Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Disk Usage at 100%

Started by solley , May 26 2024 10:14 PM

  • Please log in to reply

#1
solley
Posted 26 May 2024 - 10:14 PM

solley

    Member

  • Member
  • PipPip
  • 25 posts

Hello.  Thanks, in advance, for looking.  Logs below.  Disk usage in Task Manager lives at 100%.  Not sure if that is the symptom or the problem, but everything creeps.  OneNote, for example, takes about 4 or 5 minutes to open.  Right clicking on a misspelled word in Word takes 2 to 3 minutes for the suggested corrections to appear.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.05.2024 01
Ran by solle (administrator) on LAPTOP-RFD87DBG (LENOVO 81QF) (26-05-2024 22:36:33)
Running from C:\Users\solle\OneDrive\Desktop\FRST64.exe
Loaded Profiles: solle
Platform: Microsoft Windows 11 Home Version 23H2 22631.3296 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoNotificationUx.exe
(directxdatabaseupdater.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Dism\DismHost.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_afbf41cf8ab202d7\igfxCUIService.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_afbf41cf8ab202d7\igfxEM.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_d372a4ea3b959b1c\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_afbf41cf8ab202d7\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d5116a57e81b0c34\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d5116a57e81b0c34\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_eea3cf789013ad4f\RstMwService.exe
(services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\solle\AppData\Local\Microsoft\OneDrive\24.091.0505.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\directxdatabaseupdater.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\wuaucltcore.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.3522_none_e93c247a42e7cbb6\TiWorker.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\...\Run: [MicrosoftEdgeAutoLaunch_B2E9F78A3FA561CF35CB64DA004DB10B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4136896 2024-05-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\solle\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [67881504 2024-05-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\solle\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\...\RunOnce: [Uninstall 24.086.0428.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\solle\AppData\Local\Microsoft\OneDrive\24.086.0428.0003" [0 2024-05-22] () <==== ATTENTION [zero byte File/Folder]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {DEB959E8-A0ED-4587-974B-86DB79BA28F8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {ABDE8E3A-AB6B-4D01-BF0A-3872917CAC22} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {6CB88B06-65CE-4181-A12F-428474E4CC67} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [102400 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A0C4E7BD-68AD-4ADE-A514-776C97FB656B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a14c1af4-c966-43b1-9f47-1f7e07bbdf09 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E0AD6850-8EBA-45D7-B935-75EB43610D52} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a31e1399-84bb-49dd-b7b7-00ee653f503c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8C46969A-3686-4873-9DA6-C146ADA2E30F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b109505b-bf93-4895-9b81-98dacea91343 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {C08E5D9C-82B2-427B-B58D-AC89CBE014AE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c2bd6758-9991-4ff7-b1e8-232b480b213d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {F1D893FF-F523-4D0C-B3A7-75FC00A6DA6B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e7aa3de0-50d1-420c-9e06-e729af797ad2 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8316152D-23B8-4FAA-950D-0C5EF9A0A860} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe [5368904 2024-05-22] (Microsoft Windows -> Microsoft Corporation)
Task: {AE8FECA3-7E5C-4623-9615-FD45655645AA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {5244CFC3-D76B-4178-A2C1-0B47E66DDF21} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {91ACAF19-73AE-4503-8CAA-D77D1CE40B65} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDA9A65E-D1F3-4B99-837E-231CED31BD72} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {08D11D27-52E7-4D43-8EEE-794A2A18F765} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168928 2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D813ECB-AF9A-468F-AE9A-9561B77BFEB4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [517112 2024-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {45CF73C8-9A94-47C5-8E45-347738A58FC5} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {ED29962B-66FB-4E75-9EBF-3848CFC7915C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {034047CC-6C79-44A5-9ED2-72E1BD3C769B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {18462C0A-BDA8-46BC-B5A4-0FE5FD6D3EED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FD131B6E-FDCD-42F2-853F-7CC8BB9AA03B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E573574C-C346-4B38-BD51-68D7F3E64787} - System32\Tasks\WpsExternal_solle_20240514211150 => C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe [980880 2024-05-14] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {A79DF4D0-D38F-4801-BCD6-8E9E425839D7} - System32\Tasks\WpsUpdateTask_solle => C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe [1531280 2024-05-14] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2beac004-b23c-4efc-8aaf-3a1b480a86d3}: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{2beac004-b23c-4efc-8aaf-3a1b480a86d3}: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge Profile: C:\Users\solle\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-26]
Edge Extension: (Google Docs Offline) - C:\Users\solle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-23]
Edge Extension: (Edge relevant text changes) - C:\Users\solle\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-05-23]
Edge Profile: C:\Users\solle\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-04-14]
Edge Extension: (Google Docs Offline) - C:\Users\solle\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-17]
Edge Extension: (Edge relevant text changes) - C:\Users\solle\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-17]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-14] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248016 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1646536 2019-05-29] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [321512 2018-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 IntuitUpdateServiceV5; C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe [19320 2023-09-14] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo -> Lenovo(beijing) Limited)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [174768 2018-10-29] (BayHub Technology Inc. -> BayHubTech/O2Micro)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 MpKsl7c030c9c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62BBABAE-9370-4012-901C-41DED126978C}\MpKslDrv.sys [271648 2024-05-26] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [76832 2022-09-30] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21056 2024-05-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601496 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-16] (Microsoft Windows -> Microsoft Corporation)
R1 WinSetupMon; C:\WINDOWS\System32\DRIVERS\WinSetupMon.sys [107912 2024-03-02] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-05-26 22:36 - 2024-05-26 22:45 - 000019327 _____ C:\Users\solle\OneDrive\Desktop\FRST.txt
2024-05-26 22:28 - 2024-05-26 22:40 - 000000000 ____D C:\FRST
2024-05-26 22:28 - 2024-05-26 22:28 - 002395136 _____ (Farbar) C:\Users\solle\OneDrive\Desktop\FRST64.exe
2024-05-26 22:26 - 2024-05-26 22:28 - 002395136 _____ (Farbar) C:\Users\solle\Downloads\FRST64.exe
2024-05-26 21:41 - 2024-05-26 21:41 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\UProof
2024-05-26 21:40 - 2024-05-26 21:40 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Proof
2024-05-26 21:25 - 2024-05-26 22:19 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Word
2024-05-26 21:25 - 2024-05-26 21:39 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Office
2024-05-26 21:25 - 2024-05-26 21:25 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\AddIns
2024-05-23 21:15 - 2024-05-23 21:28 - 000000000 ___HD C:\$WinREAgent
2024-05-22 20:24 - 2024-05-22 18:03 - 000000000 ____D C:\Windows.old
2024-05-22 20:18 - 2024-05-22 20:24 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-05-22 20:06 - 2024-05-22 20:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-05-22 20:06 - 2024-05-22 20:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-05-22 19:56 - 2024-05-22 19:57 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-05-22 19:56 - 2024-05-22 19:56 - 000000000 ____D C:\WINDOWS\InboxApps
2024-05-22 19:23 - 2024-05-22 19:23 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2024-05-22 19:23 - 2024-05-22 19:23 - 000020023 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-05-22 19:17 - 2024-05-22 19:17 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2024-05-22 19:17 - 2024-05-22 19:17 - 000020023 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-05-22 18:55 - 2024-05-22 18:55 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2024-05-22 18:55 - 2024-05-22 18:55 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2024-05-22 18:55 - 2024-05-22 18:55 - 000000000 ____D C:\WINDOWS\addins
2024-05-22 18:13 - 2024-05-22 18:13 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-05-22 18:08 - 2024-05-22 18:08 - 000000020 ___SH C:\Users\solle\ntuser.ini
2024-05-22 18:01 - 2024-05-25 16:14 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{49D6065D-E390-46BC-AD4E-5D4600523024}
2024-05-22 18:01 - 2024-05-25 16:14 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{296B0852-4C47-418A-828B-F3DE5FA91668}
2024-05-22 18:01 - 2024-05-22 22:46 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3650388095-2691658525-4074940703-1001
2024-05-22 18:01 - 2024-05-22 22:46 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3650388095-2691658525-4074940703-1001
2024-05-22 18:01 - 2024-05-22 18:02 - 000003554 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup
2024-05-22 18:01 - 2024-05-22 18:02 - 000003056 _____ C:\WINDOWS\system32\Tasks\WpsExternal_solle_20240514211150
2024-05-22 18:01 - 2024-05-22 18:02 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3650388095-2691658525-4074940703-500
2024-05-22 18:01 - 2024-05-22 18:02 - 000002628 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_solle
2024-05-22 18:01 - 2024-05-22 18:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-05-22 18:01 - 2024-05-22 18:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2024-05-22 18:01 - 2024-05-22 18:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2024-05-22 18:01 - 2024-05-22 18:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2024-05-22 18:01 - 2019-10-12 20:23 - 000002852 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-985777614-2487115121-2185386274-500
2024-05-22 18:01 - 2019-04-19 00:08 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3526187609-2882153013-4154148286-500
2024-05-22 17:59 - 2024-05-22 18:01 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2024-05-22 17:59 - 2024-05-22 18:01 - 000011433 _____ C:\WINDOWS\diagerr.xml
2024-05-22 17:53 - 2024-05-22 17:53 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Network
2024-05-22 17:52 - 2024-05-22 17:52 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-22 17:52 - 2024-05-22 17:52 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\SystemCertificates
2024-05-22 17:52 - 2024-05-22 17:52 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Crypto
2024-05-22 17:50 - 2024-05-22 17:50 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-05-22 17:37 - 2024-05-22 18:09 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Windows
2024-05-22 17:37 - 2024-05-22 18:09 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Spelling
2024-05-22 17:37 - 2024-05-22 18:08 - 000000000 ____D C:\Users\solle
2024-05-22 17:28 - 2024-05-22 17:28 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2024-05-22 17:27 - 2024-05-26 21:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-05-22 17:26 - 2024-05-22 17:27 - 000304384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-21 22:38 - 2024-05-21 22:38 - 000000000 ____D C:\Users\solle\AppData\Local\OneDrive
2024-05-21 22:31 - 2024-05-21 22:31 - 000142569 _____ C:\Users\solle\Downloads\Pay Stub1.pdf
2024-05-21 22:31 - 2024-05-21 22:31 - 000142548 _____ C:\Users\solle\Downloads\Pay Stub3.pdf
2024-05-21 22:31 - 2024-05-21 22:31 - 000142547 _____ C:\Users\solle\Downloads\Pay Stub2.pdf
2024-05-21 22:30 - 2024-05-21 22:30 - 000142580 _____ C:\Users\solle\Downloads\Pay Stub.pdf
2024-05-21 22:27 - 2024-05-21 22:27 - 000130487 _____ C:\Users\solle\Downloads\Paycheck Print6.pdf
2024-05-21 22:27 - 2024-05-21 22:27 - 000130205 _____ C:\Users\solle\Downloads\Paycheck Print7.pdf
2024-05-21 22:26 - 2024-05-21 22:26 - 000160991 _____ C:\Users\solle\Downloads\Paycheck Print4.pdf
2024-05-21 22:26 - 2024-05-21 22:26 - 000130461 _____ C:\Users\solle\Downloads\Paycheck Print5.pdf
2024-05-21 22:25 - 2024-05-21 22:25 - 000130539 _____ C:\Users\solle\Downloads\Paycheck Print3.pdf
2024-05-21 22:25 - 2024-05-21 22:25 - 000130474 _____ C:\Users\solle\Downloads\Paycheck Print2.pdf
2024-05-21 22:24 - 2024-05-21 22:24 - 000160859 _____ C:\Users\solle\Downloads\Paycheck Print.pdf
2024-05-21 22:24 - 2024-05-21 22:24 - 000130455 _____ C:\Users\solle\Downloads\Paycheck Print1.pdf
2024-05-21 22:17 - 2024-05-21 22:18 - 000140018 _____ C:\Users\solle\Downloads\image2024-05-17-124733.pdf
2024-05-21 21:55 - 2024-05-21 22:01 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\MMC
2024-05-21 21:50 - 2024-05-21 21:50 - 000007605 _____ C:\Users\solle\AppData\Local\Resmon.ResmonCfg
2024-05-14 23:25 - 2024-05-14 23:25 - 000045764 _____ C:\Users\solle\Downloads\Resume.pdf
2024-05-14 21:31 - 2024-05-14 21:31 - 000000000 ___HD C:\OneDriveTemp
2024-05-07 07:29 - 2024-05-07 07:29 - 000475304 _____ C:\Users\solle\Downloads\Multiple Documents (10).pdf
2024-05-06 21:43 - 2024-05-21 22:19 - 000000000 ___HD C:\Users\solle\WPS Cloud Files
2024-04-30 20:50 - 2024-04-30 20:50 - 005271198 _____ C:\Users\solle\Downloads\civil_war_civil_rights_amendments_-_Copy.pptm
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-05-26 22:57 - 2023-12-17 17:41 - 000000000 ____D C:\Users\solle\AppData\Local\Packages
2024-05-26 22:52 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-26 22:52 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-26 22:47 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-26 22:12 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-26 21:24 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-23 21:39 - 2024-03-17 14:16 - 000002425 _____ C:\Users\solle\OneDrive\Desktop\Personal - Edge.lnk
2024-05-23 21:29 - 2022-04-02 21:24 - 000000000 ____D C:\Users\solle\OneDrive\Documents\TurboTax
2024-05-23 21:24 - 2023-04-05 21:07 - 000000000 ____D C:\Users\solle\OneDrive\Desktop\New folder
2024-05-23 21:12 - 2022-05-07 00:22 - 000000000 ____D C:\WINDOWS\INF
2024-05-23 20:29 - 2023-12-17 17:44 - 000000000 ____D C:\Users\solle\AppData\Local\Publishers
2024-05-23 20:29 - 2023-12-17 17:43 - 000000000 ____D C:\ProgramData\Packages
2024-05-23 20:27 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-23 20:20 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-05-23 20:16 - 2019-10-12 20:38 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-23 20:00 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\appcompat
2024-05-22 23:08 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-22 22:58 - 2023-12-17 17:47 - 000000000 ____D C:\Users\solle\AppData\Local\PlaceholderTileLogoFolder
2024-05-22 22:47 - 2020-01-01 22:02 - 000000000 ___RD C:\Users\solle\OneDrive
2024-05-22 22:46 - 2023-12-17 17:48 - 000002390 _____ C:\Users\solle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-22 20:24 - 2024-01-03 18:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-22 20:24 - 2023-12-16 23:50 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-05-22 20:24 - 2023-06-11 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2024-05-22 20:24 - 2022-05-07 00:28 - 000000000 ____D C:\WINDOWS\Setup
2024-05-22 20:24 - 2022-05-07 00:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-05-22 20:24 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-05-22 20:24 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\spool
2024-05-22 20:24 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2024-05-22 20:24 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-05-22 20:24 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-05-22 20:24 - 2019-10-12 21:00 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2024-05-22 20:24 - 2019-10-12 20:55 - 000000000 ____D C:\Program Files\Intel
2024-05-22 20:24 - 2019-10-12 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-05-22 20:24 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2024-05-22 20:24 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-05-22 20:24 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2024-05-22 20:23 - 2022-05-07 00:24 - 000000000 __RHD C:\Users\Public\Libraries
2024-05-22 20:19 - 2023-12-17 00:07 - 000000000 ____D C:\WINDOWS\system32\cAVS
2024-05-22 20:18 - 2023-12-17 00:07 - 000000000 ____D C:\WINDOWS\Lenovo
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\WUModels
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\UUS
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-22 19:58 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2024-05-22 19:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\Globalization
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-22 19:56 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Common Files\System
2024-05-22 19:56 - 2022-05-07 00:17 - 000000000 ____D C:\WINDOWS\servicing
2024-05-22 19:53 - 2022-05-07 01:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-05-22 19:53 - 2022-05-07 01:10 - 000023775 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-05-22 19:53 - 2022-05-07 00:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-05-22 19:53 - 2022-05-07 00:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2024-05-22 19:53 - 2022-05-07 00:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-05-22 19:53 - 2022-05-07 00:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2024-05-22 18:09 - 2022-05-07 00:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-22 18:09 - 2019-04-19 00:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-05-22 18:08 - 2024-04-02 20:23 - 000000000 ___DC C:\WINDOWS\Panther
2024-05-22 18:08 - 2020-01-02 12:59 - 000000000 __SHD C:\Users\solle\IntelGraphicsProfiles
2024-05-22 18:03 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-22 18:03 - 2021-01-25 03:12 - 000012288 ___SH C:\DumpStack.log.tmp
2024-05-22 18:01 - 2022-05-07 00:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-05-22 17:44 - 2023-12-16 22:21 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2024-05-22 17:44 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-05-22 17:43 - 2022-05-07 00:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-05-22 17:42 - 2024-04-17 19:37 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2024-05-22 17:42 - 2023-10-21 09:49 - 000000000 ____D C:\Users\solle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-05-22 17:39 - 2022-05-07 00:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2024-05-22 17:32 - 2023-12-16 22:21 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2024-05-22 17:30 - 2023-12-17 00:07 - 000000000 ____D C:\WINDOWS\system32\Intel
2024-05-22 17:30 - 2019-10-12 20:35 - 000000000 ____D C:\Program Files\Lenovo
2024-05-22 17:29 - 2023-12-16 22:26 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-16 22:00 - 2019-04-19 00:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-14 22:03 - 2023-12-25 16:08 - 196465576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-05-14 21:11 - 2024-04-17 19:37 - 000002557 _____ C:\Users\solle\OneDrive\Desktop\WPS PDF.lnk
2024-05-05 14:55 - 2023-12-17 17:43 - 000000000 ____D C:\Users\solle\AppData\Local\D3DSCache
2024-05-01 20:45 - 2024-04-17 19:34 - 000000000 ____D C:\Users\solle\AppData\Roaming\kingsoft
 
==================== Files in the root of some directories ========
 
2024-05-21 21:50 - 2024-05-21 21:50 - 000007605 _____ () C:\Users\solle\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.05.2024 01
Ran by solle (26-05-2024 23:00:46)
Running from C:\Users\solle\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3296 (X64) (2024-05-22 23:03:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3650388095-2691658525-4074940703-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3650388095-2691658525-4074940703-503 - Limited - Disabled)
Guest (S-1-5-21-3650388095-2691658525-4074940703-501 - Limited - Disabled)
solle (S-1-5-21-3650388095-2691658525-4074940703-1001 - Administrator - Enabled) => C:\Users\solle
WDAGUtilityAccount (S-1-5-21-3650388095-2691658525-4074940703-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Intel® Chipset Device Software (HKLM\...\{C7CC96C7-C99C-40DD-BB6B-C7BFC2899979}) (Version: 10.1.17809.8096 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6911 - Intel Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 125.0.2535.51 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\...\OneDriveSetup.exe) (Version: 24.091.0505.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
TurboTax 2023 (HKLM\...\{E562E609-8B17-48CF-A82C-0A78ED485299}) (Version: 023.000.0466 - Intuit Inc.)
waliperStateIS (HKLM\...\{6E914DB6-14B0-494D-B5A4-FAB6BB551FA3}) (Version: 023.000.0137 - Intuit Inc.) Hidden
WPS Office (12.2.0.16909) (HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\...\Kingsoft Office) (Version: 12.2.0.16909 - Kingsoft Corp.)
 
Packages:
=========
 
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt [2024-05-23] (INTEL CORP) [Startup Task]
Dolby Audio -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyaudio_3.20402.409.0_x64__rz1tebttyb220 [2024-01-06] (Dolby Laboratories)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\appup.intelgraphicscontrolpanel_3.3.0.0_x64__8j3eq9eme6ctt [2024-01-06] (INTEL CORP)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2403.25.0_x64__k1h2ywk1493x8 [2024-04-14] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.6.12.0_x64__5grkq8ppsgwt4 [2024-04-22] (LENOVO INC) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-05-26] (Microsoft Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2024-01-06] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0 [2024-05-23] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3650388095-2691658525-4074940703-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3650388095-2691658525-4074940703-1001_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers1_S-1-5-21-3650388095-2691658525-4074940703-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kwpsmenushellext64.dll [2024-05-14] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-3650388095-2691658525-4074940703-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kwpsmenushellext64.dll [2024-05-14] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3650388095-2691658525-4074940703-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\solle\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bluelava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_rgb.jpg
DNS Servers: 8.8.8.8 - 8.8.8.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A8918469-DFCF-4EE5-A09D-67961526DC36}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24102.2309.2851.4917_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7C6AC5D-C9CE-49A8-BCF0-E72704C7A684}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24102.2309.2851.4917_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EA08D41B-43D6-4D90-A83C-2868DB96DBBB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4E7B8EE2-3FB9-4BFF-8BA2-7C10444889B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC67155C-F996-48BC-B72F-0A6E538B6413}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B247040C-BE20-4D81-94FB-0C56A3D0515D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8FE935E0-2113-4E80-B733-7C35B21CF94B}] => (Allow) C:\Program Files\TurboTax\Individual 2023\64bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{437B8B0F-3349-462D-AAA6-13BFFDC57378}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A84C7C86-B61E-4A74-B3B7-A254C02E3C17}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{F85AFB34-DBEF-45EC-885C-A4D95C2E2678}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{F91C5B43-5737-4DAD-98BB-882EC256254E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24102.2309.2851.4917_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DD4A3319-52F5-4F6B-BE02-C91B5C07A9C9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24102.2309.2851.4917_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{061DBB98-9681-4435-9F5E-2229325B8AE2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.51\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F7C6CCC3-41C1-4066-A23D-8FC06C4FF016}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{6E4DB902-365C-4B9D-B9F3-E8FFA2270241}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{F098E6B6-C02A-459A-A113-13759AA41CF5}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{3DA895E9-FC26-4679-AE03-36C49ABA7DBD}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{47500ADE-677F-4C96-B850-06962318CD7A}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{99FF16D8-C815-4835-8DA6-2D0D7EDB075F}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{5A8A761E-EA7A-43EF-9839-586E002BF0E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{42EE11BA-D0D8-4A79-BBC5-D04FC82CB0E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B4EAA8D1-41C1-4587-AC4E-00417AAC58F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{50F5A5FF-6FFF-4BD7-B7E8-040DC4494B75}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{93E2E4EE-D81B-4EAE-816E-350AACF55128}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2CA01B5E-654F-4B1D-93A4-329639664F6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7C02045A-B5AE-4FD7-8B25-8967BF85439F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8195D210-253C-477D-9FA2-2ADC1BC75BA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4FAE2B95-6B92-4118-81B5-3FC22EDDA68F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5FA913D9-B4E3-431C-98E4-DF7B8DB70DAA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
 
==================== Restore Points =========================
 
22-05-2024 22:53:27 Windows Update
26-05-2024 21:58:19 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/26/2024 10:36:08 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program wps.exe version 12.2.0.16909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (05/23/2024 09:29:23 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-RFD87DBG)
Description: Faulting application name: wps.exe, version: 12.2.0.16909, time stamp: 0x662d3006
Faulting module name: ksolite.dll, version: 12.2.0.16909, time stamp: 0x662d3043
Exception code: 0xc0000005
Fault offset: 0x0054d9f2
Faulting process id: 0x0x3570
Faulting application start time: 0x0x1daad8225f4c91c
Faulting application path: C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
Faulting module path: C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksolite.dll
Report Id: 6ecb395c-c2a8-4b87-82cd-81637f52626e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/23/2024 09:21:31 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-RFD87DBG)
Description: Faulting application name: wps.exe, version: 12.2.0.16909, time stamp: 0x662d3006
Faulting module name: ksolite.dll, version: 12.2.0.16909, time stamp: 0x662d3043
Exception code: 0xc0000005
Fault offset: 0x0054d9f2
Faulting process id: 0x0x39b4
Faulting application start time: 0x0x1daad81141f3ce3
Faulting application path: C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
Faulting module path: C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksolite.dll
Report Id: ec2c8e39-96c7-4d7f-b627-2d54d0c255bb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/23/2024 09:18:20 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-RFD87DBG)
Description: Faulting application name: wps.exe, version: 12.2.0.16909, time stamp: 0x662d3006
Faulting module name: ksolite.dll, version: 12.2.0.16909, time stamp: 0x662d3043
Exception code: 0xc0000005
Fault offset: 0x0054d9f2
Faulting process id: 0x0x3590
Faulting application start time: 0x0x1daad80a27450d7
Faulting application path: C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
Faulting module path: C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksolite.dll
Report Id: 68bf673d-fac1-4405-9aa5-4e23f8d855bb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/23/2024 09:04:26 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-RFD87DBG)
Description: Faulting application name: wps.exe, version: 12.2.0.16909, time stamp: 0x662d3006
Faulting module name: ksolite.dll, version: 12.2.0.16909, time stamp: 0x662d3043
Exception code: 0xc0000005
Fault offset: 0x0054d9f2
Faulting process id: 0x0x3ab0
Faulting application start time: 0x0x1daad7eb261c780
Faulting application path: C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
Faulting module path: C:\Users\solle\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksolite.dll
Report Id: efb45076-0b29-4e0d-9fc2-7343307f0cb7
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (05/26/2024 09:31:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service edgeupdate with arguments "/comsvc" in order to run the server:
{CECDDD22-2E72-4832-9606-A9B0E5E344B2}
 
Error: (05/26/2024 09:31:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Edge Update Service (edgeupdate) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/26/2024 09:31:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Edge Update Service (edgeupdate) service to connect.
 
Error: (05/25/2024 04:02:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Setup Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/25/2024 04:02:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Network Setup Service service to connect.
 
Error: (05/23/2024 08:22:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Display - 26.20.100.7323.
 
Error: (05/23/2024 08:20:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.411.318.0) - Current Channel (Broad).
 
Error: (05/22/2024 11:22:52 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RFD87DBG)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2024-05-23 21:12:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-05-26 21:48:14
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.411.320.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24040.1
Error code: 0x80070102
Error description: The wait operation timed out.  
 
CodeIntegrity:
===============
Date: 2024-05-26 22:15:10
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d5116a57e81b0c34\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO ALCN33WW(V2.10) 06/23/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i7-8565U CPU @ 1.80GHz
Percentage of memory in use: 49%
Total physical RAM: 12101.74 MB
Available physical RAM: 6064.95 MB
Total Virtual: 13957.74 MB
Available Virtual: 7486.99 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:861.52 GB) (Model: ST1000LM035-1RK172) NTFS
 
\\?\Volume{b330a414-ea9b-430a-92d9-466ef181f138}\ () (Fixed) (Total:0.98 GB) (Free:0.31 GB) NTFS
\\?\Volume{dfbd76fc-546c-4caa-902e-54730f7b92b3}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3928A017)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements

#2
RKinner
Posted Today, 07:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,679 posts
  • MVP

Right click on the clock and select Task Manager  (or Search for Task manager and hit Enter)

(More Details)

then Performance

Open Resource Monitor

Click on Disk

The upper windows shows what processes are suing the disk.  The lower window shows more details.  Make sure the window is at full screen and the lower pane is visible and take a screen shot and attach it to a Reply.  

 

To attach a file:
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
Only files with .txt, .jpg or .zip are allowed.
 
If you don't know how to take a screenshot:
Remember to save the file as jpg.
 
Your event log is showing a lot of problems with Windows files so your hard drive may be dying:  See if you can get 
 
CrystalDiskInfo:
 
 
 
 
 
 
Scroll down a bit and you will see a 
button that says Installer (Vista+).  That's the button you need to use to download the installer.  
Save the file then go to the download folder and right click on the file and run as admin.  
The program will install and then start up.   Once it reads the drives you just hit File then Save Text.  
Save the file to your desktop and then attach it or open it then copy and paste the text to a reply.  
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

19 user(s) are reading this topic

0 members, 19 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP