: 12431.3 MB
Available Virtual: 5047.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.28 GB) (Free:792.72 GB) (Model: Intel Optane+932GBHDD) NTFS
\\?\Volume{8c56e236-a086-4de7-8ff4-ce3b2b78d37e}\ () (Fixed) (Total:0.96 GB) (Free:0.07 GB) NTFS
\\?\Volume{0371b469-1b5f-488d-ad9e-8d94e5d312e0}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D094F5B8)
Partition: GPT.
==================== End of Addition.txt =======================