• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved From my thread about Microsoft being locked up

Status
Not open for further replies.
J

jxdama

PCHF Member
PCHF Donator
Dec 13, 2022
592
13
69
#1
Here is the FRST LOG

Code: 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Ran by john (administrator) on DESKTOP-THSFR3B (HP HP Desktop M01-F3xxx) (27-09-2023 14:26:02)
Running from C:\Users\john\Downloads\FRST64.exe
Loaded Profiles: john
Platform: Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe <12>
(DriverStore\FileRepository\u0392596.inf_amd64_6b8c540dc585ffa4\B392262\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0392596.inf_amd64_6b8c540dc585ffa4\B392262\atieclxx.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.35.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(HP Inc. -> ) C:\Program Files\HP\Overlay\OMENOverlay.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0392596.inf_amd64_6b8c540dc585ffa4\B392262\atiesrxx.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (HON HAI PRECISION INDUSTRY CO.LTD. -> ) C:\Program Files\FanControlApp\FanControlApp.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\SysInfoCap.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkWiFiManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe <2>
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_25.52334.606.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPEnhance_1.3.5.0_x64__v10z8vjag6ke6\Win32\HPEnhancedLighting.Bg.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_25.52334.606.0_x64__v10z8vjag6ke6\HP.myHP.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\Overlay\OverlayHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [380816 2022-08-04] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-1867205174-823180755-3576545642-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [537136 2023-08-14] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-1867205174-823180755-3576545642-1001\...\Run: [MicrosoftEdgeAutoLaunch_45D944CC36A69C479BF3C348604E81F2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210112 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5190F5B8-9F34-460B-B763-B429A0159410} - \McAfee\DAD.Execute.Updates -> No File <==== ATTENTION
Task: {F4FA67D7-5D83-4AAB-B39E-A8BFB942847C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2023-09-15] (HP Inc. -> HP Inc.)
Task: {2BCB33C1-8EAA-47CD-A25F-3B97694B9B47} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-09-15] (HP Inc. -> HP Inc.)
Task: {E4433F47-91AB-4DFC-BEB8-9DADF24E5724} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2023-09-15] (HP Inc. -> HP Inc.)
Task: {3AC03B8B-FC7B-4B62-AEBD-470A57062CD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2023-09-15] (HP Inc. -> HP Inc.)
Task: {14AC54B9-F75B-4EFD-AB67-10C84ED0DECF} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {00D4FB00-9FD1-4675-947C-F263C6CDC349} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {069EA780-6129-41B5-B9AF-537B8A98090F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {5503D4E0-7C38-42F6-8BEE-BC0256BA22B5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0B5A6DB-2936-4BCE-BFD0-90269963DFAA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {F66CE3EA-2BB8-44A5-B053-D170C4398BAA} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {74D6A48C-DFF2-4331-B2BA-E3B048420FD3} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\windows\system32\UCPDMgr.exe [58880 2023-09-12] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {14C2CE4A-1092-4618-871C-289B29B806D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CA3EBC08-3FC6-4CF0-BA75-731510213B14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6B45F2EF-EA3E-488A-AFF2-98C6674D6601} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E3063D3E-2308-4359-98BD-5862F4AFBB1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32FD51C1-47BB-4DE2-BCCD-F588395820CC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675232 2023-09-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6863F2A9-37E1-45ED-A870-22B760EF45F5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [722336 2023-09-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {E86E1369-7512-406E-B77C-0AB423F2EF73} - System32\Tasks\OmenInstallMonitor => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [58352 2023-09-19] (HP Inc. -> HP Inc.)
Task: {E54FD9E5-74BF-4BCC-A4E6-A199E55D066C} - System32\Tasks\OmenOverlay => C:\Program Files\HP\Overlay\OverlayHelper.exe [59888 2023-09-19] (HP Inc. -> HP Inc.)
Task: {2F7EBAED-882C-4AB8-B623-226B05736234} - System32\Tasks\RtkAudUService64_BG => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe [1923384 2023-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{fed75b1f-821c-4c33-a838-025763bcbc5d}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\john\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-27]
Edge Notifications: Default -> hxxps://pchelpforum.net; hxxps://politicalhotwire.com; hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.youtube.com
Edge Session Restore: Default -> is enabled.
Edge Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-30]
Edge Extension: (Edge relevant text changes) - C:\Users\john\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14]

FireFox:
========
FF DefaultProfile: ujse8sqr.default
FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\ujse8sqr.default [2023-05-26]
FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6sjtp7l0.default-release [2023-09-27]
FF Notifications: Mozilla\Firefox\Profiles\6sjtp7l0.default-release -> hxxps://www.instagram.com
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [439696 2022-08-04] (EXPRSVPN LLC -> ExpressVPN)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [893984 2022-08-15] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\AppHelperCap.exe [888272 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\DiagsCap.exe [886736 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\NetworkCap.exe [883152 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\SysInfoCap.exe [886840 2023-08-29] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe [497744 2023-08-02] (HP Inc. -> HP Inc.)
R2 ID19 HP Fan Control Service; C:\Program Files\FanControlApp\FanControlApp.exe [283168 2020-04-28] (HON HAI PRECISION INDUSTRY CO.LTD. -> )
R2 RtkWiFiManServ; C:\windows\RtkWiFiManServ.exe [821632 2023-06-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\windows\System32\drivers\amdfendrmgr.sys [25560 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\windows\System32\drivers\amdgpio3.sys [36928 2022-07-07] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R3 amdwddmg; C:\windows\System32\DriverStore\FileRepository\u0392596.inf_amd64_6b8c540dc585ffa4\B392262\amdkmdag.sys [100372792 2023-06-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 expressvpntun; C:\windows\System32\drivers\expressvpn-tun.sys [56536 2022-08-04] (Express VPN International Ltd. -> ExpressVPN)
R0 fse; C:\windows\System32\drivers\fse.sys [218464 2023-05-05] (Microsoft Windows -> Microsoft Corporation)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [26648 2022-06-23] (HP Inc. -> HP Inc.)
R2 HpReadHWData; C:\windows\system32\drivers\HpReadHWData.sys [52176 2023-08-15] (HP Inc. -> Windows (R) Win 7 DDK provider)
S3 rtcx21; C:\windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
S4 UCPD; C:\windows\System32\drivers\UCPD.sys [29184 2023-09-12] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\windows\system32\drivers\vmbusproxy.sys [94208 2023-05-05] (Microsoft Windows -> )
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-27 14:26 - 2023-09-27 14:26 - 000018801 _____ C:\Users\john\Downloads\FRST.txt
2023-09-27 14:25 - 2023-09-27 14:26 - 000000000 ____D C:\FRST
2023-09-27 12:35 - 2023-09-27 12:35 - 002382848 _____ (Farbar) C:\Users\john\Downloads\FRST64(1).exe
2023-09-27 12:32 - 2023-09-27 12:32 - 002382848 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe
2023-09-27 10:10 - 2023-09-27 10:10 - 003387256 _____ (Getscreen.me) C:\Users\john\Downloads\getscreen-759730529.exe
2023-09-27 10:10 - 2023-09-27 10:10 - 000000000 ____D C:\Users\john\AppData\Local\Getscreen.me
2023-09-27 10:10 - 2023-09-27 10:10 - 000000000 ____D C:\ProgramData\Getscreen.me
2023-09-26 15:36 - 2023-09-06 02:09 - 006527960 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2023-09-14 08:02 - 2023-09-27 09:57 - 000000000 ____D C:\Users\john\AppData\Local\OGH
2023-09-14 08:02 - 2023-09-22 06:56 - 000003764 _____ C:\windows\system32\Tasks\OmenInstallMonitor
2023-09-14 08:02 - 2023-09-22 06:56 - 000003706 _____ C:\windows\system32\Tasks\OmenOverlay
2023-09-12 21:36 - 2023-09-16 03:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-09-12 17:07 - 2023-09-12 17:08 - 000000000 ___HD C:\$WinREAgent
2023-09-05 20:46 - 2023-09-05 20:46 - 002364011 _____ C:\Users\john\Downloads\23SC189192 - CRIMINAL INDICTMENT.pdf
2023-08-28 03:58 - 2023-06-06 02:30 - 002194792 _____ C:\windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 002194792 _____ C:\windows\system32\vulkaninfo.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 001629032 _____ C:\windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 001629032 _____ C:\windows\SysWOW64\vulkaninfo.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 001510056 _____ C:\windows\system32\vulkan-1-999-0-0-0.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 001510056 _____ C:\windows\system32\vulkan-1.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 001241168 _____ C:\windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 001241168 _____ C:\windows\SysWOW64\vulkan-1.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000948072 _____ (AMD) C:\windows\system32\atieclxx.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 000801168 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Rapidfire64.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000678288 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\Rapidfire.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000606104 _____ C:\windows\system32\GameManager64.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000547688 _____ C:\windows\system32\libsmi_guest.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000542056 _____ C:\windows\system32\dgtrayicon.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 000541080 _____ C:\windows\system32\libsmi_host.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000535448 _____ C:\windows\system32\atieah64.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 000502160 _____ C:\windows\system32\EEURestart.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 000459672 _____ C:\windows\SysWOW64\GameManager32.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000360856 _____ C:\windows\system32\clinfo.exe
2023-08-28 03:58 - 2023-06-06 02:30 - 000266088 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atig6txx.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000226704 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atigktxx.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000195944 _____ (AMD) C:\windows\system32\atimuixx.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000183656 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atisamu64.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000146792 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atisamu32.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000051048 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\RapidFireServer64.dll
2023-08-28 03:58 - 2023-06-06 02:30 - 000048016 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\RapidFireServer.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 100654440 _____ C:\windows\system32\amd_comgr.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 084675944 _____ C:\windows\SysWOW64\amd_comgr32.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 007200136 _____ C:\windows\system32\amdsmi.exe
2023-08-28 03:58 - 2023-06-06 02:29 - 002266984 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\amdsasrv64.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 001547624 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atiadlxy.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 001547624 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atiadlxx.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 001320296 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\amdsacli64.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 001048936 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\amdsacli32.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000942992 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\amdlvr64.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000524136 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000472984 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atidemgy.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000404328 _____ C:\windows\SysWOW64\atieah32.exe
2023-08-28 03:58 - 2023-06-06 02:29 - 000389480 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000210112 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\aticfx64.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000172968 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\aticfx32.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000142184 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\amfrt64.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000138088 _____ C:\windows\system32\amdxc64.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000118120 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\amfrt32.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000113560 _____ C:\windows\SysWOW64\amdxc32.dll
2023-08-28 03:58 - 2023-06-06 02:29 - 000074600 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ati2erec.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 016174392 _____ (Advanced Micro Devices Inc.) C:\windows\system32\amdhip64.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 004364136 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\amdadlx64.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 004170088 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\amdadlx32.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 001725480 _____ (AMD) C:\windows\system32\amf-mft-mjpeg-decoder64.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 001399944 _____ (AMD) C:\windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000770872 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\amdlvr32.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000568168 _____ C:\windows\system32\amdgfxinfo64.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000567688 _____ C:\windows\system32\amdmiracast.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000470888 _____ C:\windows\system32\amdlogum.exe
2023-08-28 03:58 - 2023-06-06 02:28 - 000431976 _____ C:\windows\SysWOW64\amdgfxinfo32.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000187352 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\amdihk32.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000176856 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdave64.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000166984 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atimpc64.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000166936 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdpcom64.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000156448 _____ C:\windows\system32\atidxx64.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000151000 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdave32.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000136416 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atimpc32.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000136416 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdpcom32.dll
2023-08-28 03:58 - 2023-06-06 02:28 - 000129568 _____ C:\windows\SysWOW64\atidxx32.dll
2023-08-28 03:58 - 2023-06-06 01:56 - 094947424 _____ C:\windows\system32\amdxc64.so

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-27 14:24 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemTemp
2023-09-27 14:20 - 2022-06-30 21:01 - 000000000 ____D C:\windows\system32\SleepStudy
2023-09-27 12:24 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-27 12:24 - 2022-05-07 01:24 - 000000000 ____D C:\windows\AppReadiness
2023-09-27 12:23 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-27 11:59 - 2023-05-25 07:01 - 000000000 ____D C:\Users\john\AppData\Local\D3DSCache
2023-09-27 11:57 - 2022-05-07 01:22 - 000000000 ____D C:\windows\INF
2023-09-27 11:56 - 2023-05-26 20:19 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-27 10:41 - 2023-05-25 06:40 - 000000000 ____D C:\Users\john
2023-09-27 10:27 - 2022-06-30 21:07 - 000855938 _____ C:\windows\system32\PerfStringBackup.INI
2023-09-27 10:23 - 2022-06-30 21:01 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-27 10:23 - 2022-06-30 21:01 - 000000006 ____H C:\windows\Tasks\SA.DAT
2023-09-27 09:57 - 2023-05-05 07:34 - 000000000 ____D C:\Program Files\AMD
2023-09-27 09:57 - 2023-05-05 07:01 - 000001607 _____ C:\windows\system32\config\VSMIDK
2023-09-27 02:42 - 2022-06-30 21:01 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-27 02:42 - 2022-06-30 21:01 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-09-26 15:36 - 2023-05-05 07:33 - 000003366 _____ C:\windows\system32\Tasks\RtkAudUService64_BG
2023-09-26 03:35 - 2023-05-25 07:53 - 000003588 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1867205174-823180755-3576545642-1001
2023-09-26 03:35 - 2023-05-25 07:03 - 000003376 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1867205174-823180755-3576545642-1001
2023-09-26 03:35 - 2023-05-25 07:03 - 000002383 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-25 23:25 - 2023-05-25 06:40 - 000000000 ____D C:\Users\john\AppData\Local\Packages
2023-09-22 07:36 - 2023-05-25 07:18 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2023-09-22 06:56 - 2023-05-05 07:05 - 000000000 ____D C:\Program Files\HP
2023-09-17 11:12 - 2023-05-05 07:07 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-16 03:22 - 2022-05-07 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-16 03:06 - 2023-05-26 20:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-16 03:06 - 2022-06-30 21:01 - 000504272 _____ C:\windows\system32\FNTCACHE.DAT
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\UUS
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SysWOW64\Dism
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\SystemResources
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\WinMetadata
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\oobe
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\Dism
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\system32\appraiser
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellExperiences
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\ShellComponents
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\Provisioning
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\PolicyDefinitions
2023-09-16 03:06 - 2022-05-07 01:24 - 000000000 ____D C:\windows\bcastdvr
2023-09-16 03:06 - 2022-05-07 01:17 - 000524288 _____ C:\windows\system32\config\BBI
2023-09-14 08:06 - 2023-05-26 20:19 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-12 17:21 - 2022-05-07 01:17 - 000000000 ____D C:\windows\CbsTemp
2023-09-12 17:11 - 2022-06-30 21:04 - 003210752 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2023-09-12 17:05 - 2023-05-25 03:59 - 000000000 ____D C:\windows\system32\MRT
2023-09-12 17:04 - 2023-05-25 03:59 - 177941912 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2023-08-31 09:37 - 2022-06-30 21:01 - 000000000 ____D C:\windows\system32\Drivers\wd
2023-08-29 21:23 - 2023-05-25 04:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Last edited by a moderator:
#2
Here is the additional log

Code: 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by john (27-09-2023 14:26:52)
Running from C:\Users\john\Downloads
Microsoft Windows 11 Home Version 22H2 22621.2283 (X64) (2023-05-25 08:57:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1867205174-823180755-3576545642-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867205174-823180755-3576545642-503 - Limited - Disabled)
Guest (S-1-5-21-1867205174-823180755-3576545642-501 - Limited - Disabled)
john (S-1-5-21-1867205174-823180755-3576545642-1001 - Administrator - Enabled) => C:\Users\john
WDAGUtilityAccount (S-1-5-21-1867205174-823180755-3576545642-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {FE987762-0FB6-6BB6-1BF1-73F8ED8566FA}
FW: McAfee Firewall (Enabled) {C6A3F647-45D9-6AEE-30AE-DACD13562181}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ExpressVPN (HKLM-x32\...\{c921d3a3-4464-48b6-939a-c22ccb904f53}) (Version: 10.28.0.19 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8778D7844}) (Version: 10.28.0.19 - ExpressVPN) Hidden
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP Inc)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1867205174-823180755-3576545642-1001\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29325 (HKLM-x32\...\{B40FC85D-2B12-46E0-B950-E5B27E348793}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29325 (HKLM-x32\...\{EE2E15BB-54C8-4DB0-B1F3-026E3C166991}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 117.0.1 (x64 en-US)) (Version: 117.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 113.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - gamigo, Inc.) Hidden
Vacation Adventures: Park Ranger 11 Collector's Edition (HKLM-x32\...\WTA-85a07164-0f1b-4f3f-ad05-ed5bf20a10dc) (Version: 7.0.0.650 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.83 - WildTangent)
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 7.0.0.710 - WildTangent) Hidden

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m [2023-07-28] (Advanced Micro Devices Inc.) [Startup Task]
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-10] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.20.0_x64__xbfy0k16fey96 [2023-08-31] (Dropbox Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.40.284.0_x64__v10z8vjag6ke6 [2023-09-24] (HP Inc.)
HP Enhanced Lighting -> C:\Program Files\WindowsApps\AD2F1837.HPEnhance_1.3.5.0_x64__v10z8vjag6ke6 [2023-06-07] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.3.2.0_x64__v10z8vjag6ke6 [2023-07-28] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2023-08-14] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2023-05-25] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-11] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.30.18.0_x64__v10z8vjag6ke6 [2023-09-22] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.35.0_x64__v10z8vjag6ke6 [2023-09-16] (HP Inc.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-08] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-20] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-16] (Microsoft Corporation)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_25.52334.606.0_x64__v10z8vjag6ke6 [2023-09-09] (HP Inc.) [Startup Task]
OMEN Gaming Hub -> C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6 [2023-09-22] (HP Inc.) [Startup Task]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-25] (Microsoft Studios) [MS Ad]
Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.3899848563C1F_1.0.137.0_x64__kx24dqmazqk8j [2023-09-25] (Random Salad Games LLC)
Windows Feature Experience Pack -> C:\windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-16] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-09-15] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-09-15] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1867205174-823180755-3576545642-1001\...\getscreen.me -> hxxp://getscreen.me
IE trusted site: HKU\S-1-5-21-1867205174-823180755-3576545642-1001\...\getscreen.me -> hxxps://getscreen.me

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1867205174-823180755-3576545642-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{67C35273-FD6D-4A5C-B408-D208D81EE560}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{B7F58C03-ECAE-46A9-8E03-99A9B7FD3FD4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{655F518F-8375-4FD6-8A01-0ED1C28C061E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5FE29FA-F677-40AA-B1D3-792C75D69FFC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F9EBFB71-C9CD-42FE-BE2B-B9AF146B5827}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7061D9E8-052D-4644-B105-536953C8B5AF}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C09F4B6C-6906-4FA8-B412-6879B833892B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7CB8C200-2CC2-4C95-B431-2234432BEA9B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{6567435B-7BBC-492E-A34E-400487C56B02}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{DFBC11B1-A285-4E91-95DD-E56CED399A58}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{FC3955F5-7586-4764-B1B5-640FE383F714}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{B20A18C1-6FE8-49FB-8217-4BDCD4946E4C}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{161463CB-6E09-4B5F-A670-6EE10E52C1FF}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{200DA829-DD32-416D-8649-3E1544F9D560}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{B65232C0-647F-446A-8DD1-D8DE53A73179}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{8A73F980-3670-43BE-B970-7B0676695546}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{B3A4E24B-7F10-4CA3-928E-D5CB79C5049B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{3F384C17-55DC-47BF-8EE8-448879CC2A5F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{9EE52983-8FE2-49B2-A38F-CD9E7E20A610}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{B03550DD-66D8-4E65-80D0-CF88445A55DD}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{F2D17C06-AA0E-4BB3-A1E0-052FA7C38380}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{949BDEC4-67FE-4F6D-9B3E-0CE16D2DE6D3}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{0F1F8F77-80F4-4965-82AD-40CADA95FA7C}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.1.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{E24705F7-AF3B-4D11-B3B4-39DFC7422C74}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ABD42975-1977-418E-9AAF-CEBB17A85EF1}] => (Allow) C:\Users\john\Downloads\getscreen-759730529.exe (POINT B LTD -> Getscreen.me)
FirewallRules: [{0DEB980A-24E3-4864-993E-C59827D6BE39}] => (Allow) C:\Users\john\Downloads\getscreen-759730529.exe (POINT B LTD -> Getscreen.me)
FirewallRules: [{45B3844B-5FA2-4999-B98A-BDB04D91272E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{1108FB63-9B2D-42E1-BC12-22253A73D6BF}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{E604324B-FCD4-481B-823D-96B390B9327D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{62D4C2BE-6C67-409B-9ACF-69A47275121D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{5CCA5F63-FA71-47C5-BB0D-20A7A91ADE47}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{0ACCD1FD-AB21-475D-982B-7D4AC52E159F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{DC9202EE-1ACF-40BA-B291-FD0AE573823A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{AE6E2E31-08E2-49D5-88D9-74ED832ADE14}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{E04948CC-C980-4E94-A07E-3D82E4734501}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{AD3E75B6-5036-44C9-ADAB-4C6FDF5B8FDC}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{092EC0EC-693A-472C-BC02-C92DB3704B5A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{CFDFBC48-F22F-4DD7-A77B-4E8D69E190D4}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{9CB6BE7F-9637-4054-98C1-CA680EEFBA22}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{31BB9DFC-4079-47E1-83E4-7274EB862586}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{E9D0E3C3-0056-4065-87E9-67571153E176}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{761835B3-B8EC-49B2-A76A-8797BAB01E30}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2309.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

==================== Restore Points =========================

19-09-2023 21:26:02 Windows Update
24-09-2023 04:11:16 Windows Update
24-09-2023 04:11:17 Windows Update
24-09-2023 04:11:20 Windows Update
27-09-2023 12:24:06 Windows Update
27-09-2023 12:24:12 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/27/2023 11:55:37 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-THSFR3B)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x1f98
Faulting application start time: 0x0x1d9f15b0e6ff1de
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\windows\System32\ucrtbase.dll
Report Id: 08a72fde-cc2c-44b5-9dbf-93cd2153198b
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate

Error: (09/26/2023 11:45:53 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-THSFR3B)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0xf5c
Faulting application start time: 0x0x1d9f0f51d07d22a
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\windows\System32\ucrtbase.dll
Report Id: 6b97712f-db71-4820-8bcc-614ecda88658
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate

Error: (09/26/2023 09:45:53 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-THSFR3B)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x5648
Faulting application start time: 0x0x1d9f0e459723565
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\windows\System32\ucrtbase.dll
Report Id: 5a68e537-6476-41e2-9b54-643e6c713dd5
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate

Error: (09/26/2023 07:57:49 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-THSFR3B)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x24bc
Faulting application start time: 0x0x1d9f0d541330470
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\windows\System32\ucrtbase.dll
Report Id: 19cbda3f-f643-46a4-9435-0f882b8418f0
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate

Error: (09/26/2023 03:51:21 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-THSFR3B)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x40f4
Faulting application start time: 0x0x1d9f0b2d2952373
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\windows\System32\ucrtbase.dll
Report Id: fca81adf-1acb-4041-8218-de52033a6833
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate

Error: (09/26/2023 03:03:04 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-THSFR3B)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x52d0
Faulting application start time: 0x0x1d9f0ac136e3bc4
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\windows\System32\ucrtbase.dll
Report Id: 96283744-6924-48a8-9b2d-325a428bb3fb
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate

Error: (09/26/2023 11:46:22 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-THSFR3B)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x5d2c
Faulting application start time: 0x0x1d9f090993bcc34
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\windows\System32\ucrtbase.dll
Report Id: c469fa7e-1a30-48ff-8dcb-4a4eb40c39f8
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate

Error: (09/26/2023 09:48:22 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-THSFR3B)
Description: Faulting application name: msteamsupdate.exe, version: 23231.411.2342.9597, time stamp: 0x64ed3548
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x2368
Faulting application start time: 0x0x1d9f0801d32bfa8
Faulting application path: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Faulting module path: C:\windows\System32\ucrtbase.dll
Report Id: 65f95e21-0baf-44f5-8d8e-b7b128c4e936
Faulting package full name: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
Faulting package-relative application ID: msteamsupdate


System errors:
=============
Error: (09/27/2023 12:24:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NQDW009T0T5-AD2F1837.OMENCommandCenter.

Error: (09/27/2023 11:56:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-THSFR3B)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (09/27/2023 10:25:35 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-THSFR3B)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (09/27/2023 10:23:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:57:30 AM on ‎9/‎27/‎2023 was unexpected.

Error: (09/27/2023 10:10:47 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Getscreen elevation service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/27/2023 09:59:40 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-THSFR3B)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (09/27/2023 09:57:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:49:41 AM on ‎9/‎27/‎2023 was unexpected.

Error: (09/26/2023 03:37:01 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-THSFR3B)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2023-09-27 09:48:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-26 09:54:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-25 11:06:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-24 11:11:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-22 10:14:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-09-27 12:20:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-08-17 08:21:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-07-24 17:18:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-07-18 23:31:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.11 10/06/2022
Motherboard: HP 8AB6
Processor: AMD Ryzen 5 5600G with Radeon Graphics
Percentage of memory in use: 54%
Total physical RAM: 11615.19 MB
Available physical RAM: 5282.94 MB
Total Virtual: 12383.19 MB
Available Virtual: 4771.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.05 GB) (Free:420.01 GB) (Model: SAMSUNG MZVL4512HBLU-00BH1) NTFS

\\?\Volume{0189727b-5fb9-416f-87e0-cd7069b78390}\ (Windows RE tools) (Fixed) (Total:0.61 GB) (Free:0.06 GB) NTFS
\\?\Volume{8cb4b623-db8e-4600-a089-95690f1f30b2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: B551485D)

Partition: GPT.

==================== End of Addition.txt =======================
 
#4
I did a quick scan and it said no threats found

1695839907085.png
 
#8
Adware Cleaner


  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select, Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
  • Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me


Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.


Code: 
start::
CreateRestorePoint:
CloseProcesses:
Task: {5190F5B8-9F34-460B-B763-B429A0159410} - \McAfee\DAD.Execute.Updates -> No File <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
2023-09-27 10:10 - 2023-09-27 10:10 - 003387256 _____ (Getscreen.me) C:\Users\john\Downloads\getscreen-759730529.exe
2023-09-27 10:10 - 2023-09-27 10:10 - 000000000 ____D C:\Users\john\AppData\Local\Getscreen.me
2023-09-27 10:10 - 2023-09-27 10:10 - 000000000 ____D C:\ProgramData\Getscreen.me
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
C:\windows\system32\drivers\etc\hosts
Hosts:
FirewallRules: [{67C35273-FD6D-4A5C-B408-D208D81EE560}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{B7F58C03-ECAE-46A9-8E03-99A9B7FD3FD4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{ABD42975-1977-418E-9AAF-CEBB17A85EF1}] => (Allow) C:\Users\john\Downloads\getscreen-759730529.exe (POINT B LTD -> Getscreen.me)
FirewallRules: [{0DEB980A-24E3-4864-993E-C59827D6BE39}] => (Allow) C:\Users\john\Downloads\getscreen-759730529.exe (POINT B LTD -> Getscreen.me)
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::
 
#9
# Mode: Scan
# -------------------------------
# Start: 09-27-2023
# Duration: 00:00:03
# OS: Windows 11 (Build 22621.2283)
# Scanned: 32107
# Detected: 25


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.Booking C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games.lnk
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\SHORTCUTPROVIDER
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}
Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
#12
Right click FRST run as admin.
Copy the content of the code box below.
Do not copy the word code!!!
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code: 
start::
CreateRestorePoint:
CloseProcesses:
Task: {5190F5B8-9F34-460B-B763-B429A0159410} - \McAfee\DAD.Execute.Updates -> No File <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
2023-09-27 10:10 - 2023-09-27 10:10 - 003387256 _____ (Getscreen.me) C:\Users\john\Downloads\getscreen-759730529.exe
2023-09-27 10:10 - 2023-09-27 10:10 - 000000000 ____D C:\Users\john\AppData\Local\Getscreen.me
2023-09-27 10:10 - 2023-09-27 10:10 - 000000000 ____D C:\ProgramData\Getscreen.me
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
C:\windows\system32\drivers\etc\hosts
Hosts:
FirewallRules: [{67C35273-FD6D-4A5C-B408-D208D81EE560}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{B7F58C03-ECAE-46A9-8E03-99A9B7FD3FD4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{ABD42975-1977-418E-9AAF-CEBB17A85EF1}] => (Allow) C:\Users\john\Downloads\getscreen-759730529.exe (POINT B LTD -> Getscreen.me)
FirewallRules: [{0DEB980A-24E3-4864-993E-C59827D6BE39}] => (Allow) C:\Users\john\Downloads\getscreen-759730529.exe (POINT B LTD -> Getscreen.me)
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::
 
#13
I'll upload the fixlist. For you, I can not remote into your machine.


Create a new folder and put FRST and this fixlist inside. Right click FRST run as admin and click fix.
 

Attachments

  • fixlist.txt
    2 KB · Views: 0
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu