Hello . need your help please, last few weeks I have observed slow start up, and even slower opening any application. even hovering on the start window it will take a couple of seconds to see any action.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2025
Ran by ricar (administrator) on LACTOC-RCV (HP HP Pavilion Laptop 15-cu0xxx) (30-05-2025 18:37:13)
Running from C:\Users\ricar\OneDrive\Desktop\FRST64.exe
Loaded Profiles: ricar
Platform: Microsoft Windows 11 Home Version 24H2 26100.4061 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: "C:\Users\ricar\AppData\Local\Programs\Opera\opera.exe" -noautoupdate -- "%1"
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\VMware\Endpoint Telemetry Service\vmwetlm.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\Endpoint Telemetry Service\vmwetlmu.exe
(CANON INC. -> CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(cmd.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\igfxEM.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corp.) C:\Users\ricar\AppData\Local\Temp\bwp91ef6e20-f50d-48c3-857a-3902cf2dbc07\UnInstDaemon.exe
(explorer.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\backup\7E997F48-4AD0-4F45-B14F-CEB08C1B047F\OfficeC2RClient.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Conexant Systems LLC -> Conexant Systems LLC.) C:\Windows\System32\CxAudioSvc.exe
(services.exe ->) (Conexant Systems LLC -> Synaptics Incorporated.) C:\Windows\System32\SynAudSrv.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (FabulaTech LLP -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(services.exe ->) (FabulaTech LLP -> ) C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe
(services.exe ->) (FabulaTech, LLP -> VMware) C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\EUCUSB\vmware-eucusbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files\Common Files\VMware\KSM Notifier\ksmNotifier.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\Endpoint Telemetry Service\vmwetlm.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(services.exe ->) (WildTangent, Inc. -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\ZoomVDIPluginManagement\Support\CptService.exe
(sihost.exe ->) (63DBE16F-F2A6-4DBC-BF53-83848FED6966 -> ) C:\Program Files\WindowsApps\1258EllAbi.MoveMouse_4.18.5.0_x64__hjfwaxvfbwh7t\Source\Move Mouse.exe
(svchost.exe ->) (HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftTeams_25124.201.3625.2942_x64__8wekyb3d8bbwe\msteamsupdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-28] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [459904 2018-01-30] (CANON INC. -> CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1906808 2018-06-20] (CANON INC. -> CANON INC.)
HKLM-x32\...\Run: [Duet Display] => C:\Program Files\Kairos\Duet Display\DuetLaunch.exe [506336 2022-03-09] (Duet, Inc. -> Duet Inc.)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-20] (Valve -> Valve Corporation)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2202904 2024-08-06] (Wargaming Group Limited -> Wargaming.net)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Run: [Snap Camera] => C:\Program Files\Snap Inc\Snap Camera\Snap Camera.exe [65508216 2022-07-26] (Snap Inc. -> Snap Inc)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Run: [Opera Browser Assistant] => C:\Users\ricar\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4048800 2024-06-12] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Run: [Opera Stable] => C:\Users\ricar\AppData\Local\Programs\Opera\opera.exe [2070936 2025-05-27] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Run: [MicrosoftEdgeAutoLaunch_72B8A25672341A2EA0566F05DF289D81] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141096 2025-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [10033464 2024-11-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Run: [BingWallpaperDaemon] => C:\Users\ricar\AppData\Local\Temp\bwp91ef6e20-f50d-48c3-857a-3902cf2dbc07\UnInstDaemon.exe [55328 2025-05-27] (Microsoft Corporation -> Microsoft Corp.) <==== ATTENTION
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [884736 2025-03-28] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\WINDOWS\system32\CNCENPM6.dll [153088 2018-01-29] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\WINDOWS\system32\CNAS0MOK.DLL [1282048 2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\136.0.7103.114\Installer\chrmstp.exe [2025-05-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\ricar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cricut Taskbar Application.lnk [2019-09-29]
ShortcutTarget: Cricut Taskbar Application.lnk -> C:\Users\ricar\AppData\Roaming\Cricut Design Space\Web\taskbar-application-win32\Release\CricutTaskbarApplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
Startup: C:\Users\ricar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-03-25]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cricut Taskbar Application.lnk [2019-05-13]
ShortcutTarget: Cricut Taskbar Application.lnk -> C:\Users\ricar\AppData\Roaming\Cricut Design Space\Web\taskbar-application-win32\Release\CricutTaskbarApplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {D4F8FD3A-9144-49E5-88D7-2D2CF01228CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {80AFA4DC-C33D-47FA-93E8-5074EE378CA4} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1826800 2018-05-30] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {3531A00F-F22F-4D34-A3AF-F3DBBB90AA8D} - System32\Tasks\Duet Updater => C:\Program Files\Kairos\Duet Display\duet.exe [7824360 2023-01-18] (Duet, Inc. -> Duet, Inc.)
Task: {19C9AA4F-2B17-4A58-922A-880AC404FD85} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7194.0{FB64400C-7A14-4D4D-8D61-09606CB09906} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe [7080032 2025-05-22] (Google LLC -> Google LLC)
Task: {5C5BD3A0-D547-4FFE-8DD3-1E9A5D2DF0D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1004040 2025-04-22] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {9478C225-E129-4CC6-A6AC-8A6C6F5995C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [479984 2025-04-22] (HP Inc. -> HP Inc.)
Task: {3D2FCABE-471C-4593-BCCE-8798A625B5B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1173512 2025-04-22] (HP Inc. -> HP Inc.)
Task: {C5AA46CF-A118-483E-B589-731EB45A8CEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1173512 2025-04-22] (HP Inc. -> HP Inc.)
Task: {CBFA8360-3725-4DE1-8D5D-A480FFDEBEBC} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1359728 2017-10-25] (HP Inc. -> HP Development Company, L.P.)
Task: {64034224-3034-4394-99BC-1D71176C4D84} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [79312 2025-05-07] (HP Inc. -> HP Inc.)
Task: {E3BF7C57-F3C6-4671-8D34-49A8165BB901} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [79312 2025-05-07] (HP Inc. -> HP Inc.)
Task: {620FF9D2-AC3F-4D80-8180-B4285626AFBC} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {D7C3D816-C061-4474-83B7-BBFB67C53673} - System32\Tasks\HPEA3JOBS => C:\Program -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {DC8DD75B-7933-4FC5-BE88-902B2008F1D1} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {D5BC6F5D-7A29-4126-B654-61ECFE1B931B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955376 2025-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF2519F3-07D3-4420-8E62-153F149BB40A} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68312 2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9659D36-4D7F-4A95-8FAD-D96E93CB8402} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955376 2025-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3FCBC9C-B817-4B34-A512-85BF51766EFE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {870D5403-C9F6-4728-ABF9-8F0DC6DB9279} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {A16313FB-C5C4-45CC-B9BB-AD66B153E585} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [225992 2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2B3800F-12BC-4493-AE5B-89C835633466} - System32\Tasks\Microsoft\Office\Office Startup Boost => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3D430EC-1F75-47BD-B612-DA19A4D32358} - System32\Tasks\Microsoft\Office\Office Startup Boost Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {D8AB2C48-CFA0-497C-B472-08585E626B79} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {50C92126-FADD-4598-9854-7E674C26475F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {29CF35E9-EC56-4F30-B0B8-8175D8DCB887} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {071A0CAF-202C-479A-842A-14246E469140} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {9A3F9425-9E03-4D9B-839E-271ECC565A59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {221ABC1E-4C14-4BAF-AC8A-A696346541D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66760535-5574-4BBF-BC11-C0D1A0EC6C9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5AB31578-DDD9-4940-B823-F9577E6428BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {50BEF55A-F231-475B-9BE1-42A18A71F96B} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\InitialConfiguration => {709FD5EF-7296-4154-BD3A-E9830FCFA60A} C:\WINDOWS\system32\ShellConfigTask.dll [274432 2025-04-28] (Microsoft Windows -> Microsoft Corporation)
Task: {528E440D-BCA3-4FF2-A88B-CC0FC0961E7F} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration => {0BE6820D-B667-4CB6-931B-C153A77DA895} C:\WINDOWS\system32\ShellConfigTask.dll [274432 2025-04-28] (Microsoft Windows -> Microsoft Corporation)
Task: {FD7D1BD8-37E1-4D9D-A58C-A6E103601C61} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-06-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {5B27B677-5CAA-4356-A957-AA2283DD6CEC} - System32\Tasks\OneDrive Startup Task-S-1-5-21-4202225435-4057633202-806399604-1001 => C:\Users\ricar\AppData\Local\Microsoft\OneDrive\25.080.0427.0003\OneDriveLauncher.exe [679728 2025-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {772A3814-683B-4827-B392-01B3D2153C26} - System32\Tasks\Opera scheduled assistant Autoupdate 1576845999 => C:\Users\ricar\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\ricar\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {1E1FE3B2-E487-41CC-9437-4416CAE59AB0} - System32\Tasks\Opera scheduled Autoupdate 1548635394 => C:\Users\ricar\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [6071704 2025-05-20] (Opera Norway AS -> Opera Software)
Task: {7663E223-3AFE-47AC-A642-4658EC70C31A} - System32\Tasks\Opera scheduled Autoupdate 1746223548 => C:\Users\TEMP\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) <==== ATTENTION
Task: {5599B30B-E06C-466F-AE3D-397D6F87158E} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\system32\RtkAudUService64.exe [792416 2018-09-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 view-localhost # view localhost server
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{414d01d3-51b5-470f-98d5-4c5aef27b64a}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\ricar\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-29]
Edge Extension: (Microsoft Bing Quick Search) - C:\Users\ricar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ekccfocemkpmljfcnhhlinkeafbeocco [2023-09-25]
Edge Extension: (Google Docs Offline) - C:\Users\ricar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-31]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\ricar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-05-29]
Edge Extension: (Edge relevant text changes) - C:\Users\ricar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]
Edge Extension: (Capital One Shopping: Save Now) - C:\Users\ricar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2025-05-29]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 0o9ibnvg.default-1570334921832
FF ProfilePath: C:\Users\ricar\AppData\Roaming\Mozilla\Firefox\Profiles\0o9ibnvg.default-1570334921832 [2025-05-29]
FF Homepage: Mozilla\Firefox\Profiles\0o9ibnvg.default-1570334921832 -> hxxps://www.bing.com/?pc=W093
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\ricar\AppData\Roaming\Mozilla\Firefox\Profiles\0o9ibnvg.default-1570334921832\Extensions\[email protected] [2021-06-01]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\ricar\AppData\Roaming\Mozilla\Firefox\Profiles\0o9ibnvg.default-1570334921832\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-06-02]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default [2025-05-30]
CHR HomePage: Default -> bing.com
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?EID=BHSTT&FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2025-05-30]
CHR Extension: (Slate) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhmcmgkegfffbbfobhjpdbimgmoohap [2021-03-23]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-05-30]
CHR Extension: (Google Docs Offline) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-30]
CHR Extension: (Save to Pinterest) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-12-03]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-05-30]
CHR Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2025-05-30]
CHR Extension: (Bing Homepage, Search & Trending Topics) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2024-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ricar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-10]
CHR HKU\S-1-5-21-4202225435-4057633202-806399604-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-4202225435-4057633202-806399604-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR DefaultProfile: Default
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13724376 2025-05-28] (Microsoft Corporation -> Microsoft Corporation)
R2 client_service; C:\Program Files\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [632752 2024-10-24] (VMware, Inc. -> VMware, Inc.)
S3 DuetUpdater; C:\Program Files\Kairos\Duet Display\DuetUpdater.exe [11128296 2023-01-18] (Duet, Inc. -> Kairos)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [484688 2024-05-27] (FabulaTech LLP -> )
R2 ftscanmgrhv; C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe [304456 2024-10-15] (FabulaTech LLP -> )
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322632 2017-12-13] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [889976 2025-03-20] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [888952 2025-03-20] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [885368 2025-03-20] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-05-07] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1075744 2017-10-12] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [889464 2025-03-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 ksmNotifier; C:\Program Files\Common Files\VMware\KSM Notifier\ksmNotifier.exe [945600 2024-07-10] (VMware, Inc. -> VMware, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9440168 2025-05-29] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-08] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-09-14] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-09-14] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 VMEUCUSBArbService; C:\Program Files (x86)\Common Files\VMware\EUCUSB\vmware-eucusbarbitrator64.exe [998832 2024-10-24] (VMware, Inc. -> VMware, Inc.)
R2 vmwetlm; C:\Program Files\VMware\Endpoint Telemetry Service\vmwetlm.exe [7669264 2024-09-23] (VMware, Inc. -> VMware, Inc.)
S3 VMWOSQEXT; C:\Program Files\VMware\Endpoint Telemetry Service\vmwosqext.exe [2506168 2024-09-23] (VMware, Inc. -> VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [803400 2023-04-04] (FabulaTech, LLP -> VMware)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1685312 2023-02-09] (WildTangent, Inc. -> )
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\ricar\AppData\Roaming\Zoom"
R2 ZoomCptServiceForVDIPluginMgmt; "C:\Program Files\Common Files\ZoomVDIPluginManagement\Support\CptService.exe" -user_path "C:\Users\Default\AppData\Roaming\ZoomVDIPluginManagement"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [573440 2024-12-30] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [204800 2024-12-30] (Microsoft Corporation) [File not signed]
R3 duetbus; C:\WINDOWS\System32\DriverStore\FileRepository\duetbus.inf_amd64_66e44262fc0dd065\duetbus.sys [41736 2020-11-17] (Duet, Inc. -> Duet, Inc.)
S3 DuetWPDFilter; C:\WINDOWS\System32\drivers\DuetWPDFilter.sys [21992 2021-02-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 euchcmon; C:\WINDOWS\system32\DRIVERS\euchcmon.sys [72232 2024-04-24] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-01] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [242752 2025-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 SnapCameraVirtualDevice; C:\WINDOWS\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2020-10-13] (Snap Inc. -> Windows ® Win 7 DDK provider)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-03-28] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R1 vmwkpsm; C:\WINDOWS\system32\DRIVERS\vmwkpsm.sys [69072 2024-07-10] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 vmwprotect; C:\WINDOWS\system32\DRIVERS\vmwprotect.sys [177160 2024-10-24] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [19984 2025-05-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606568 2025-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
R3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_1f9e32519098c0b6\WSDPrint.sys [57344 2024-12-30] (Microsoft Windows -> Microsoft Corporation)
S3 WSDScan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_971c769b103df369\WSDScan.sys [61440 2024-12-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-05-30 18:37 - 2025-05-30 18:40 - 000038497 _____ C:\Users\ricar\OneDrive\Desktop\FRST.txt
2025-05-30 18:37 - 2025-05-30 18:37 - 000000000 ____D C:\Users\ricar\OneDrive\Desktop\FRST-OlderVersion
2025-05-30 18:36 - 2025-05-30 18:39 - 000000000 ____D C:\FRST
2025-05-30 08:37 - 2025-05-30 08:37 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-05-30 08:31 - 2025-05-30 18:37 - 002405888 _____ (Farbar) C:\Users\ricar\OneDrive\Desktop\FRST64.exe
2025-05-29 08:23 - 2025-05-29 08:29 - 000000000 ____D C:\Users\ricar\AppData\LocalLow\IGDump
2025-05-29 08:06 - 2025-05-29 08:06 - 000827900 _____ C:\WINDOWS\system32\perfh00A.dat
2025-05-29 08:06 - 2025-05-29 08:06 - 000181512 _____ C:\WINDOWS\system32\perfc00A.dat
2025-05-13 21:36 - 2025-05-30 10:05 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-05-02 18:06 - 2025-05-02 18:06 - 000004174 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1746223548
2025-05-01 09:21 - 2025-05-01 09:21 - 000000790 _____ C:\Users\ricar\Downloads\event (3).ics
2025-05-01 09:19 - 2025-05-01 09:19 - 000000790 _____ C:\Users\ricar\Downloads\event (2).ics
2025-05-01 09:19 - 2025-05-01 09:19 - 000000790 _____ C:\Users\ricar\Downloads\event (1).ics
2025-05-01 09:18 - 2025-05-01 09:18 - 000000790 _____ C:\Users\ricar\Downloads\event.ics
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-12-00 45160:360 - 2017-10-28 02:50 - 000004664 ____R C:\WINDOWS\system32\Drivers\CxSfPt.DAT
2025-05-30 18:42 - 2023-05-08 15:42 - 000000000 ____D C:\Users\ricar\AppData\Local\Malwarebytes
2025-05-30 16:43 - 2024-04-01 03:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-30 08:39 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-05-30 08:39 - 2018-12-20 00:27 - 000000000 ____D C:\Users\ricar\AppData\Local\Packages
2025-05-30 08:38 - 2024-04-01 03:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-30 08:38 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-05-30 08:38 - 2018-12-26 10:12 - 000000000 ____D C:\Users\ricar\AppData\Roaming\VMware
2025-05-30 08:37 - 2020-05-04 00:35 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-30 08:34 - 2023-02-14 10:29 - 000032976 _____ C:\ProgramData\vmware-view.profile
2025-05-30 08:33 - 2018-12-20 12:43 - 000000000 ____D C:\Program Files\Microsoft Office
2025-05-30 08:05 - 2018-12-20 00:27 - 000000000 __SHD C:\Users\ricar\IntelGraphicsProfiles
2025-05-29 16:29 - 2024-12-30 11:57 - 000000000 ____D C:\Users\ricar
2025-05-29 16:18 - 2019-02-01 09:08 - 000000000 ____D C:\Users\ricar\AppData\Local\D3DSCache
2025-05-29 11:54 - 2024-02-10 11:40 - 000242752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2025-05-29 11:54 - 2018-12-11 02:17 - 000000000 ____D C:\ProgramData\Packages
2025-05-29 08:43 - 2024-12-30 14:10 - 000004088 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-05-29 08:42 - 2024-12-30 14:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-05-29 08:42 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\ServiceState
2025-05-29 08:41 - 2024-12-30 14:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-05-29 08:41 - 2020-11-04 19:19 - 000012288 ___SH C:\DumpStack.log.tmp
2025-05-29 08:06 - 2024-12-30 14:08 - 001931122 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-05-29 08:06 - 2024-04-01 03:24 - 000000000 ____D C:\WINDOWS\INF
2025-05-27 16:48 - 2024-12-30 14:16 - 000004236 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1548635394
2025-05-27 16:47 - 2019-01-27 20:29 - 000001393 _____ C:\Users\ricar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2025-05-27 16:38 - 2025-01-21 14:34 - 000003570 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-4202225435-4057633202-806399604-1001
2025-05-27 16:38 - 2024-12-30 14:16 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4202225435-4057633202-806399604-1001
2025-05-27 16:38 - 2024-12-30 14:16 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4202225435-4057633202-806399604-1001
2025-05-27 16:38 - 2020-11-04 12:03 - 000002386 _____ C:\Users\ricar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-27 16:23 - 2024-12-30 14:16 - 000004156 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A20C7CC9-C2DA-4F04-B984-86B6044368EA}
2025-05-19 07:08 - 2024-12-30 14:16 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-19 07:08 - 2024-12-30 14:16 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-16 07:56 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-05-16 07:45 - 2018-04-28 02:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-05-16 07:25 - 2020-09-02 09:13 - 000000000 ____D C:\Users\ricar\AppData\Local\CrashDumps
2025-05-16 07:24 - 2018-12-20 01:35 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-05-13 23:36 - 2024-04-01 03:21 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-05-13 23:33 - 2024-12-30 14:05 - 000506128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-05-13 23:29 - 2024-12-30 11:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2025-05-13 23:29 - 2024-12-30 11:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\es-MX
2025-05-13 23:29 - 2024-04-01 04:08 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\es-MX
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-05-13 23:29 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-05-13 21:06 - 2018-12-20 14:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-05-13 21:00 - 2018-12-20 14:07 - 214836568 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-05-12 08:41 - 2019-01-02 14:05 - 000000000 ____D C:\Users\ricar\AppData\Local\CEF
2025-05-07 07:24 - 2024-12-30 14:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2025-05-07 07:24 - 2023-07-18 07:18 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2025-05-02 18:01 - 2018-04-28 02:07 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-05-01 18:40 - 2018-12-20 13:57 - 000000000 ____D C:\Users\ricar\AppData\Roaming\Microsoft\Word
2025-05-01 18:38 - 2019-01-11 18:44 - 000000000 ____D C:\Users\ricar\AppData\Roaming\Microsoft\UProof
2025-05-01 13:18 - 2024-12-30 14:16 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-05-01 13:17 - 2023-11-24 01:25 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-04-30 17:25 - 2024-12-30 11:46 - 000000000 ____D C:\WINDOWS\InboxApps
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\UUS
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-30 17:25 - 2024-04-01 03:26 - 000000000 ____D C:\WINDOWS\Provisioning
==================== Files in the root of some directories ========
2019-02-01 09:09 - 2019-02-01 09:09 - 047227904 _____ () C:\Program Files (x86)\HR Block 2018.msi
2024-03-16 18:11 - 2024-03-16 18:11 - 000002811 _____ () C:\Users\ricar\AppData\Local\recently-used.xbel
2018-12-20 01:43 - 2024-10-23 08:25 - 000007602 _____ () C:\Users\ricar\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2025
Ran by ricar (30-05-2025 18:45:43)
Running from C:\Users\ricar\OneDrive\Desktop
Microsoft Windows 11 Home Version 24H2 26100.4061 (X64) (2024-12-30 18:17:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4202225435-4057633202-806399604-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4202225435-4057633202-806399604-503 - Limited - Disabled)
Guest (S-1-5-21-4202225435-4057633202-806399604-501 - Limited - Disabled)
ricar (S-1-5-21-4202225435-4057633202-806399604-1001 - Administrator - Enabled) => C:\Users\ricar
WDAGUtilityAccount (S-1-5-21-4202225435-4057633202-806399604-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader (HKLM\...\{98A3B156-22C4-4B5A-9590-77DBF094BC71}) (Version: 4.13.5.3950 - Open Media LLC)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20474 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader (HKLM\...\{AC76BA86-7AD7-0000-0000-BC17084FC500}) (Version: 23.008.20421 - Adobe Systems Incorporated)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 2.3.1 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 2.3.1.40020 - CANON INC.)
Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.9.0.0 - CANON INC.)
Canon MF642C/643C/644C (HKLM\...\{B76A8CBF-3617-4fa6-A76A-E566A1F5BA76}) (Version: 6.4.0.0 - CANON INC.)
Cricut Design Space (HKLM-x32\...\Cricut Design Space 4.0.97) (Version: 4.0.97 - Cricut, Inc.)
Cricut Design Space (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\{113DD42F-AE80-489B-8F15-FB8499306C48}) (Version: 8.17.70 - Cricut, Inc.)
Cricut Design Space (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Cricut Design Space 4.6.4) (Version: 4.6.4 - Cricut, Inc.)
Duet Display (HKLM\...\{2ECB0032-E63B-413A-822C-7169678B6A46}) (Version: 2.5.0.0 - Kairos) Hidden
Duet Display (HKLM\...\Duet Display 2.5.0.0) (Version: 2.5.0.0 - Kairos)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
GIMP 2.10.36-1 (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\GIMP-2_is1) (Version: 2.10.36 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 136.0.7103.114 - Google LLC)
H&R Block Deluxe + Efile 2018 (HKLM-x32\...\{A4111BAC-600D-458C-B98E-8E82D22BDABD}) (Version: 18.04.8301 - HRB Technology, LLC.)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.11.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{10F0BF3E-DBDB-422A-8C12-B4D46711D7C8}) (Version: 2.22.2 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{16311D0B-D57C-46F8-AE64-9D4D44227271}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{4C246A91-6BAE-450E-BDEA-70D01663DF43}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{78525DEA-1E62-429B-9CA4-A78F899A9F29}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{B2CFD444-5088-4ECC-A1F1-28620C082C36}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{3D00C669-D447-4A04-AFDA-25E9E76E7873}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{59649835-21FD-4523-9AB0-9E67ED77F0CA}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{1DD659FE-014E-43E0-B848-0C4C89AD124E}) (Version: 1.6.8.0 - HP Inc.)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1511 - HP) Hidden
HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.0.0- - Inkscape)
Intel® Chipset Device Software (HKLM\...\{7FB35D08-C75C-4A18-B593-1D7C3E8970AD}) (Version: 10.1.1.45 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10208.5644 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{90291EBF-187A-4C7E-A9AD-DCCB6C946536}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{FBDA24D3-1A19-4D75-B3F1-F2A1FB6B61BF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{8DEA4234-C97D-41BE-B2BC-313A196BCD09}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.1.1020 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{82B8C0DF-94E9-4E42-B132-47F13CD5EE3C}) (Version: 15.9.1.1020 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000060-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{EF71AFFB-85B5-407C-A301-39EA25F98313}) (Version: 20.90.0.2270 - Intel Corporation) Hidden
Malwarebytes version 5.3.0.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.3.0.186 - Malwarebytes)
Mazda Toolbox (HKLM-x32\...\Mazda Toolbox) (Version: - )
Microsoft .NET Host - 6.0.32 (x64) (HKLM\...\{A09F8381-88C3-44C4-9DAB-AC44F4F4DB4B}) (Version: 48.128.16743 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.10 (x64) (HKLM\...\{3A80EBC5-6B68-49B9-BEBD-E1A6C966B416}) (Version: 64.40.21578 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.32 (x64) (HKLM\...\{667CB653-70E1-4E2B-9C8E-6A02A6CF88B9}) (Version: 48.128.16743 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.10 (x64) (HKLM\...\{062CD1ED-0A3C-483C-A871-50173240C545}) (Version: 64.40.21578 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.32 (x64) (HKLM\...\{3FDCF0A2-7C1F-41C7-9749-0D91EC216AED}) (Version: 48.128.16743 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.10 (x64) (HKLM\...\{15B7D0C2-F209-4C28-AF1C-FD8326F4D58A}) (Version: 64.40.21578 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 137.0.3296.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.92 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.18827.20128 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\OneDriveSetup.exe) (Version: 25.080.0427.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{BD2E4F7B-30B0-46A7-8E5C-D99D21C52336}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{200969CA-4114-4553-832D-4286C5ACBB98}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.32 (x64) (HKLM\...\{885F1CFB-4EAC-4C60-97B8-394BD65ED91E}) (Version: 48.128.16742 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.32 (x64) (HKLM-x32\...\{1bb295e8-8251-4404-96f1-c437da87fce0}) (Version: 6.0.32.33814 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.10 (x64) (HKLM\...\{614C9740-3FD4-4788-A277-7C35CB4C323B}) (Version: 64.40.21605 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.10 (x64) (HKLM-x32\...\{d990096d-6282-42c5-8d16-71272c5be274}) (Version: 8.0.10.34118 - Microsoft Corporation)
Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20128 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 119.0.5497.40 (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Opera 119.0.5497.40) (Version: 119.0.5497.40 - Opera Software)
Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.179 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Samsung DeX (HKLM-x32\...\{0E0BC66E-28B5-41F9-8D62-B952473F0577}) (Version: 2.4.1.27 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{16f6962b-c45d-4bde-bd39-c414955ca303}) (Version: 2.4.1.27 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.58.0 - Samsung Electronics Co., Ltd.)
SfxArgPassing (HKLM-x32\...\{de9a42e3-462c-4ee8-a403-4db3de1fad42}) (Version: 1.0.0.0 - Intel) Hidden
Snap Camera 1.20.0 (HKLM-x32\...\{024A6CF5-627D-497F-980B-B9A6EC5C40AF}_is1) (Version: 1.20.0 - Snap Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.7.0.0 - CANON INC.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VMware Horizon Client (HKLM\...\{2C6CF904-EDCA-420C-A755-6F16B557D23E}) (Version: 8.13.1.16218 - VMware, Inc.) Hidden
VMware Horizon Client (HKLM-x32\...\{154c64ca-1389-4031-b04a-4b6300b664ab}) (Version: 8.13.1.16218 - VMware, Inc.)
VMware Horizon HTML5 Multimedia Redirection Client (HKLM\...\{DCE04604-7384-4494-9302-97A9EB50ADF6}) (Version: 8.13.1 - VMware, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\Wargaming.net Game Center) (Version: 24.3.0.6203 - Wargaming.net)
WhatsApp (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\WhatsApp) (Version: 0.3.1847 - WhatsApp)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.46 - WildTangent)
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 5.0.0.331 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.59 - WildTangent) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
World_of_Warships (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\1527964767) (Version: - Wargaming.net)
Zoom (HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\ZoomUMX) (Version: 5.14.11 (17466) - Zoom Video Communications, Inc.)
Zoom VDI Plugin Management(64bit) (HKLM\...\{7E8D37F1-36E8-4301-8EC8-599080BAB758}) (Version: 6.2.25670 - Zoom Communications, Inc.)
Zoom VDI Universal Plugin(64bit) (HKLM\...\{3877D3EA-5790-47E7-9CCE-FC23A2177957}) (Version: 6.2.25670 - Zoom Communications, Inc.)
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3624.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3912.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
@{MicrosoftWindows.Client.CoreAI_1000.26100.3912.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CoreAI/AIXHost/ClickToDo/AppDisplayName} -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-02-03] ()
Adobe Express -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeCreativeCloudExpress_2.1.1.0_neutral__ynb6jyjzte8ga [2024-10-28] (Adobe Inc.)
Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2018-12-26] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-10-15] (Amazon.com)
Architectural Structures PREMIUM -> C:\Program Files\WindowsApps\Microsoft.ArchitecturalStructuresPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2020-05-09] (Microsoft Corporation)
Beauty of Britain 2 by Sean Byrne -> C:\Program Files\WindowsApps\Microsoft.BeautyofBritain2bySeanByrne_1.0.0.0_neutral__8wekyb3d8bbwe [2019-12-15] (Microsoft Corporation)
Bing Wallpaper -> C:\Program Files\WindowsApps\Microsoft.BingWallpaper_1.1.410.0_x86__8wekyb3d8bbwe [2025-05-27] (Microsoft Corporation) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_4.12.0.0_x64__kgqvnymyfvs32 [2025-05-23] (king.com)
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2024-12-12] (Canon Inc.)
City Lights by Talha Tariq -> C:\Program Files\WindowsApps\Microsoft.CityLightsbyTalhaTariq_1.0.0.0_neutral__8wekyb3d8bbwe [2022-01-28] (Microsoft Corporation)
Click to Do (preview) -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
Community Showcase Cityscapes -> C:\Program Files\WindowsApps\Microsoft.CommunityShowcaseCityscapes_1.0.0.0_neutral__8wekyb3d8bbwe [2018-12-20] (Microsoft Corporation)
Community Showcase Cityscapes 2 -> C:\Program Files\WindowsApps\Microsoft.CommunityShowcaseCityscapes2_1.0.0.0_neutral__8wekyb3d8bbwe [2022-06-03] (Microsoft Corporation)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-10-28] (Disney)
ELAN Touchpad Setting -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2024-12-23] (ELAN Microelectronics Corporation)
German Landscapes by Mathias Rehberg -> C:\Program Files\WindowsApps\Microsoft.GermanLandscapesbyMathiasRehberg_1.0.0.0_neutral__8wekyb3d8bbwe [2020-05-09] (Microsoft Corporation)
HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.1.134.0_x64__dt26b99r8h8gj [2024-12-26] (Realtek Semiconductor Corp)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2018-12-11] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_159.1.1144.0_x64__v10z8vjag6ke6 [2025-05-07] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.44.18.0_x64__v10z8vjag6ke6 [2025-05-07] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1042.0_x64__8j3eq9eme6ctt [2025-05-16] (INTEL CORP)
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2025-05-29] ()
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_55.20331.573.0_x64__8wekyb3d8bbwe [2025-04-21] (Microsoft Corporation)
Microsoft.Edge.GameAssist -> C:\Program Files\WindowsApps\Microsoft.Edge.GameAssist_1.0.3336.0_x64__8wekyb3d8bbwe [2025-05-30] (Microsoft Corporation)
Move Mouse -> C:\Program Files\WindowsApps\1258EllAbi.MoveMouse_4.18.5.0_x64__hjfwaxvfbwh7t [2025-01-02] (ellabi) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-10-28] (Netflix, Inc.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-05-30] ()
Panoramic Cityscapes PREMIUM -> C:\Program Files\WindowsApps\Microsoft.PanoramicCityscapesPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2022-06-03] (Microsoft Corporation)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-08-18] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-08-18] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.25.0_x64__nfy108tqq3p12 [2024-12-11] (Thumbmunkeys Ltd)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2024-09-09] (Plex)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-26] (CYBERLINKCOM CORP)
Scenic Europe 1 by Ingo Scholtes -> C:\Program Files\WindowsApps\Microsoft.ScenicEurope1byIngoScholtes_1.0.0.0_neutral__8wekyb3d8bbwe [2019-12-15] (Microsoft Corporation)
Scenic Europe 2 by Ingo Scholtes -> C:\Program Files\WindowsApps\Microsoft.ScenicEurope2byIngoScholtes_1.0.0.0_neutral__8wekyb3d8bbwe [2019-12-15] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.5.25.0_x64__kx24dqmazqk8j [2025-02-25] (Random Salad Games LLC)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.150.3125.0_x64__kzf8qxf38zg5c [2025-05-06] (Skype)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.18.194.0_x64__43tkc6nmykmb6 [2024-12-11] (Ookla)
Stunning Cityscapes -> C:\Program Files\WindowsApps\Microsoft.StunningCityscapes_1.0.0.0_neutral__8wekyb3d8bbwe [2018-12-20] (Microsoft Corporation)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2024-12-23] (WildTangent Games)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-22] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_7000.456.1632.0_x64__8wekyb3d8bbwe [2025-04-10] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4202225435-4057633202-806399604-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4202225435-4057633202-806399604-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\igfxDTCM.dll [2020-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2024-06-10 20:04 - 2024-06-10 20:04 - 013525504 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avcodec-58.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 002586112 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avformat-58.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avutil-56.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000135680 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\brotlicommon.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000041984 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\brotlidec.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000056320 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\bz2.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 001130496 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\cairo.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000222208 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\fontconfig.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000009728 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libcharset.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000117248 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libexpat.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000918016 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libiconv.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000164864 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libpng16.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000152576 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swresample-3.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000611328 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swscale-5.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000074752 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\zlib1.dll
2025-05-19 08:46 - 2025-05-19 08:46 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\7a163faf3fca1b4f98abc84066bb5466\BRIDGECommon.ni.dll
2025-05-06 08:11 - 2025-05-06 08:11 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\228cb3bfc9b19ad057a9c9d4248b0f3e\BridgeExtension.ni.dll
2025-05-06 08:11 - 2025-05-06 08:11 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\dc8c108a5946e6aea50b17e045c39ac8\CleanStartController.ni.dll
2025-05-06 08:31 - 2025-05-06 08:31 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\3b38289e98692f75f323790bcbffbc58\Interop.IWshRuntimeLibrary.ni.dll
2025-05-06 08:11 - 2025-05-06 08:11 - 000079872 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\2ab0d3e75dca1f77aafff6dc7a07d900\NativeInterop.ni.dll
2025-05-06 08:11 - 2025-05-06 08:11 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\90055fbce07e699625354fab5fad4929\RegistrationUtilities.ni.dll
2019-12-10 00:39 - 2018-06-19 15:40 - 000002560 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask_EN.dll
2019-12-10 00:38 - 2018-01-29 15:28 - 000005120 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6_en-US.DLL
2019-12-10 00:35 - 2018-01-29 15:26 - 000153088 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCENPM6.dll
2025-05-06 08:31 - 2025-05-06 08:31 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\66e5e252462746e101ad77492934eb66\Hardcodet.Wpf.TaskbarNotification.ni.dll
2025-05-06 08:11 - 2025-05-06 08:11 - 000136704 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\7c13a3a5f87d941ed07e2beaf018072b\CommonPortable.ni.dll
2025-05-06 08:31 - 2025-05-06 08:31 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\685ab8e73bf3ba8ce051ca964ce3def4\NAudio.ni.dll
2020-04-20 07:52 - 2020-04-20 07:52 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-20 07:52 - 2020-04-20 07:52 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-05-05 08:13 - 2025-05-05 08:13 - 002305536 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\cb155b05455de672410fccfb83d962b8\Newtonsoft.Json.ni.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000055808 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\pthreadVC2.dll
2024-11-25 23:41 - 2024-11-25 23:41 - 004467200 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\NativeSamsungDexFramework.dll
2024-11-25 23:41 - 2024-11-25 23:41 - 002863104 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SCommon.dll
2024-11-25 23:40 - 2024-11-25 23:40 - 006677504 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SLocales.dll
2025-05-06 08:31 - 2025-05-06 08:31 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\a4b210a4584964d32c47f7ffbaa990dd\log4net.ni.dll
2024-06-10 20:04 - 2024-06-10 20:04 - 000539136 _____ (The FreeType Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\freetype.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {1DA2F979-0E9A-46CC-905F-444B774E9287} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {1DA2F979-0E9A-46CC-905F-444B774E9287} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4202225435-4057633202-806399604-1001 -> {1DA2F979-0E9A-46CC-905F-444B774E9287} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2025-04-22] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2025-04-22] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-30] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 19:38 - 2018-12-26 10:12 - 000000876 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 view-localhost # view localhost server
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ricar\AppData\Local\Packages\Microsoft.BingWallpaper_8wekyb3d8bbwe\LocalState\images\Bing\20250528_OBGA.AdobeStock_131713381_bing.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Intel® Dual Band Wireless-AC 3168 -> Netwtw04.sys
Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Cricut Taskbar Application.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "Duet Display"
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\StartupApproved\StartupFolder: => "Cricut Taskbar Application.lnk"
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_72B8A25672341A2EA0566F05DF289D81"
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\StartupApproved\Run: => "Opera Stable"
HKU\S-1-5-21-4202225435-4057633202-806399604-1001\...\StartupApproved\Run: => "Snap Camera"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9F7AEC8D-A035-44D6-AF0B-C6152CDA3719}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{13CF4573-20A1-4975-82E6-384EEA75D499}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{ACAD2D55-9AA0-4264-AACA-180BD1A14DE4}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{CF7BA644-A3A6-434C-AF8C-6014E02A3CED}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{902C5C13-30B5-4292-9280-FCAE34641CB1}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{43D9C1F3-34D0-4A47-A951-8920D231D130}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{500D5D54-48E3-4699-A97F-CD2D02B10178}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{B4970C19-F93D-4FC5-85FE-084BF59ACA03}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{F7B520E8-C48C-41AB-88EC-890D6AF325EA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E529497-A6F4-494E-87C9-57FEE2BB0CA4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A911FA1-923E-4029-AABE-1222751E298A}C:\program files (x86)\zoomvdiuniversalplugin\zoom.exe] => (Allow) C:\program files (x86)\zoomvdiuniversalplugin\zoom.exe => No File
FirewallRules: [TCP Query User{4C8A9F8A-2479-481C-B08C-6ECFBA4981D4}C:\program files (x86)\zoomvdiuniversalplugin\zoom.exe] => (Allow) C:\program files (x86)\zoomvdiuniversalplugin\zoom.exe => No File
FirewallRules: [UDP Query User{90EE947C-3B80-47BF-950E-1473B3307F4A}C:\program files\vmware\vmware horizon view client\cef\html5videoplayer.exe] => (Allow) C:\program files\vmware\vmware horizon view client\cef\html5videoplayer.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{D5AD9CC4-3EEF-4CAE-B043-AF03854C2FE8}C:\program files\vmware\vmware horizon view client\cef\html5videoplayer.exe] => (Allow) C:\program files\vmware\vmware horizon view client\cef\html5videoplayer.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{5842141A-B4AF-4F96-9692-B23AB5793FFF}] => (Allow) C:\Program Files\Kairos\Duet Display\duet.exe (Duet, Inc. -> Duet, Inc.)
FirewallRules: [UDP Query User{E3D8C7DB-0060-433C-9967-AFFD1F935DD3}C:\users\ricar\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{11DFCDA1-AB21-4479-ABDC-5308CD955917}C:\users\ricar\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{B41E3EEE-0402-4149-82E5-9ABE6FC22E02}C:\users\ricar\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{1067C607-4C74-4A74-8D4B-61323C31084C}C:\users\ricar\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{63479386-7509-4123-8647-63E4AC142408}C:\users\ricar\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{44B4D148-7633-4395-8B78-469BE4212CF4}C:\users\ricar\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{62F5F72B-64AE-4136-9E60-69C872C7057C}C:\users\ricar\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [TCP Query User{BD4B10C9-FCAF-4EEB-AA03-0418EF58E072}C:\users\ricar\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [UDP Query User{1AF06276-3E5E-4193-874C-1444684D549F}C:\users\ricar\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [TCP Query User{607C78E5-5641-4B6B-9A9B-17AB77FC1AA5}C:\users\ricar\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [UDP Query User{A16FC23C-E813-4D28-B700-A5BCBB989662}C:\users\ricar\appdata\local\programs\opera\76.0.4017.123\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\76.0.4017.123\opera.exe => No File
FirewallRules: [TCP Query User{B6311A26-EC7D-4E9D-AD47-D8362A82E7B8}C:\users\ricar\appdata\local\programs\opera\76.0.4017.123\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\76.0.4017.123\opera.exe => No File
FirewallRules: [UDP Query User{7B5FEA61-5C92-4E74-8A76-EABD98F19F29}C:\users\ricar\appdata\local\programs\opera\76.0.4017.107\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\76.0.4017.107\opera.exe => No File
FirewallRules: [TCP Query User{FAB44E17-C4DF-4518-B3A1-E3208027D772}C:\users\ricar\appdata\local\programs\opera\76.0.4017.107\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\76.0.4017.107\opera.exe => No File
FirewallRules: [UDP Query User{D0131FB3-D108-47BF-8D5F-19E008E961F3}C:\users\ricar\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [TCP Query User{5B1CF457-DA07-4D18-B066-1E3A8D9A2568}C:\users\ricar\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [UDP Query User{2C434AE6-4E31-4CC0-88D8-9F7C20E0872D}C:\users\ricar\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [TCP Query User{03DD061F-06C4-4DF5-9697-3CA92BE78A9D}C:\users\ricar\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [UDP Query User{800F391C-7ECD-47E3-8C2F-3059242F63C1}C:\users\ricar\appdata\local\programs\opera\75.0.3969.149\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\75.0.3969.149\opera.exe => No File
FirewallRules: [TCP Query User{D5C7B6D0-968D-49B0-8F0F-02A5878A6FAE}C:\users\ricar\appdata\local\programs\opera\75.0.3969.149\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\75.0.3969.149\opera.exe => No File
FirewallRules: [UDP Query User{238E01F7-870C-485D-BC59-525260C6A100}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [TCP Query User{9B555C21-10FD-45AF-9ED9-3CAB6C142E78}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{07D84B1A-BA62-407A-9D6E-6958CBC6DEAB}C:\users\ricar\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [TCP Query User{A059F131-721B-44C0-B757-A3FA39282E38}C:\users\ricar\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{10F411C7-9A0A-4F19-80EA-9BDAFEAA2259}C:\users\ricar\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{3614A50D-F2D4-414B-884E-43C1D5B0E3DE}C:\users\ricar\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{50B6BDBF-C959-47CA-920F-F8ED0CC1B4EE}C:\users\ricar\appdata\local\programs\opera\74.0.3911.160\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\74.0.3911.160\opera.exe => No File
FirewallRules: [TCP Query User{B7779E03-CC27-438D-9E22-733D363385C3}C:\users\ricar\appdata\local\programs\opera\74.0.3911.160\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\74.0.3911.160\opera.exe => No File
FirewallRules: [UDP Query User{E8886256-52A1-4DE5-95A9-9F4C42F5069E}C:\users\ricar\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [TCP Query User{52830923-DC62-4B62-A58C-D63AA053F354}C:\users\ricar\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [UDP Query User{3B87FF30-0B13-44FA-B38F-0D46543D1009}C:\users\ricar\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{1260859D-9DF7-4283-9EF6-54D1BF08787F}C:\users\ricar\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{0F1D4A93-68EB-49D7-BFE0-36DC7CDAC4AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D58F350D-2D7A-41DF-A9B2-BA739CC401B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{D8E62B3F-6A4A-4624-B00E-029B10CD5791}C:\users\ricar\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [TCP Query User{322CD067-A428-4D7D-A0F5-C2EF4CE572BB}C:\users\ricar\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{48024F1B-C241-4259-A02A-6BFB817F4E5E}C:\users\ricar\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [TCP Query User{D4D138E0-5D4C-4CB5-B76E-98935AAD1E74}C:\users\ricar\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{06E82FA8-F0B0-438C-B632-73453FBB4747}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{AA50CF81-0FA4-4180-A32F-0E5FDEE7F83D}] => (Block) C:\users\ricar\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
FirewallRules: [{99073692-252B-4491-94B8-E359E6069687}] => (Block) C:\users\ricar\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
FirewallRules: [UDP Query User{559B72A0-526B-4B73-83AB-8729B213DFD6}C:\users\ricar\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe] => (Allow) C:\users\ricar\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
FirewallRules: [TCP Query User{6A35E937-FC47-4FB3-A186-ED18632B8724}C:\users\ricar\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe] => (Allow) C:\users\ricar\appdata\roaming\cricut design space\web\taskbar-application-win32\release\cricuttaskbarapplication.exe (Provo Craft & Novelty, Inc. -> Cricut, Inc.)
FirewallRules: [{433F57F7-EAE5-42BF-988D-E0402AE0D58C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{01E297BC-B6E9-4716-B08D-0769E8603D50}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0A64695D-5911-4503-960D-4F9D513BE7CF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C368F639-2D43-45CC-A101-E3C6717C9ECB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDE303E6-7467-489D-93B7-E2AF90923388}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16050.11029.20108.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B41C9C0C-4F56-4938-BDCB-D311EF13408C}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{82749118-EF86-4329-B914-9BDF0BDB3929}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{97B3979E-59A5-47A4-B9DD-86FDA0E72046}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D8583A3B-7094-4029-9E74-6780660BDBC4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{43A5AE53-A903-49AC-BC43-26EF413D4674}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BAE8C51F-4033-4881-A971-EE74B73FA2DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{7A76A006-6C40-4142-83E9-D32CD6B8A638}C:\users\ricar\appdata\local\programs\opera\65.0.3467.62\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\65.0.3467.62\opera.exe => No File
FirewallRules: [UDP Query User{86B0F729-08BF-46AA-A0DA-5F6616C36A31}C:\users\ricar\appdata\local\programs\opera\65.0.3467.62\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\65.0.3467.62\opera.exe => No File
FirewallRules: [TCP Query User{ED8E184E-4EA0-4BB2-99C6-8465E22CB8C2}C:\users\ricar\appdata\local\programs\opera\66.0.3515.115\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\66.0.3515.115\opera.exe => No File
FirewallRules: [UDP Query User{5BF307A7-15C1-427A-82DA-065BC8391293}C:\users\ricar\appdata\local\programs\opera\66.0.3515.115\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\66.0.3515.115\opera.exe => No File
FirewallRules: [TCP Query User{B058EFD1-B797-469C-BC79-2350A5637A3A}C:\users\ricar\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [UDP Query User{34B40910-D7B0-42ED-A23E-0CB6783E13CE}C:\users\ricar\appdata\local\programs\opera\67.0.3575.97\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\67.0.3575.97\opera.exe => No File
FirewallRules: [{E7EBF9B6-ADE2-40C9-B4F7-A26659BB5F87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2A20CA05-BD2A-4F91-827E-D7F3E6A584BC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2168BB64-C58A-42F2-9617-34392BC1B7EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{340AFA72-B1CC-4792-8142-3FC470B1A0E5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6403DD9F-3F48-4A4D-970A-245263864943}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{C2CC4BF7-9C67-48A7-8569-3E7664905D91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [TCP Query User{CC3D6AC8-6B0F-4A98-BD65-67CBFEFFA6B9}C:\users\ricar\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\67.0.3575.115\opera.exe => No File
FirewallRules: [UDP Query User{DF12C3F4-8EED-4A0C-B81E-DD73813641CA}C:\users\ricar\appdata\local\programs\opera\67.0.3575.115\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\67.0.3575.115\opera.exe => No File
FirewallRules: [{94B87FE3-3CC2-46DF-941E-07CC0A6667FF}] => (Allow) C:\Users\ricar\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0E649C43-E49C-4961-AF0E-584D85393BD6}] => (Allow) C:\Users\ricar\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{B9EB8E7A-022F-4272-8044-33BAEBA7A911}C:\users\ricar\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [UDP Query User{942BDE3A-C85F-41B3-A917-40024FBB6AFA}C:\users\ricar\appdata\local\programs\opera\67.0.3575.137\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\67.0.3575.137\opera.exe => No File
FirewallRules: [TCP Query User{0C753409-84A8-4E98-AFAD-AD682F355D31}C:\users\ricar\appdata\local\programs\opera\68.0.3618.104\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\68.0.3618.104\opera.exe => No File
FirewallRules: [UDP Query User{7BB6DD3D-CC08-418B-9DA7-5121DF7A67A4}C:\users\ricar\appdata\local\programs\opera\68.0.3618.104\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\68.0.3618.104\opera.exe => No File
FirewallRules: [TCP Query User{7379676E-7B5B-4C24-84C9-02E79285FAB4}C:\users\ricar\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\68.0.3618.125\opera.exe => No File
FirewallRules: [UDP Query User{EECFEDCC-2893-47C1-89DD-1B136E2E50C7}C:\users\ricar\appdata\local\programs\opera\68.0.3618.125\opera.exe] => (Block) C:\users\ricar\appdata\local\programs\opera\68.0.3618.125\opera.exe => No File
FirewallRules: [TCP Query User{1FDF60E7-C9A0-41F4-93AF-C74A76898E77}C:\program files\kairos\duet display\duet.exe] => (Allow) C:\program files\kairos\duet display\duet.exe (Duet, Inc. -> Duet, Inc.)
FirewallRules: [UDP Query User{21750523-CD63-443B-BE78-833CB19FB72F}C:\program files\kairos\duet display\duet.exe] => (Allow) C:\program files\kairos\duet display\duet.exe (Duet, Inc. -> Duet, Inc.)
FirewallRules: [TCP Query User{39C26641-E0C2-47E3-91F0-0365ECB5F75A}C:\users\ricar\appdata\local\programs\opera\70.0.3728.106\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\70.0.3728.106\opera.exe => No File
FirewallRules: [UDP Query User{884CF54B-53C2-4456-9AC7-233263440B79}C:\users\ricar\appdata\local\programs\opera\70.0.3728.106\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\70.0.3728.106\opera.exe => No File
FirewallRules: [TCP Query User{10343ABB-33DC-461F-91B8-EAA842EFAC3C}C:\users\ricar\appdata\local\programs\opera\71.0.3770.198\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\71.0.3770.198\opera.exe => No File
FirewallRules: [UDP Query User{8877E15B-3537-4F7E-8944-8D549D7F5E81}C:\users\ricar\appdata\local\programs\opera\71.0.3770.198\opera.exe] => (Allow) C:\users\ricar\appdata\local\programs\opera\71.0.3770.198\opera.exe => No File
FirewallRules: [TCP Query User{1E6822F3-3A29-4ECC-87DD-FCEE1A93C92F}C:\program files (x86)\zoomvmwaremediaplugin\zoom.exe] => (Allow) C:\program files (x86)\zoomvmwaremediaplugin\zoom.exe => No File
FirewallRules: [UDP Query User{9B9B66A1-C3B5-411B-B0CC-FB25FDF13935}C:\program files (x86)\zoomvmwaremediaplugin\zoom.exe] => (Allow) C:\program files (x86)\zoomvmwaremediaplugin\zoom.exe => No File
FirewallRules: [TCP Query User{A3216B86-F556-43FD-8FB2-EBAA6CDB7C84}C:\program files (x86)\vmware\vmware horizon view client\x64\cef\html5videoplayer.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\x64\cef\html5videoplayer.exe => No File
FirewallRules: [UDP Query User{80EFC4DA-C084-4508-90B6-94744B7CFA6B}C:\program files (x86)\vmware\vmware horizon view client\x64\cef\html5videoplayer.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\x64\cef\html5videoplayer.exe => No File
FirewallRules: [TCP Query User{39C89F30-6A08-4428-8373-D31F4D6C718E}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{17424EBF-5386-4F2F-A1CA-CB2C70185614}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{1EF853BD-1BEC-4A26-93DC-A0E63663A72E}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C2C4C059-ABB5-4EFE-877B-D16CE69DFD28}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C24909D-670F-4666-853C-D1160D0FE9BB}] => (Allow) C:\Program Files\ZoomVDIUniversalPlugin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [{FC397E5A-D84E-4478-95BC-82CC44C4D365}] => (Allow) C:\Program Files\ZoomVDIUniversalPlugin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [{07B07EAC-C028-4AB2-AC1C-8BE2CE3DE94F}] => (Allow) C:\Program Files\ZoomVDIUniversalPlugin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{327758CE-FA8C-482F-8B4F-6AEA7627C8C2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F12AA58-66B6-472E-944C-BCF3AB814589}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{113E1C1A-F41B-4A2C-80EC-9ADF8FA1DF68}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25124.201.3625.2942_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D05ED5F3-38B3-433E-91B8-2FF2BD9D3FE9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25124.201.3625.2942_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B1D2EF2D-0F13-465F-90EB-2A8A4E214DC0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
19-05-2025 07:20:50 Windows Update
22-05-2025 17:27:09 Windows Update
27-05-2025 16:39:44 Windows Update
27-05-2025 16:40:29 Windows Update
29-05-2025 15:25:27 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (05/30/2025 08:42:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname lactoc-rcv.local already in use; will try lactoc-rcv-2.local instead
Error: (05/30/2025 08:42:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 lactoc-rcv.local. Addr 192.168.4.26
Error: (05/30/2025 08:42:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.4.26:5353 16 lactoc-rcv.local. AAAA 2603:9001:1B01:BE49:B150:1588:6195:BA20
Error: (05/30/2025 08:42:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 lactoc-rcv.local. AAAA FE80:0000:0000:0000:D810:170C:2D79:FE4E
Error: (05/30/2025 08:42:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.4.26:5353 16 lactoc-rcv.local. AAAA 2603:9001:1B01:BE49:B150:1588:6195:BA20
Error: (05/30/2025 08:42:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 lactoc-rcv.local. AAAA FDC0:5216:F4BE:0001:000A:4BFE:F895:604D
Error: (05/30/2025 08:42:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.4.26:5353 16 lactoc-rcv.local. AAAA 2603:9001:1B01:BE49:B150:1588:6195:BA20
Error: (05/30/2025 08:42:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 lactoc-rcv.local. AAAA 2603:9001:1B01:BE49:000A:4BFE:F895:604D
System errors:
=============
Error: (05/30/2025 08:21:06 AM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)
Error: (05/30/2025 08:21:06 AM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)
Error: (05/30/2025 08:21:06 AM) (Source: Netwtw04) (EventID: 5005) (User: )
Description: Intel® Dual Band Wireless-AC 3168 : Has encountered an internal error and has failed.
5005 - Driver internal error
Error: (05/30/2025 08:21:06 AM) (Source: Netwtw04) (EventID: 5005) (User: )
Description: Intel® Dual Band Wireless-AC 3168 : Has encountered an internal error and has failed.
5005 - Driver internal error
Error: (05/30/2025 08:21:06 AM) (Source: Netwtw04) (EventID: 5035) (User: )
Description: 5035 - Driver OSC Pending OID watchdog
Error: (05/30/2025 08:11:20 AM) (Source: DCOM) (EventID: 10010) (User: LACTOC-RCV)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
Error: (05/30/2025 08:05:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
Error: (05/29/2025 04:28:06 PM) (Source: DCOM) (EventID: 10010) (User: LACTOC-RCV)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2025-05-23 08:19:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Date: 2025-05-23 08:10:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Date: 2025-05-23 07:59:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Date: 2025-05-20 09:53:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Date: 2025-05-20 09:45:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Event[0]
Date: 2025-05-27 16:38:29
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.429.147.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25040.1
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2025-05-16 07:39:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.427.787.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25040.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2025-04-14 17:18:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.427.196.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25030.1
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2025-04-14 17:18:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.427.196.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25030.1
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
Date: 2025-04-14 17:18:30
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.427.196.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25030.1
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process.
CodeIntegrity:
===============
Date: 2025-05-30 08:41:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_618947f7f882ca01\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.23 12/25/2020
Motherboard: HP 84C3
Processor: Intel® Core™ i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 91%
Total physical RAM: 3976.47 MB
Available physical RAM: 319.49 MB
Total Virtual: 8079.62 MB
Available Virtual: 1247.36 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:914.7 GB) (Free:707.1 GB) (Model: Intel Optane+932GBHDD) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.57 GB) (Free:1.86 GB) (Model: Intel Optane+932GBHDD) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{454608ca-6bd8-4173-b13a-78a5fa3f3366}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.18 GB) NTFS
\\?\Volume{298a09f6-56c2-416d-8288-2878f28363a7}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4E50DAB0)
Partition: GPT.
==================== End of Addition.txt =======================
Sign In
Create Account
