Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2025 Ran by butle (27-01-2025 02:16:38) Running from C:\Users\butle\OneDrive\Desktop Microsoft Windows 11 Home Version 24H2 26100.2894 (X64) (2024-12-15 21:28:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3839441441-1830215674-2231628907-500 - Administrator - Disabled) butle (S-1-5-21-3839441441-1830215674-2231628907-1001 - Administrator - Enabled) => C:\Users\butle DefaultAccount (S-1-5-21-3839441441-1830215674-2231628907-503 - Limited - Disabled) Guest (S-1-5-21-3839441441-1830215674-2231628907-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3839441441-1830215674-2231628907-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {343E1860-FD6F-AB8D-96E4-A5006AA98D2C} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 (Enabled) {0C059945-B700-AAD5-BDBB-0C35947ACA57} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Canva (HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2) (Version: 1.101.0 - Canva Pty Ltd) Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2024.4.0.27683 - Foxit Software Inc.) Google Chrome (HKLM\...\{53B568B1-41B1-3D05-B14F-FC57035DA908}) (Version: 132.0.6834.110 - Google LLC) Guitar Pro 8 (HKLM\...\com.arobas-music.guitarpro8_is1) (Version: 8.1.1-17 - Arobas Music) HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.20.0 - HP Inc) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP OfficeJet Pro 8720 Basic Device Software (HKLM\...\{59944A30-0BDB-424E-B033-7134067C0182}) (Version: 40.15.1230.21319 - HP Inc.) HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP) Malwarebytes version 5.2.5.158 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.5.158 - Malwarebytes) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18429.20044 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\{DE493D86-8367-3619-97B6-69B997F0DBE3}) (Version: 132.0.2957.127 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 132.0.2957.127 - Microsoft Corporation) Hidden Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.244.1204.0003 - Microsoft Corporation) Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.14501 - Microsoft) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden Norton 360 (HKLM\...\Norton 360) (Version: 24.12.9725.1248 - Gen Digital Inc.) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20044 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20044 - Microsoft Corporation) Hidden Standard Soundbank (HKLM\...\com.arobas-music.soundbank.standard_is1) (Version: 2.0.0-9 - Arobas Music) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - gamigo, Inc.) Hidden Welcome to Primrose Lake (HKLM-x32\...\WTA-d6c55a7e-7e80-4bfb-a0b5-7df32d6ade41) (Version: 7.0.0.877 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 5.0.0.342 - WildTangent) WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 7.0.0.886 - WildTangent) Hidden Windows Subsystem for Linux Update (HKLM\...\{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}) (Version: 5.10.102.1 - Microsoft Corporation) Zoom Workplace (64-bit) (HKLM\...\{27AE7462-439F-4DB5-8307-C9379670F114}) (Version: 6.3.56144 - Zoom) Packages: ========= AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-04] (INTEL CORP) [Startup Task] Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.27.0_x64__xbfy0k16fey96 [2024-09-27] (Dropbox Inc.) Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2024-11-07] (HP Inc.) HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.51.329.0_x64__v10z8vjag6ke6 [2024-11-07] (HP Inc.) HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.4.0_x64__v10z8vjag6ke6 [2024-12-20] (HP Inc.) HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-09-27] (HP Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_157.1.1186.0_x64__v10z8vjag6ke6 [2025-01-26] (HP Inc.) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6 [2024-12-20] (HP Inc.) HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6 [2025-01-26] (HP Inc.) Ink.Handwriting.en-CA.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-CA.1.0_0.645.1237.0_x64__8wekyb3d8bbwe [2025-01-25] (Microsoft Corporation) Ink.Handwriting.en-CA.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-CA.1.0_0.645.1237.0_x86__8wekyb3d8bbwe [2025-01-25] (Microsoft Corporation) Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.645.1237.0_x64__8wekyb3d8bbwe [2024-10-21] (Microsoft Corporation) Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.645.1237.0_x86__8wekyb3d8bbwe [2024-10-21] (Microsoft Corporation) Ink.Handwriting.Main.en-CA.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-CA.1.0_0.645.1237.0_x64__8wekyb3d8bbwe [2025-01-25] (Microsoft Corporation) Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.645.1237.0_x64__8wekyb3d8bbwe [2024-10-21] (Microsoft Corporation) Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23306.1292.0_x64__8wekyb3d8bbwe [2024-12-04] (Microsoft Corporation) Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2412.12002.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Corporation) [Startup Task] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-10-06] (Microsoft Corp.) Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.6.12100.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Studios) Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_4.5.4011.0_x64__8wekyb3d8bbwe [2024-10-21] (Microsoft Studios) Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.11.8191.0_x64__8wekyb3d8bbwe [2024-09-04] (Microsoft Studios) Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_4.5.10081.0_x64__8wekyb3d8bbwe [2024-11-07] (Microsoft Studios) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_54.20907.567.0_x64__8wekyb3d8bbwe [2024-09-27] (Microsoft Corporation) myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_39.52446.140.0_x64__v10z8vjag6ke6 [2024-12-04] (HP Inc.) [Startup Task] OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-01-20] () OMEN Gaming Hub -> C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6 [2025-01-26] (HP Inc.) [Startup Task] SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0 [2025-01-26] (Spotify AB) [Startup Task] Tubi - Free Movies and TV -> C:\Program Files\WindowsApps\TubiInc.Tubi-FreeMoviesandTV_2.0.2.0_neutral__6e499re8j0dp2 [2024-11-24] (Tubi, Inc.) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-20] (WhatsApp Inc.) [Startup Task] WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-10-07] (Microsoft Corp.) WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-26] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_6000.318.2304.0_x64__8wekyb3d8bbwe [2024-12-04] (Microsoft Corp.) Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-10-06] (Microsoft Corporation) Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-10-06] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3839441441-1830215674-2231628907-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-3839441441-1830215674-2231628907-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\butle\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.14501\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3839441441-1830215674-2231628907-1001_Classes\CLSID\{2124CC3E-D36E-4F50-9016-2BDE35590E0F} -> [Jeremy's S23] => C:\Users\butle\CrossDevice\Jeremy's S23 [2024-12-11 14:19] CustomCLSID: HKU\S-1-5-21-3839441441-1830215674-2231628907-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-3839441441-1830215674-2231628907-1001_Classes\CLSID\{7d043d4e-4259-f459-3630-7b434fd7752c}\localserver32 -> C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe (HP Inc. -> HP Inc.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ BUOverlayExcluded] -> {42DE06EE-09E4-4808-A8AA-F63B1D3F6CE5} => C:\Program Files\Norton\Suite\ashShell.dll [2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [ BUOverlayPending] -> {5A4597A9-CC87-4ED2-A7E5-3BC62CF54901} => C:\Program Files\Norton\Suite\ashShell.dll [2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [ BUOverlayProtected] -> {9C11454A-4B5C-4586-B0BB-E51BB6033668} => C:\Program Files\Norton\Suite\ashShell.dll [2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers3: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-26] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.244.1204.0003\FileSyncShell64.dll [2025-01-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-26] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2024-12-27] (NortonLifeLock Inc. -> Gen Digital Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2024-12-29 01:26 - 2024-12-29 01:26 - 000869376 _____ (.NET Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Microsoft.T417b639d#\c08a2f33227680a01c25895153c2df2d\Microsoft.Toolkit.Uwp.Notifications.ni.dll 2024-12-29 01:26 - 2024-12-29 01:26 - 000432128 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\LauncherSDK\5dfa3daa8a6749a11f0f5a487763bae6\LauncherSDK.ni.dll 2024-12-29 01:26 - 2024-12-29 01:26 - 000037888 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Logging\f83258b406f7e0011032448137b9e628\Logging.ni.dll 2024-12-29 01:26 - 2024-12-29 01:26 - 000153088 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\RpcClient\4a6b1adc04dc4061c28f65e3c7a587e7\RpcClient.ni.dll 2024-12-29 01:26 - 2024-12-29 01:26 - 000118272 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\WMISDK\d49e3e748bf8439a8b13f5af10cd6caa\WMISDK.ni.dll 2024-12-29 01:26 - 2024-12-29 01:26 - 003884544 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\ee10bc4e78e9ccd4dd117ff08dbaee77\Newtonsoft.Json.ni.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\butle\OneDrive\Desktop\AdwCleaner.exe:MBAM.Zone.Identifier [214] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nllSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nllSP.sys => ""="Driver" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-12-17] (HP Inc. -> HP Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-16] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-12-17] (HP Inc. -> HP Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-20] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-01-20] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2022-05-06 22:24 - 2022-05-06 22:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2023-10-10 20:18 - 2023-10-10 20:18 - 000000434 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.27.160.1 JsButler.mshome.net # 2028 10 1 9 3 18 26 596 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\butle\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\18058909138496629256\133823048729769945.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. Network Binding: ============= Wi-Fi: Realtek RTL8852BE WiFi 6 802.11ax PCIe Adapter -> rtwlane601.sys Norton VPN: Norton VPN Wintun Adapter -> nllWintun.sys Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys vms_vsf: Hyper-V Virtual Switch Extension Filter ms_l1vhlwf: Nested Network Virtualization vms_vsp: Hyper-V Virtual Switch Extension Protocol ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\StartupApproved\Run: => "NoxMultiPlayer" HKU\S-1-5-21-3839441441-1830215674-2231628907-1001\...\StartupApproved\Run: => "CanvaAutoLaunchAvailabilityCheckAgent" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{08B0D5F9-EC11-4269-82F8-06067AF78697}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D8850F9E-4171-4431-B442-0A4F462164EE}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.) FirewallRules: [{B0AFA11F-213B-43B4-A3D4-E1ED8381BA95}] => (Allow) C:\hp\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.) FirewallRules: [{4E9E390A-7A96-41F7-9127-6EF619656965}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.) FirewallRules: [{0D9761CD-0169-4578-B3E6-736BAC59C8FD}] => (Allow) LPort=5357 FirewallRules: [{2A07FD8E-B0B4-47BB-B763-54AD1A45850E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.) FirewallRules: [{564622D6-EFCD-4A31-8147-AABBFCA84C5C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.) FirewallRules: [{A176FA92-F6E0-4ECB-9CEF-8AA7029D3CE9}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe (HP Inc. -> HP Inc.) FirewallRules: [{5874D179-93F1-44D1-82F4-FC0FDC824370}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe (HP Inc. -> HP Inc.) FirewallRules: [{2379F6F4-276E-4557-8EA5-71B8A35C5F8C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe (HP Inc. -> HP Inc.) FirewallRules: [{5E5050CB-4FA1-49EA-86E6-28FF56E6334F}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (NortonLifeLock Inc. -> Gen Digital Inc.) FirewallRules: [{344284A0-96F6-4AD3-8078-975AAA5FAD79}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (NortonLifeLock Inc. -> Gen Digital Inc.) FirewallRules: [{F31482EF-94D4-467E-8E63-ACBD5C267ED2}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E778D67C-B01D-41C1-877E-C02C39A78A6F}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9CCF7DAA-ADD7-439E-B992-7EFBA4F167A7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24348.802.3311.5092_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F293FA53-B782-4442-9F26-FA089613D6B9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24348.802.3311.5092_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6DDA5E5B-1C09-42B6-847A-0028B7CAC329}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{01FC6B04-84BD-4B98-96CE-80D2DEE928EF}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.) FirewallRules: [{C39A6EED-CABE-4408-86AB-C7DDC6E2F0E1}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{F5EB9E0B-D1CE-4AE3-AAF6-28DDED534E6B}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{744612EA-B1B4-43EA-B944-99527CE05FAE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{D87AC37E-507A-4D3D-BF00-268415265756}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.127\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{42C67AFA-B492-4ADF-B825-6DBB55C259A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{244EFEC5-267C-45AA-B982-C8835C16DF3B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{D8E0165B-60EC-4830-BF65-7E850E1C396D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{13E025EA-ACF4-4702-962B-543E7566C905}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{C98E5090-32D6-45B2-BFD5-2697CB94E603}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3D6B2440-71E6-411D-B4D0-FCE16983E851}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{61FB97EE-16F0-41D0-AC5E-66092E77E8C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{06A64DEF-8613-4D3D-9538-44C2BBE07BE8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{71B9DCA0-4F38-4285-886B-0E2636365F9B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{C580B5A5-E783-4067-9455-38026B739171}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.255.235.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{938746B9-85F8-4DC4-8714-8EFAE0FAD17B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{D930CE09-CEEF-48ED-9355-699B41B8B467}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{6204E273-CD21-4540-97AC-778DF01FAF8D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{8A4A7C6D-0BEE-49DA-AB16-43445E417A10}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{B912CBBF-E25F-4030-9D00-20F9B992883B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{C630363B-50EA-4E0D-93CE-B192AAD0DA5D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{6DA1E828-EAC8-4294-A12B-243CE215ADE6}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{BD608EEB-0A59-4736-9BEB-B8D7DBFD7C8F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{3AF6609B-1877-4523-9BA2-A82099C7890E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{509B01FC-F74D-46AC-AB59-B9D27839BFE9}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{0A7CF709-D1AE-4826-AC7F-47410FF0A6EC}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{9CBDBC97-E7B0-4FB4-8B3E-CAAE0F7FC2C5}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{2B53F0CB-4F13-4B46-AE71-7A2496E4B5CA}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{C648E5A7-97B5-467D-B010-FCC7D9AAE6AD}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{391D7D9B-879C-47B8-B8A8-B69E960E6DB3}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) FirewallRules: [{769B2687-80C7-4537-B65D-4C07C36D490F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2412.10.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) ==================== Restore Points ========================= 14-01-2025 21:40:11 Windows Update 21-01-2025 23:51:12 Windows Update 25-01-2025 14:27:40 Windows Update ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/25/2025 04:25:29 PM) (Source: Universal Print) (EventID: 1) (User: ) Description: Failed to GetUserSid. hr: 0x8001012d Error: (01/25/2025 04:15:09 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (01/23/2025 04:06:16 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program WhatsApp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (01/21/2025 06:09:19 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program GameBar.exe version 7.224.11211.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (01/19/2025 06:58:54 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program WhatsApp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (01/17/2025 03:15:01 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program GameBar.exe version 7.224.11211.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (01/17/2025 12:04:40 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program WhatsApp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Error: (01/16/2025 06:29:41 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY) Description: The program GameBar.exe version 7.224.11211.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. System errors: ============= Error: (01/26/2025 03:13:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error (0x80073d02 = The package could not be installed because resources it modifies are currently in use.): 9NKSQGP7F2NH-5319275A.WhatsAppDesktop. Error: (01/26/2025 03:12:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error (0x80073d02 = The package could not be installed because resources it modifies are currently in use.): 9MV0B5HZVK9Z-Microsoft.GamingApp. Error: (01/26/2025 02:04:32 PM) (Source: DCOM) (EventID: 10010) (User: JSBUTLER) Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout. Error: (01/26/2025 02:02:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP App Helper HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (01/26/2025 02:02:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Content Protection HDCP Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/26/2025 02:02:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Print Scan Doctor Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (01/26/2025 02:02:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Network HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (01/26/2025 02:02:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. CodeIntegrity: =============== Date: 2025-01-27 01:32:51 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: AMI F.12 08/20/2024 Motherboard: HP 8BB6 Processor: 13th Gen Intel(R) Core(TM) i5-1335U Percentage of memory in use: 84% Total physical RAM: 7835.77 MB Available physical RAM: 1232.5 MB Total Virtual: 18075.77 MB Available Virtual: 5997 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:952.76 GB) (Free:847.84 GB) (Model: KBG50ZNV1T02 KIOXIA) (Protected) NTFS \\?\Volume{994eee51-0165-425b-8119-3a259bf0c013}\ () (Fixed) (Total:0.83 GB) (Free:0.13 GB) NTFS \\?\Volume{b2e87d70-af6f-48f7-8d7e-1ca40a586214}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 953.9 GB) (Disk ID: A92846E0) Partition: GPT. ==================== End of Addition.txt =======================