Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2022 Ran by Wade (28-10-2022 12:49:10) Running from C:\Users\Wade\OneDrive\Desktop Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) (2020-09-26 14:18:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-612249682-4202380856-1698065691-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-612249682-4202380856-1698065691-503 - Limited - Disabled) Guest (S-1-5-21-612249682-4202380856-1698065691-501 - Limited - Disabled) Wade (S-1-5-21-612249682-4202380856-1698065691-1001 - Administrator - Enabled) => C:\Users\Wade Wadel (S-1-5-21-612249682-4202380856-1698065691-1004 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-612249682-4202380856-1698065691-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Amazon Music (HKU\S-1-5-21-612249682-4202380856-1698065691-1001\...\Amazon Amazon Music) (Version: 7.11.3.2198 - Amazon.com Services LLC) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.) Branding64 (HKLM\...\{604D1295-E1F1-428E-8AE5-45445FEF6034}) (Version: 1.00.0005 - Advanced Micro Devices, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.121 - Google LLC) HwOsd 8.0.2.37 (HKLM\...\HwOsd) (Version: 8.0.2.37 - Huawei Technologies Co., Ltd.) Intel® PROSet/Wireless Software (HKLM-x32\...\{3c598844-1b8b-41f0-b5b2-bc1dcf4d47ad}) (Version: 20.50.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{E6F800A9-64D3-4E93-8E8E-AB53E21D4840}) (Version: 20.50.0.1450 - Intel Corporation) Hidden IrfanView 4.60 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.60 - Irfan Skiljan) Malwarebytes version 4.5.16.217 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.16.217 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.52 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-612249682-4202380856-1698065691-1001\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212 (HKLM\...\{F20396E5-D84E-3505-A7A8-7358F0155F6C}) (Version: 14.0.24212 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212 (HKLM\...\{FAAD7243-0141-3987-AA2F-E56B20F80E41}) (Version: 14.0.24212 - Microsoft Corporation) Hidden OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation) PC Manager (HKLM\...\PC Manager) (Version: 8.0.2.37 - Huawei Technologies Co., Ltd.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8459 - Realtek Semiconductor Corp.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1058 - SUPERAntiSpyware.com) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WDT Device Driver version 1.0.2.5 (HKLM-x32\...\{5B06CB06-0929-48BC-BE1F-7E41461440C7}_is1) (Version: 1.0.2.5 - Huawei Technologies Co., Ltd.) Windows PC Health Check (HKLM\...\{00DC4B60-5FC9-4629-8147-EF81ADF0EEA6}) (Version: 2.3.2106.25001 - Microsoft Corporation) Packages: ========= Dolby Atmos Sound System -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosSoundSystem_3.20201.249.0_x64__rz1tebttyb220 [2019-05-21] (Dolby Laboratories) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_139.2.289.0_x64__v10z8vjag6ke6 [2022-09-22] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-04] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-12-25] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.20.236.0_x64__dt26b99r8h8gj [2021-01-06] (Realtek Semiconductor Corp) Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-16] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [HwShareMenu] -> {63677e23-70cb-3de1-b875-7cde66f6f88f} => C:\Program Files\Huawei\PCManager\HwShellMenu\HwShareMenu5.DLL [2018-04-10] (Huawei Technologies Co., Ltd. -> ) [File not signed] [File is in use] ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-04-30] (Advanced Micro Devices, Inc.) [File not signed] ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Wade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kjbdgfilnfhdoflbpgamdcdgpehopbep ==================== Loaded Modules (Whitelisted) ============= 2018-04-25 01:47 - 2018-04-25 01:47 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL 2018-04-25 01:47 - 2018-04-25 01:47 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001106248 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\HwOsd\DataReport.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001727304 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\HwOsd\DuiLib.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000648520 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\HwOsd\IPCMessage.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000116552 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\HwOsd\zlib1.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000978248 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\CaptureLog.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001106248 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\DataReport.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001727304 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\DuiLib.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000607048 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\HLCurl.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000554824 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\HwTrayWnd.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000648520 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\IPCMessage.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001473864 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\MBADownload.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000557384 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\MBAPluginsManager.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000301384 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\MBAUpdaterCheck.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000268616 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\OperateCardLib.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000368968 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\DeviceFaultDetectPlugin.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000622920 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\hwa_plugin_NPS.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000023880 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\MBAServerCheckPlugin.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000167752 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\MonPowerPlugin.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000070472 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\MonProcessPlugin.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000081736 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\MonSysStatePlugin.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000069448 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\MonWndPlugin.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000058696 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\PluginsManager.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001584456 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\PowerPolicyPlugin.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000852808 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\PushAgent.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001325384 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\plugins\SystemDetectPlugin.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000016712 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\WAESDLL.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000116552 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\Huawei\PCManager\zlib1.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001984840 _____ (Huawei Technologies Co., Ltd. -> Apache Software Foundation) [File not signed] C:\Program Files\Huawei\HwOsd\log4cxx.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001984840 _____ (Huawei Technologies Co., Ltd. -> Apache Software Foundation) [File not signed] C:\Program Files\Huawei\PCManager\log4cxx.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000175432 _____ (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed] C:\Program Files\Huawei\HwOsd\HardwareHal.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001539912 _____ (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed] C:\Program Files\Huawei\HwOsd\Util.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000175432 _____ (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed] C:\Program Files\Huawei\PCManager\HardwareHal.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000112456 _____ (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed] C:\Program Files\Huawei\PCManager\HardwareSdk.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000065864 _____ (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed] C:\Program Files\Huawei\PCManager\MonProcess.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001539912 _____ (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) [File not signed] C:\Program Files\Huawei\PCManager\Util.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001746248 _____ (Huawei Technologies Co., Ltd. -> SQLite Development Team) [File not signed] C:\Program Files\Huawei\HwOsd\sqlite3.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001746248 _____ (Huawei Technologies Co., Ltd. -> SQLite Development Team) [File not signed] C:\Program Files\Huawei\PCManager\sqlite3.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000388424 _____ (Huawei Technologies Co., Ltd. -> The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\Huawei\HwOsd\libcurl.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000388424 _____ (Huawei Technologies Co., Ltd. -> The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\Huawei\PCManager\libcurl.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 026210632 _____ (Huawei Technologies Co., Ltd. -> The ICU Project) [File not signed] C:\Program Files\Huawei\HwOsd\icudt58.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 002086216 _____ (Huawei Technologies Co., Ltd. -> The ICU Project) [File not signed] C:\Program Files\Huawei\HwOsd\icuin58.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001491784 _____ (Huawei Technologies Co., Ltd. -> The ICU Project) [File not signed] C:\Program Files\Huawei\HwOsd\icuuc58.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 026210632 _____ (Huawei Technologies Co., Ltd. -> The ICU Project) [File not signed] C:\Program Files\Huawei\PCManager\icudt58.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 002086216 _____ (Huawei Technologies Co., Ltd. -> The ICU Project) [File not signed] C:\Program Files\Huawei\PCManager\icuin58.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 001491784 _____ (Huawei Technologies Co., Ltd. -> The ICU Project) [File not signed] C:\Program Files\Huawei\PCManager\icuuc58.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 002102088 _____ (Huawei Technologies Co., Ltd. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Huawei\HwOsd\LIBEAY32.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000360264 _____ (Huawei Technologies Co., Ltd. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Huawei\HwOsd\SSLEAY32.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 002102088 _____ (Huawei Technologies Co., Ltd. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Huawei\PCManager\LIBEAY32.dll 2018-04-10 09:30 - 2018-04-10 09:30 - 000360264 _____ (Huawei Technologies Co., Ltd. -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Huawei\PCManager\SSLEAY32.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll 2018-04-30 21:24 - 2018-04-30 21:24 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2018-04-25 01:47 - 2018-04-25 01:47 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-612249682-4202380856-1698065691-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17swin10.msn.com/?PC=NSJE HKU\S-1-5-21-612249682-4202380856-1698065691-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://OEM17SWIN10.MSN.COM/?PC=NSJE ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 09:46 - 2021-02-08 21:27 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-612249682-4202380856-1698065691-1001\Control Panel\Desktop\\Wallpaper -> c:\users\wade\onedrive\desktop\girls1.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker" HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper" HKLM\...\StartupApproved\Run32: => "WD Quick View" HKU\S-1-5-21-612249682-4202380856-1698065691-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-612249682-4202380856-1698065691-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-612249682-4202380856-1698065691-1001\...\StartupApproved\Run: => "Amazon Music Helper" HKU\S-1-5-21-612249682-4202380856-1698065691-1001\...\StartupApproved\Run: => "Amazon Music" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{785F01A0-326D-4A6A-B40F-92F655A98765}] => (Allow) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe (Huawei Technologies Co., Ltd. -> ) [File not signed] FirewallRules: [{57293289-B424-44C7-8EC9-955EE02B4B12}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{4E593121-08EA-47C8-8A6F-C88B0B9FFA07}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CC652DDC-A513-471E-A176-4152F2E5568A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CDBAC615-6D7C-473E-9B69-736674EB669F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5B38E4DD-EF42-4D3C-BFDD-D01A7908DD00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{143DB065-6D20-4D05-8634-087041929DE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15629.20208.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{80298FD0-0103-427C-BBE9-2C71904BBDEC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3605D9EF-E02C-4BBC-8FFA-DD5C5FE092B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 25-09-2022 09:40:56 Windows Modules Installer 13-10-2022 18:36:54 Windows Modules Installer 22-10-2022 23:12:12 Scheduled Checkpoint 26-10-2022 10:10:16 Restore Point Created by FRST 26-10-2022 20:20:05 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (10/26/2022 08:21:31 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-4NE5FS8F$ via https://AMD-KeyId-05e994cc467c40568d8cd07cc98c7962a0293757.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-05e994cc467c40568d8cd07cc98c7962a0293757.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Thu, 27 Oct 2022 00:21:30 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 1d6c7ec7-f3dd-434b-89c1-ac6c84810b57 Method: GET(437ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (10/26/2022 11:49:45 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-4NE5FS8F$ via https://AMD-KeyId-05e994cc467c40568d8cd07cc98c7962a0293757.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-05e994cc467c40568d8cd07cc98c7962a0293757.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Wed, 26 Oct 2022 15:49:44 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 69f82d09-45e4-488f-88f9-251764395cbb Method: GET(328ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (10/26/2022 10:12:46 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-4NE5FS8F$ via https://AMD-KeyId-05e994cc467c40568d8cd07cc98c7962a0293757.microsoftaik.azure.net/templates/Aik/scep failed: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-05e994cc467c40568d8cd07cc98c7962a0293757.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Wed, 26 Oct 2022 14:12:43 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 25dab49f-27f1-43fc-9981-0cd6c11cdd04 Method: GET(422ms) Stage: GetCACaps Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (10/26/2022 10:12:21 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (10/26/2022 10:12:21 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (10/26/2022 10:12:21 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (10/26/2022 10:10:16 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2171ed0b-40c6-4caf-94f8-c19465754a18} Error: (10/26/2022 10:01:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 23.10.2022.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 17f4 Start Time: 01d8e9430a6c4c29 Termination Time: 4294967295 Application Path: C:\Users\Wade\Downloads\FRST64.exe Report Id: 91e5fd02-bc6e-435b-85ee-3cd6591c31d4 Faulting package full name: Faulting package-relative application ID: Hang type: Top level window is idle System errors: ============= Error: (10/28/2022 12:19:52 PM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (10/28/2022 12:19:52 PM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (10/28/2022 12:19:52 PM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (10/28/2022 11:50:02 AM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (10/28/2022 11:50:02 AM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (10/28/2022 11:50:02 AM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (10/27/2022 10:50:35 PM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Error: (10/27/2022 10:50:35 PM) (Source: MTConfig) (EventID: 1) (User: ) Description: An attempt to configure the input mode of a multitouch device failed. Windows Defender: ================ Date: 2022-10-26 11:22:58 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-10-26 03:01:06 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-10-25 23:07:08 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-10-25 22:43:19 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2022-10-25 19:15:21 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan  CodeIntegrity: =============== Date: 2022-10-22 22:45:24 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\TotalAV\wscf.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: HUAWEI 1.19 01/11/2019 Motherboard: HUAWEI KPL-W0X Processor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx Percentage of memory in use: 39% Total physical RAM: 7069.58 MB Available physical RAM: 4272.16 MB Total Virtual: 8221.58 MB Available Virtual: 4837.44 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:237.36 GB) (Free:182.98 GB) (Model: LITEON CV8-8E256) NTFS \\?\Volume{38965f00-0083-43f6-a798-2a33a7b7f4a4}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.48 GB) NTFS \\?\Volume{a3c90bc4-f030-4e42-aae4-a27a0935a741}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: AE297127) Partition: GPT. ==================== End of Addition.txt =======================