Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2025 Ran by butle (administrator) on JSBUTLER (HP HP Laptop 15-fd0xxx) (27-01-2025 02:14:54) Running from C:\Users\butle\OneDrive\Desktop\FRST64.exe Loaded Profiles: butle Platform: Microsoft Windows 11 Home Version 24H2 26100.2894 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (C:\Program Files\Norton\Suite\NortonSvc.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\aswEngSrv.exe (C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe (C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24112.110.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24112.110.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe (DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\BridgeCommunication.exe (DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2967a6eb0d3a7d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2967a6eb0d3a7d\ipf_helper.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21> (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonUI.exe <4> (services.exe ->) (FOR TESTING ONLY - IPF_PreProd_Cert -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_683097297aaa9bb4\ipfsvc.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\AppHelperCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\DiagsCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\NetworkCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\SysInfoCap.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2967a6eb0d3a7d\ipf_uf.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\afwServ.exe (services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\AvDump.exe (services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\nllToolsSvc.exe (services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonSvc.exe (services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\VpnSvc.exe (services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\aswidsagent.exe (services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\wsc_proxy.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e267cb29cfb4eaa6\RtkAudUService64.exe <2> (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe (svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\Overlay\OverlayHelper.exe (svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe (svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.21.12110.0_x64__8wekyb3d8bbwe\Solitaire.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileCoAuth.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2412.1001.22.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24121.37.0_x64__cw5n1h2txyewy\CrossDeviceService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e267cb29cfb4eaa6\RtkAudUService64.exe [2377704 2024-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [NortonUI.exe] => C:\Program Files\Norton\Suite\AvLaunch.exe [429160 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.127\Installer\setup.exe [6905896 2025-01-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-04-24] (HP Inc. -> HP Inc.) HKU\S-1-5-19\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe [16424 2020-03-07] (HP Inc. -> ) HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006904 2025-01-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-04-24] (HP Inc. -> HP Inc.) HKU\S-1-5-20\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe [16424 2020-03-07] (HP Inc. -> ) HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006904 2025-01-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-04-24] (HP Inc. -> HP Inc.) HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\Run: [MicrosoftEdgeAutoLaunch_90A1141CF9F6BC9FF7F1F056C715D384] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3923496 2025-01-24] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006904 2025-01-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\Run: [HP OfficeJet Pro 8720 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe [3770528 2021-11-15] (HP Inc. -> HP Inc.) HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\Run: [CanvaAutoLaunchAvailabilityCheckAgent] => C:\Users\butle\AppData\Local\Programs\Canva\Canva.exe [186736848 2024-12-24] (Canva -> Canva Pty Ltd) HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\RunOnce: [OGH_Reboot_Required] => [X] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\132.0.6834.110\Installer\chrmstp.exe [2025-01-22] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {E6C59205-791A-40E7-BD36-B0B0EFE64DA4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-19] (Adobe Inc. -> Adobe Inc.) Task: {4F2ABC29-333D-4AEF-AED7-4D5C14E46A81} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6947.0{14E0B715-B3AF-4655-8806-42124425BED9} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6947.0\updater.exe [5642336 2025-01-09] (Google LLC -> Google LLC) Task: {504A0168-98E6-4BF4-AD75-9A1DBB8CEF67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1003528 2024-12-17] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show Task: {1F3BB440-2F81-4409-9E4E-BFA2A30DC1CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [479984 2024-12-17] (HP Inc. -> HP Inc.) Task: {735B0245-AD62-4D51-8DA9-287E6C934913} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [231944 2024-12-17] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show Task: {DD3CB623-794A-4FC1-A395-8E4606DB0365} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1170440 2024-12-17] (HP Inc. -> HP Inc.) Task: {CBE8E904-265C-429A-8793-2F96B24B8047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN889C61SP => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1170440 2024-12-17] (HP Inc. -> HP Inc.) Task: {E4650971-6B69-44FB-AEFD-256F3D5D8FBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1170440 2024-12-17] (HP Inc. -> HP Inc.) Task: {3D15A1E2-04F9-424C-A375-921671C30A91} - System32\Tasks\HP\Consent Manager Launcher => C:\WINDOWS\system32\sc.exe [102400 2024-12-15] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice Task: {6AAC13EE-0C34-4D9A-89B3-12B710B6EB87} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [78288 2025-01-26] (HP Inc. -> HP Inc.) Task: {49C13591-E340-429D-BEE6-0C3532451FFD} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [78288 2025-01-26] (HP Inc. -> HP Inc.) Task: {4E7981C2-65C9-44E5-95BA-240CF5358294} - System32\Tasks\HP\HP PSDr\HP PSDr Printer Health Monitor => C:\Program Files (x86)\HP\HP Support Framework\Modules\PSDR\HPPSDrPrinterHealthMonitor.exe [67592 2024-12-17] (HP Inc. -> HP Inc.) Task: {5A7D5531-0206-4F3F-B37F-BFF1D67E637B} - System32\Tasks\HP\HP Support Assistant\sp150974.exe => C:\ProgramData\HP\HP Support Framework\Softpaq\14828\sp150974.exe [59530112 2024-02-28] (HP Inc. -> HP Inc.) -> C:\ProgramData\HP\HP Support Framework\Softpaq\14828\/s /e cmd.exe /a /c ""setup.exe" /L1033 /s /v/qn" Task: {1CC1E484-1952-4C4A-826D-E2836681F0FD} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312440 2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Task: {3500B34D-E5D7-460B-A400-DBE592E15CCC} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312440 2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Task: {7513767F-0FA8-44E4-8770-1456C374D61E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28751032 2025-01-09] (Microsoft Corporation -> Microsoft Corporation) Task: {2F1FDF63-22D9-4576-B5CC-F30CEAFDEAD8} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [67248 2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Task: {7EE91301-EDFB-4D24-9BB6-7507CC14D1BD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28751032 2025-01-09] (Microsoft Corporation -> Microsoft Corporation) Task: {862D9348-C11C-45CB-B4CA-6E0D5E5422D8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312440 2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Task: {FAE10835-D816-49CC-A143-4ACCC81C6461} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312440 2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Task: {C76F254F-1D2C-4AE0-BDE3-3E2F3CEF63D5} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [194672 2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Task: {E7FB2588-70EE-4466-96BC-21C879B71107} - System32\Tasks\Norton\Norton 360 Patcher => C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe [8661096 2024-12-16] (NortonLifeLock Inc. -> Gen Digital Inc.) Task: {5E6E35D3-2FD4-46FE-8424-C64E3F06B0BC} - System32\Tasks\Norton\Norton VPN Bug Report => C:\Program Files\Norton\Suite\AvBugReport.exe [5998184 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 187 --programpath "C:\Program Files\Norton\Suite" --configpath "C:\ProgramData\Norton\VPN" --path "C:\ProgramData\Norton\VPN\log" --path "C:\ProgramData\Norton\Icarus\Logs" --logpath "C:\ProgramData\Norton\VPN\log" --guid 4784b46d-a844-4a52-b7e5-f067bc5f71c6 Task: {7E1AFFB1-6B19-4771-ADA0-3DF8CF2032DD} - System32\Tasks\Norton\Overseer => C:\Program Files\Common Files\Norton\Overseer\overseer.exe [2566760 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) Task: {31D8E8B1-79D0-4A02-94C7-DBE62B7B0338} - System32\Tasks\Norton\Suite Emergency Update => C:\Program Files\Norton\Suite\AvEmUpdate.exe [5215848 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) Task: {E33D41D8-A3BE-4BDC-B6D9-E01CF0934792} - System32\Tasks\OmenInstallMonitor => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [72656 2025-01-26] (HP Inc. -> HP Inc.) Task: {67436250-B416-4837-9F76-62F38290F580} - System32\Tasks\OmenInstallMonitorCustomEvent => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [72656 2025-01-26] (HP Inc. -> HP Inc.) Task: {F4BAC65F-8A9E-495E-AC3F-F947D6113F9A} - System32\Tasks\OmenOverlay => C:\Program Files\HP\Overlay\OverlayHelper.exe [67024 2025-01-26] (HP Inc. -> HP Inc.) Task: {6583F266-7A24-4FB2-8058-4EE02D56C9C8} - System32\Tasks\OmenOverlayCustomEvent => C:\Program Files\HP\Overlay\OverlayHelper.exe [67024 2025-01-26] (HP Inc. -> HP Inc.) Task: {2A32E030-85A1-4CFB-88BA-CBAA7DA37C27} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222504 2025-01-16] (Microsoft Corporation -> Microsoft Corporation) Task: {24495607-E784-4573-ADE0-FB7939ABD38A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3839441441-1830215674-2231628907-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222504 2025-01-16] (Microsoft Corporation -> Microsoft Corporation) Task: {9CEF4548-AF7E-447D-A06D-F34E6B73B506} - System32\Tasks\SystemOptimizer => C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe [157648 2025-01-26] (HP Inc. -> HP Inc.) Task: {CEA1810E-DEF0-476D-9F62-1A6A25DD0687} - System32\Tasks\SystemOptimizerCustomEvent => C:\Program Files\HP\SystemOptimizer\SystemOptimizer.exe [157648 2025-01-26] (HP Inc. -> HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{842a06a4-19ce-4f28-8c61-44ca6f7ea625}: [NameServer] 10.10.0.1 Tcpip\..\Interfaces\{c22eadae-f74f-442b-bbf0-2c66bcae4eb2}: [DhcpNameServer] 192.168.1.254 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\butle\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-27] Edge Notifications: Default -> hxxps://calendar.google.com; hxxps://www.facebook.com Edge HomePage: Default -> hxxps://www.google.ca/webhp?authuser=2 Edge StartupUrls: Default -> "hxxps://www.google.ca/" Edge DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?omnisearch=yes&q={searchTerms} Edge DefaultSearchKeyword: Default -> nortonsafe Edge DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms} Edge Extension: (Norton Safe Web) - C:\Users\butle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2025-01-07] Edge Extension: (Google Docs Offline) - C:\Users\butle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-23] Edge Extension: (Norton Safe Search) - C:\Users\butle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikkagnliefbhcdgnnhfidhhbocdhkdeb [2025-01-26] Edge Extension: (Edge relevant text changes) - C:\Users\butle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-12-05] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-12-05] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-12-05] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-12-05] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2024-12-05] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-16] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default [2025-01-25] CHR Extension: (Google Docs Offline) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-11-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\butle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-11-24] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-19] (Adobe Inc. -> Adobe Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13617896 2025-01-09] (Microsoft Corporation -> Microsoft Corporation) R2 dptftcs; C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_683097297aaa9bb4\ipfsvc.exe [562040 2024-05-24] (FOR TESTING ONLY - IPF_PreProd_Cert -> Intel Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncHelper.exe [3530280 2025-01-16] (Microsoft Corporation -> Microsoft Corporation) S2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2500072 2024-11-26] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [220464 2023-04-10] (Gamigo Inc. -> ) S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [475680 2023-04-14] (HP Inc. -> HP Inc.) R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\AppHelperCap.exe [887904 2024-12-10] (HP Inc. -> HP Inc.) R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\DiagsCap.exe [886392 2024-12-10] (HP Inc. -> HP Inc.) R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\NetworkCap.exe [882296 2024-12-10] (HP Inc. -> HP Inc.) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-01-26] (HP Inc. -> HP Inc.) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP) R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1d34c425fe5300d\x64\SysInfoCap.exe [887392 2024-12-10] (HP Inc. -> HP Inc.) R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-08] (HP Inc. -> HP Inc.) S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation) S2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_f1ee27a36959d31b\AS\IAS\IntelAudioService.exe [532944 2024-10-16] (Intel Corporation -> Intel) R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2967a6eb0d3a7d\ipf_uf.exe [3084992 2024-05-21] (Intel Corporation -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2025-01-26] (Malwarebytes Inc. -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-26] (Malwarebytes Inc. -> Malwarebytes) R3 nllbIDSAgent; C:\Program Files\Norton\Suite\aswidsagent.exe [7641704 2024-12-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.) R2 Norton Antivirus; C:\Program Files\Norton\Suite\NortonSvc.exe [779880 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) R2 Norton Firewall; C:\Program Files\Norton\Suite\afwServ.exe [2376296 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) R2 Norton Tools; C:\Program Files\Norton\Suite\nllToolsSvc.exe [1230952 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) R2 nortonAvDumper64; C:\Program Files\Norton\Suite\AvDump.exe [3498088 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) R2 NortonVpn; C:\Program Files\Norton\Suite\VpnSvc.exe [12924008 2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) R2 NortonWscReporter; C:\Program Files\Norton\Suite\wsc_proxy.exe [76552 2024-12-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.244.1204.0003\OneDriveUpdaterService.exe [3876392 2025-01-16] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation) S2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\butle\AppData\Roaming\Zoom" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R0 fse; C:\WINDOWS\System32\drivers\fse.sys [222528 2024-12-15] (Microsoft Windows -> Microsoft Corporation) S3 GSCx64; C:\WINDOWS\System32\DriverStore\FileRepository\gscheci.inf_amd64_b9e8b3b7b7afc367\TeeDriverGSCW8x64.sys [279088 2023-06-26] (Intel Corporation -> Intel Corporation) R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.) R2 HpReadHWData; C:\WINDOWS\system32\drivers\HpReadHWData.sys [57952 2024-12-20] (HP Inc. -> Windows (R) Win 7 DDK provider) R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_6f8ae740d22247ce\iaLPSS2_GPIO2_ADL.sys [141288 2024-05-16] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_563fbcd35feb69a6\iaLPSS2_I2C_ADL.sys [211432 2024-05-16] (Intel Corporation -> Intel Corporation) S3 iaLPSS2_SPI_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_334c460fea9b11a4\iaLPSS2_SPI_ADL.sys [171608 2022-12-14] (Intel Corporation -> Intel Corporation) S3 iaLPSS2_UART2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_43d5df63d19fde70\iaLPSS2_UART2_ADL.sys [329320 2022-12-14] (Intel Corporation -> Intel Corporation) R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_8e2f374849f1eba9\gna.sys [90208 2024-01-12] (Intel Corporation -> Intel Corporation) R3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_c4581e5c36b81f6c\ipf_acpi.sys [88656 2024-05-21] (Intel Corporation -> Intel Corporation) R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2967a6eb0d3a7d\ipf_cpu.sys [88144 2024-05-21] (Intel Corporation -> Intel Corporation) R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2967a6eb0d3a7d\ipf_lf.sys [499392 2024-05-21] (Intel Corporation -> Intel Corporation) S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [140728 2024-12-15] (Microsoft Windows -> Microsoft Corporation) R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [232024 2025-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-01-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [234168 2025-01-26] (Malwarebytes Inc. -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [80448 2025-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-01-26] (Malwarebytes Inc. -> Malwarebytes) R0 nllArDisk; C:\WINDOWS\System32\drivers\nllArDisk.sys [20560 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllArPot; C:\WINDOWS\System32\drivers\nllArPot.sys [235088 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllbidsdriver; C:\WINDOWS\System32\drivers\nllbidsdriver.sys [383056 2025-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllbidsh; C:\WINDOWS\System32\drivers\nllbidsh.sys [296016 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllbuniv; C:\WINDOWS\System32\drivers\nllbuniv.sys [84560 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllElam; C:\WINDOWS\System32\drivers\nllElam.sys [28280 2024-12-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.) R1 nllKbd; C:\WINDOWS\System32\drivers\nllKbd.sys [28728 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllMonFlt; C:\WINDOWS\System32\drivers\nllMonFlt.sys [275024 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllNetHub; C:\WINDOWS\System32\drivers\nllNetHub.sys [550992 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllRdr; C:\WINDOWS\System32\drivers\nllRdr2.sys [98360 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllRvrt; C:\WINDOWS\System32\drivers\nllRvrt.sys [69712 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllSnx; C:\WINDOWS\System32\drivers\nllSnx.sys [955960 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllSP; C:\WINDOWS\System32\drivers\nllSP.sys [1424952 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R3 nllStm; C:\WINDOWS\System32\drivers\nllStm.sys [204344 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllVmm; C:\WINDOWS\System32\drivers\nllVmm.sys [381488 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R3 nllVpnRdr; C:\WINDOWS\System32\drivers\nllVpnRdr.sys [80504 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifelock Inc.) R3 nllWintun; C:\WINDOWS\System32\drivers\nllWintun.sys [40640 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.) S3 nllWireGuard; C:\WINDOWS\System32\drivers\nllWireguard.sys [174680 2024-12-27] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.) R3 RtkBtFilter2; C:\WINDOWS\System32\drivers\RtkBtFilter2.sys [176608 2024-09-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2024-12-15] (Microsoft Windows -> Microsoft Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20936 2024-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601376 2024-05-05] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-05-05] (Microsoft Windows -> Microsoft Corporation) S3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_1f9e32519098c0b6\WSDPrint.sys [57344 2024-12-15] (Microsoft Windows -> Microsoft Corporation) S3 WSDScan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_971c769b103df369\WSDScan.sys [61440 2024-12-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2025-01-27 02:14 - 2025-01-27 02:15 - 000034352 _____ C:\Users\butle\OneDrive\Desktop\FRST.txt 2025-01-26 15:13 - 2025-01-26 15:13 - 000000000 ____D C:\Users\butle\AppData\Local\ToastNotificationManagerCompat 2025-01-26 14:04 - 2025-01-26 14:04 - 008790880 _____ (Malwarebytes) C:\Users\butle\Downloads\AdwCleaner.exe 2025-01-26 13:05 - 2025-01-26 14:02 - 000000000 ____D C:\AdwCleaner 2025-01-26 13:04 - 2025-01-26 13:04 - 008790880 _____ (Malwarebytes) C:\Users\butle\OneDrive\Desktop\AdwCleaner.exe 2025-01-26 12:55 - 2025-01-26 12:55 - 000234168 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys 2025-01-26 12:55 - 2025-01-26 12:55 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2025-01-26 12:54 - 2025-01-27 02:06 - 000000000 ____D C:\Users\butle\AppData\Local\Malwarebytes 2025-01-26 12:54 - 2025-01-26 12:54 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2025-01-26 12:53 - 2025-01-26 12:53 - 000000000 ____D C:\ProgramData\Malwarebytes 2025-01-26 12:53 - 2025-01-26 12:53 - 000000000 ____D C:\Program Files\Malwarebytes 2025-01-26 12:52 - 2025-01-26 12:52 - 002833136 _____ (Malwarebytes) C:\Users\butle\Downloads\MBSetup.exe 2025-01-26 01:29 - 2025-01-27 02:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2025-01-22 22:53 - 2025-01-27 02:15 - 000000000 ____D C:\FRST 2025-01-22 22:52 - 2025-01-22 22:53 - 002403328 _____ (Farbar) C:\Users\butle\OneDrive\Desktop\FRST64.exe 2025-01-22 22:49 - 2025-01-22 23:33 - 000000000 ___RD C:\Users\butle\OneDrive\Desktop\Geeks2Go 2025-01-20 22:29 - 2025-01-20 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom 2025-01-19 17:59 - 2025-01-19 17:59 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2025-01-16 18:33 - 2025-01-16 18:33 - 000048583 _____ C:\Users\butle\Downloads\guitarlessonjan152025.zip 2025-01-15 22:28 - 2024-12-04 03:34 - 006662080 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2025-01-15 12:09 - 2025-01-16 18:29 - 000000514 _____ C:\Users\butle\OneDrive\Desktop\Zetland To Do.txt 2025-01-14 23:48 - 2025-01-26 03:15 - 000000000 ____D C:\WINDOWS\CbsTemp 2025-01-06 12:10 - 2024-09-24 20:59 - 020221168 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPRes.dll 2025-01-06 12:10 - 2024-09-24 20:59 - 004466392 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPEnh.exe 2025-01-06 12:10 - 2024-09-24 20:59 - 001126512 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll 2025-01-06 12:10 - 2024-09-24 20:59 - 000814320 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys 2025-01-06 12:10 - 2024-09-24 20:59 - 000429296 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPEnhService.exe 2025-01-06 12:10 - 2024-09-24 20:59 - 000331376 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll 2025-01-05 22:28 - 2025-01-05 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader 2024-12-29 19:53 - 2024-12-29 19:53 - 000002264 _____ C:\Users\butle\AppData\LocalLow\81d726d76eb1592405d70a3de525bf0cd32d0ce43948827cd8619ca9f53bb534 2024-12-29 01:16 - 2024-12-29 01:16 - 000002264 _____ C:\Users\butle\AppData\LocalLow\823ba6a17db81a8187542cd6d1a71d9bb3ca622bb00d3860e44ba825ca8ab6ee ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2025-01-27 02:15 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SystemTemp 2025-01-27 02:13 - 2024-12-15 14:28 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2025-01-27 02:13 - 2024-12-15 14:28 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2025-01-27 02:13 - 2024-12-15 14:28 - 000003358 _____ C:\WINDOWS\system32\Tasks\OmenInstallMonitorCustomEvent 2025-01-27 02:13 - 2024-12-15 14:28 - 000003334 _____ C:\WINDOWS\system32\Tasks\SystemOptimizerCustomEvent 2025-01-27 02:13 - 2024-12-15 14:28 - 000003296 _____ C:\WINDOWS\system32\Tasks\OmenOverlayCustomEvent 2025-01-27 02:13 - 2024-12-15 14:28 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2025-01-27 02:13 - 2024-12-15 14:28 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3839441441-1830215674-2231628907-1001 2025-01-27 02:13 - 2024-12-15 14:28 - 000002918 _____ C:\WINDOWS\system32\Tasks\OmenInstallMonitor 2025-01-27 02:13 - 2024-12-15 14:28 - 000002894 _____ C:\WINDOWS\system32\Tasks\SystemOptimizer 2025-01-27 02:13 - 2024-12-15 14:28 - 000002858 _____ C:\WINDOWS\system32\Tasks\OmenOverlay 2025-01-27 02:13 - 2024-12-15 14:28 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2025-01-27 01:32 - 2024-12-15 14:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2025-01-27 01:32 - 2023-10-06 12:35 - 000000000 ____D C:\Users\butle\AppData\Local\OGH 2025-01-26 18:03 - 2024-04-01 00:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2025-01-26 16:30 - 2024-01-11 03:15 - 000245341 _____ C:\Users\butle\AppData\LocalLow\4a78f3e5c6247c6a4890f4e462e1f041286224a63c30ac8cbb70097e25a504bc 2025-01-26 15:14 - 2024-01-30 01:30 - 000013454 _____ C:\Users\butle\AppData\LocalLow\1dc6c00a8ccb1ba456966b5f470493e9b53380f303883ce5012e6c64eb5a9a36 2025-01-26 15:14 - 2023-10-05 17:43 - 000000000 ____D C:\Users\butle\AppData\Local\D3DSCache 2025-01-26 15:14 - 2023-07-07 12:13 - 000000000 ____D C:\Program Files\HP 2025-01-26 15:13 - 2024-06-24 22:16 - 000000000 ____D C:\Users\Default\AppData\Local\HP 2025-01-26 15:13 - 2024-04-01 00:26 - 000000000 ___HD C:\Program Files\WindowsApps 2025-01-26 15:13 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\AppReadiness 2025-01-26 15:13 - 2022-11-02 21:35 - 000000000 ____D C:\ProgramData\Packages 2025-01-26 15:12 - 2024-12-15 14:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP 2025-01-26 15:12 - 2023-10-07 20:50 - 000000000 ____D C:\Program Files\HPPrintScanDoctor 2025-01-26 14:23 - 2024-01-12 14:48 - 000000130 _____ C:\Users\butle\AppData\LocalLow\9561ed9a0b78144747fa26e4c4fd2a49defb5e38fac37da7863fcf98aeb7cb48 2025-01-26 14:10 - 2024-01-11 12:46 - 000000130 _____ C:\Users\butle\AppData\LocalLow\aae5869fa0bec4d8d27610345766f7ef02e2889cb0620366db786ae3c9e60f86 2025-01-26 14:09 - 2024-01-11 12:46 - 000031263 _____ C:\Users\butle\AppData\LocalLow\96b4e09f9d106d02c2df9d25efab0623acb10b2aa352982ff915d2fb958abe41 2025-01-26 14:07 - 2024-01-12 14:48 - 000614813 _____ C:\Users\butle\AppData\LocalLow\5fc18818885154e2f8f5ba65eec1eefad757bab62ecbde0aab33b042f4d9d547 2025-01-26 14:02 - 2024-04-10 10:11 - 000086833 _____ C:\Users\butle\AppData\LocalLow\d9ec534cb2b823c433950a0b29f3bf43af91d7e4baf3bdf47287f351b9b522df 2025-01-26 12:54 - 2024-04-01 00:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2025-01-26 12:54 - 2024-04-01 00:24 - 000000000 ____D C:\WINDOWS\INF 2025-01-26 02:39 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\ServiceState 2025-01-26 01:17 - 2023-10-05 17:45 - 000000000 ___RD C:\Users\butle\OneDrive 2025-01-25 16:27 - 2024-12-15 14:29 - 000842280 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2025-01-25 16:23 - 2024-12-15 14:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2025-01-25 16:23 - 2024-12-15 14:25 - 000001606 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 2025-01-25 16:23 - 2023-10-06 09:20 - 000000000 ____D C:\ProgramData\Norton 2025-01-25 16:23 - 2022-11-02 21:32 - 000012288 ___SH C:\DumpStack.log.tmp 2025-01-25 16:16 - 2024-04-01 00:21 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2025-01-25 16:15 - 2024-10-24 11:59 - 000000000 ____D C:\Users\butle\AppData\LocalLow\Temp 2025-01-25 16:15 - 2023-10-05 17:44 - 000000000 ____D C:\Users\butle\AppData\Local\PlaceholderTileLogoFolder 2025-01-25 16:15 - 2023-10-05 17:32 - 000000000 ____D C:\Users\butle\AppData\Local\Packages 2025-01-25 14:27 - 2022-11-02 21:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2025-01-22 14:23 - 2024-11-24 12:56 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2025-01-20 22:34 - 2024-06-05 12:50 - 000262274 _____ C:\Users\butle\AppData\LocalLow\d7ab55b136db7af61d358961466174c44b88e0abcf74413efc14283cf253191f 2025-01-20 22:34 - 2024-06-05 12:50 - 000000130 _____ C:\Users\butle\AppData\LocalLow\0d8ce0cf35aa7c7d3119ff805ea411913e9063dbbfde48d90472b24757f677cb 2025-01-20 22:29 - 2024-10-30 21:13 - 000000000 ____D C:\Program Files\Zoom 2025-01-19 18:04 - 2023-10-06 22:16 - 000000000 ____D C:\Users\butle\AppData\Roaming\Microsoft\Word 2025-01-19 18:00 - 2024-04-01 00:26 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2025-01-19 18:00 - 2023-10-06 22:06 - 000000000 ____D C:\Program Files\Microsoft Office 2025-01-19 14:03 - 2024-06-05 14:00 - 000225178 _____ C:\Users\butle\AppData\LocalLow\95b0b2480c9a6ca64b48551cac8b5e53ceaf41808ca1ac1375894f173800fe01 2025-01-18 18:22 - 2024-01-18 15:46 - 000000130 _____ C:\Users\butle\AppData\LocalLow\c66ea2d0c43a5ab0f82ad7cad0e5b71023e6a7c78bf47e45c6fedaab1806b45d 2025-01-18 18:21 - 2024-01-18 15:46 - 000021287 _____ C:\Users\butle\AppData\LocalLow\5642129d91fd36633bafcdfcb905f769dd89380fe5f84073508767d36ed1ce04 2025-01-17 23:38 - 2023-10-06 22:18 - 000000000 ____D C:\Users\butle\AppData\Roaming\Microsoft\Excel 2025-01-16 20:36 - 2023-11-05 14:34 - 000000000 ____D C:\Users\butle\AppData\Roaming\Canva 2025-01-16 05:32 - 2024-01-11 03:31 - 000016811 _____ C:\Users\butle\AppData\LocalLow\ef54eddb2ded8674d924a92863f229125f4b7962e4f7fe0c46c7682970b66a1d 2025-01-16 03:45 - 2024-12-15 14:24 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK 2025-01-16 03:45 - 2023-10-08 02:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2025-01-15 20:09 - 2023-10-06 22:11 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2025-01-15 13:59 - 2024-04-01 00:26 - 000000000 ____D C:\ProgramData\USOPrivate 2025-01-15 13:43 - 2024-12-15 14:24 - 000493512 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2025-01-15 13:42 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\SystemResources 2025-01-15 13:42 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2025-01-15 13:42 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2025-01-15 13:42 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\bcastdvr 2025-01-15 11:21 - 2024-06-05 14:00 - 000000026 _____ C:\Users\butle\AppData\LocalLow\37946076e56186c3488739aed986e139d4728855a68844f32e036f83e51e8c36 2025-01-15 02:44 - 2023-10-06 12:34 - 000000000 ____D C:\WINDOWS\system32\MRT 2025-01-14 21:40 - 2023-10-06 12:34 - 206927936 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2025-01-14 13:21 - 2023-10-06 09:47 - 000000000 ____D C:\Users\butle\AppData\Local\CrashDumps 2025-01-09 13:24 - 2024-12-26 22:21 - 000383056 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\nllbidsdriver.sys 2025-01-08 17:51 - 2023-09-05 22:10 - 000000000 ____D C:\Program Files (x86)\Realtek 2025-01-08 14:42 - 2024-04-01 00:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth 2025-01-02 16:25 - 2023-10-06 10:37 - 000004321 _____ C:\Users\butle\OneDrive\Desktop\Contact info.txt 2025-01-02 10:45 - 2024-01-11 03:31 - 000000026 _____ C:\Users\butle\AppData\LocalLow\236b4e3e9d3b30821e20fc1082b4627565dab061dbbb2f3b0c8c5c34c1c75fee 2025-01-02 01:37 - 2023-10-06 10:36 - 000000000 ____D C:\Users\butle\OneDrive\Desktop\Zetland 2024-12-30 22:03 - 2024-02-08 00:33 - 000005621 _____ C:\Users\butle\AppData\LocalLow\6c64d65d9da3abefa1a4d301a5579aa93c644fe96aaeb293e658ff5b441ffcc7 2024-12-29 12:10 - 2024-01-11 00:45 - 000002264 _____ C:\Users\butle\AppData\LocalLow\ab43ebc6fba7691c182de163f369d401a06a2d0e629b0dbcc8c2932757ecda52 2024-12-29 11:19 - 2024-01-13 14:28 - 000002264 _____ C:\Users\butle\AppData\LocalLow\293c28e268efa354785bbc8c09f9046cd78c0292ce35b91aeffb605b8364ac12 2024-12-29 01:16 - 2024-01-30 01:30 - 000000026 _____ C:\Users\butle\AppData\LocalLow\943971334c50f0517bdc61808505f922998cecb5c10254d7b37090a176a26d61 2024-12-29 01:16 - 2024-01-11 00:34 - 000006740 _____ C:\Users\butle\AppData\LocalLow\16d253a824dd932f7254a75238749bf1ac7ebfd4727516d4bcdcf9f798579f9c 2024-12-29 01:15 - 2024-12-15 14:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard 2024-12-29 01:15 - 2024-04-10 10:11 - 000000026 _____ C:\Users\butle\AppData\LocalLow\6d7c2a7b445f7857f49fc3983f8d03f9864b9f42ad3aef83d8710cdc776beb38 2024-12-29 01:15 - 2024-01-11 03:15 - 000002264 _____ C:\Users\butle\AppData\LocalLow\388432ce7fee1a113d46753a964a15dfff163693c0c044b0e8fdc62e2169a3c1 2024-12-29 01:15 - 2024-01-11 03:15 - 000000026 _____ C:\Users\butle\AppData\LocalLow\10a4dca5d4e4c061e5be589b05c7453a289bc5897d5dfde751f9ade306a1ddcc 2024-12-28 20:52 - 2023-10-05 18:01 - 000000000 ____D C:\Users\butle\AppData\Local\HP ==================== Files in the root of some directories ======== 2023-10-10 20:11 - 2023-10-10 20:11 - 000007605 _____ () C:\Users\butle\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================