Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop has TrojanClicker:Win32/Doplik.U virus [Solved]


  • This topic is locked This topic is locked

#1
Jamazz

Jamazz

    Member

  • Member
  • PipPip
  • 90 posts

Hey, Geeks. I'm in need of your help again. I've found really good help here in the past, and you have helped me save three laptops from terrible fates. I support the agents that assist me, and I am looking forward to another round of support.

 

The device in question is a modern Asus gaming laptop, and the customer is young with poor surfing habits. It landed his laptop in hot water with a Trojan. I attempted to let Windows Defender quarantine/remove it, but it is persistent and able to skirt around efforts to block it. There could be more trouble here, under the hood, but so far, I have only been able to detect one virus. This virus has taken over RPC and DHCP services. The laptop is able to associate to an SSID, but it is not allowing the DHCP service to grab an IP. I also cannot search for files or engage admin commands through power shell. I attempted to edit the registry to give me a back door to DHCP services, but to no avail. The virus has the laptop pretty locked down, and who knows what kind of other nefarious code is running under the hood.

 

Here are the FRST and Addition texts copied. See below. I look forward to getting this laptop cleaned up, and give the young one a bit of wisdom with safe surfing habits, etc. Thank you.

 

********FRST64*********

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2023
Ran by jakea (administrator) on LAPTOP-DC9VAHIO (ASUSTeK COMPUTER INC. VivoBook_ASUSLaptop X515UA_M515UA) (25-02-2023 16:52:38)
Running from C:\Users\jakea\OneDrive\Desktop
Loaded Profiles: jakea
Platform: Microsoft Windows 11 Home Version 21H2 22000.1219 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(C:\Program Files\Microsoft OneDrive\OneDrive.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.023.0129.0002\Microsoft.SharePoint.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.49\msedgewebview2.exe <13>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCopyAccelerator.exe
(explorer.exe ->) (Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\jakea\AppData\Local\Microsoft\Teams\current\Teams.exe <7>
(services.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\VUL\McVulCtr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.22621.1.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\1.0.2207.20002-0\SecurityHealthHost.exe <2>
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d92d7bec4b020758\RtkAudUService64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2629552 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Run: [Discord] => C:\Users\jakea\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\jakea\AppData\Local\Microsoft\Teams\Update.exe [2508480 2022-07-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Run: [MicrosoftEdgeAutoLaunch_E7A10861AE8EF3A7250FD6F799197239] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe [2023-02-17] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2021-07-28]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1700EAF0-88C1-4471-ACF4-5EDF04E88B28} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.7.106\DADUpdater.exe [4092968 2022-09-08] (McAfee, LLC -> McAfee, LLC)
Task: {1DE45756-528E-4495-AE26-B9A1E3E14223} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {2105557F-C1D9-4975-91F5-121E7289C8D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-27] (Google LLC -> Google LLC)
Task: {33E3BDDD-7939-43C8-9222-E14F77843BA5} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {3625BE60-013E-4455-B799-3F82566058B4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3FF5314C-094D-4C0C-94CA-BE64B2958534} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d92d7bec4b020758\RtkAudUService64.exe [1372264 2021-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {4A408A42-DE74-438C-9C6D-25FFECA37F03} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSOptimization\AsusHotkey.exe [263784 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {4C8DB756-EEBB-472F-9A4A-9E0227DB4211} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1522195674-1015883375-685675973-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CCFD9BA-25E5-44B7-A792-FD76E0E3CD5C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {50DE1267-DC30-4D44-959C-ED5879EC4FDC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {629B354A-9F5A-42AB-93D9-BAC2A85BC35D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {77DD74B2-4770-45AD-B435-3AE18EF2DB4E} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2859928 2020-09-25] (Corel Corporation -> Corel Corporation)
Task: {854C3EAA-584C-467B-95CC-74B43C44AD67} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E55E58A-24E9-47DA-AB6E-7545011AC3E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {978A6E3D-9696-4E7D-BA02-AB5B97B676A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0D5442E-42E9-4132-A1C1-9B4C619FC036} - System32\Tasks\Microsoft\Windows\WaaSMedic\DeferredWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {B29DA8C3-AE63-49F9-8D0D-86E01D8F11F3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B977A7E9-349A-460B-B4C6-5FBA98955200} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606624 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {BF16F7C1-68DD-466E-B55D-6090CB9EE936} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C52AA8CA-BD3E-4EB0-A46C-BDC65F46C958} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4560872 2022-09-22] (McAfee, LLC -> McAfee, LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {E0F4C04E-F914-4C79-A34D-75CDD91334F0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {E6A4EC77-D038-4175-8690-2EAFF7181D8D} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {E9370265-8C43-4269-A84A-1B2CAD19D344} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {EDB04188-423C-4EC2-B3D0-8AFD87FB9E6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-27] (Google LLC -> Google LLC)
Task: {F1BA69A8-2B11-4083-9A72-0F2F9647622A} - System32\Tasks\ASUS Live Update 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusUpdateChecker.exe /start (No File)
Task: {F289366B-7BB9-4422-A4D8-3F25B53CB1B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F3EFC62B-517D-4115-BFCE-7640919E867D} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSoftwareManager\AsusUpdateChecker.exe [788104 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {F967C7D3-1C49-4576-8844-55935E398AC7} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3826312 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\jakea\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-24]
Edge Notifications: Default -> hxxps://www.allwealthinfo.com; hxxps://www.facebook.com
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-08-22] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-08-22] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Default [2023-02-19]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.forbes.com; hxxps://www.reddit.com; hxxps://www.youtube.com
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-27]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-19]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-19]
CHR Notifications: Profile 1 -> hxxps://patch.com; hxxps://www.bestresultsfast.com; hxxps://www.facebook.com
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-11]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2023-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-02]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-05-08]
CHR Extension: (Google Translate) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-05-08]
CHR Extension: (Slides) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-18]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2021-08-18]
CHR Extension: (Lightspeed Filter Agent) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adkcpkpghahmbopkjchobieckeoaoeem [2022-05-08] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/chrome-filter/354d6e8ceb12d30f1ab9fa05314a1094e9fecab82bd40d0a04f159fb6b314bac/ChromeFilter.xml] <==== ATTENTION
CHR Extension: (Docs) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-18]
CHR Extension: (Google Drive) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-18]
CHR Extension: (Quizlet) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2021-08-18]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2021-08-18]
CHR Extension: (Print PDF RTF Vocabulary) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bjdpiejkbpnhaimlkollakenafppjlcl [2021-08-18]
CHR Extension: (YouTube) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-18]
CHR Extension: (InsertLearning) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dehajjkfchegiinhcmoclkfbnmpgcahj [2021-08-18]
CHR Extension: (ThingLink) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\epcaehkmiggnoljjoaecbgmdnjcjohke [2021-08-18]
CHR Extension: (Sheets) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-01-28]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-08]
CHR Extension: (Relay Classifier) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdecjbnmkkdgnmbceicnedgnkgfggpgh [2021-08-18] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/RelayClassifier/354d6e8ceb12d30f1ab9fa05314a1094e9fecab82bd40d0a04f159fb6b314bac/RelayClassifier.xml] <==== ATTENTION
CHR Extension: (Camera) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hfhhnacclhffhdffklopdkcgdhifgngh [2021-08-18]
CHR Extension: (Equatio - Math made digital) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hjngolefdpdnooamgdldlkjgmdcmcjnc [2022-05-08]
CHR Extension: (Device Detective) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hlnpoimdggajnihjkmicmfbaneeagecf [2022-05-08] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/DeviceDetective/354d6e8ceb12d30f1ab9fa05314a1094e9fecab82bd40d0a04f159fb6b314bac/DeviceDetectiveApp.xml] <==== ATTENTION
CHR Extension: (Zoom) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2022-05-08]
CHR Extension: (Tracker for Chrome) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmgjiknkpcfkhgajgmpkkehdjmidlgl [2021-08-18] [UpdateUrl:hxxps://lightspeed-apps.s3.amazonaws.com/chrome-monitor/auto-update.xml] <==== ATTENTION
CHR Extension: (ClassLink OneClick Extension) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jgfbgkjjlonelmpenhpfeeljjlcgnkpe [2021-08-18]
CHR Extension: (Test Words in Classics) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jiimhamcenafdpnjldmdkiimnlmjfkci [2021-08-18]
CHR Extension: (Calculator) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2021-08-18]
CHR Extension: (Chrome Audio Capture) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kfokdmfpdnokpmpbjhjbcabgligoelgp [2021-11-29]
CHR Extension: (Plotly) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\khajkhinhblhaenlhpodnblkmpdgclne [2021-08-18]
CHR Extension: (World Data Atlas) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2021-08-18]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2022-05-08]
CHR Extension: (My Study Life) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2021-08-18]
CHR Extension: (Mic Note -Voice Recorder & Notepad) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nhkoenoennbjnibepkjdheodiaojdgpk [2021-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-18]
CHR Extension: (The QR Code Extension) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oijdcdmnjjgnnhgljmhkjlablaejfeeb [2021-08-18]
CHR Extension: (Video Editor for Chromebook & more: Free app) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2021-08-18]
CHR Extension: (NWEA Secure Testing) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\omkghcboodpimaoimdkmigofhjcpmpeb [2021-08-18]
CHR Extension: (Gmail) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-18]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-02-19]
CHR Notifications: Profile 3 -> hxxps://business.facebook.com; hxxps://www.facebook.com; hxxps://www.netflix.com; hxxps://www.youtube.com
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-19]
CHR Extension: (Auto Refresh Plus | Page Monitor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hgeljhfekpckiiplhkigfehkdpldcggm [2023-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-14]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 4 [2022-08-06]
CHR Notifications: Profile 4 -> hxxps://www.youtube.com
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-29]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\AsusAppService\AsusAppService.exe [1162376 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkNear\AsusLinkNear.exe [1320072 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
S4 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkRemote\AsusLinkRemote.exe [764504 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
S4 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSOptimization\AsusOptimization.exe [394344 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSoftwareManager\AsusSoftwareManager.exe [1113176 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSwitch\AsusSwitch.exe [635480 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606624 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [791176 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8912272 2022-01-28] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
S4 DtsApo4Service; C:\WINDOWS\System32\DTS\PC\APO4x\DtsApo4Service.exe [241448 2022-04-15] (DTS, Inc. -> DTS Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncHelper.exe [3486640 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
S4 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-24] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
S4 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [856472 2023-02-10] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe [789752 2021-08-21] (McAfee, LLC -> McAfee, LLC)
S4 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [583344 2020-11-03] (McAfee, LLC -> McAfee, LLC)
S4 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.6.104.0\\McCSPServiceHost.exe [2825792 ] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [652232 2021-05-11] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1671760 2021-08-10] (McAfee, LLC -> McAfee, LLC)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.023.0129.0002\OneDriveUpdaterService.exe [3857328 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-13] (McAfee, LLC -> McAfee, LLC)
S4 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188736 2021-07-20] (Qualcomm Atheros, Inc. -> )
S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2458576 2022-07-31] (Rockstar Games, Inc. -> Rockstar Games)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14770472 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25016 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0379771.inf_amd64_466f8ae730e6c425\B379389\amdkmdag.sys [80562672 2022-05-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [150840 2021-07-08] (Alcorlink Corp. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_314b5cb6bf57f471\AsusPTPFilter.sys [116712 2021-12-02] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemAnalysis\AsusSAIO.sys [46736 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSOptimization\AsusWmiAcpi.sys [45248 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80400 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [550944 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390664 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85952 2021-05-19] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [527368 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1037320 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [590032 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [120512 2021-04-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [121352 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [257552 2021-05-19] (McAfee, Inc. -> McAfee, LLC)
R3 MpKsl7c1f988e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B218ECBF-9846-411A-9E61-C1711208D5C3}\MpKslDrv.sys [214280 2023-02-21] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2023-02-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473336 2023-02-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-14] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-02-25 16:43 - 2023-02-25 16:52 - 000000000 ____D C:\FRST
2023-02-24 21:36 - 2023-02-24 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2023-02-22 01:44 - 2023-02-22 01:44 - 098566144 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-02-22 01:41 - 2023-02-22 01:44 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-02-19 18:20 - 2023-02-21 21:15 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2023-02-19 11:43 - 2023-02-19 11:43 - 001205180 _____ C:\WINDOWS\Minidump\021923-7500-01.dmp
2023-02-19 11:42 - 2023-02-19 11:44 - 000000000 ____D C:\WINDOWS\Minidump
2023-02-19 11:42 - 2023-02-19 11:43 - 675731275 _____ C:\WINDOWS\MEMORY.DMP
2023-02-19 11:42 - 2023-02-19 11:42 - 000000000 _____ C:\WINDOWS\Minidump\021923-10109-01.dmp
2023-02-14 20:38 - 2023-02-14 20:38 - 000000000 ____D C:\Users\jakea\AppData\Local\Intuit
2023-02-14 20:33 - 2023-02-19 23:49 - 000000000 ____D C:\Users\jakea\OneDrive\Documents\TurboTax
2023-02-14 20:28 - 2023-02-19 12:18 - 000000000 ____D C:\Users\jakea\AppData\Local\Glance
2023-02-14 20:28 - 2023-02-14 20:28 - 000000000 ____D C:\Users\jakea\AppData\Roaming\Intuit
2023-02-14 20:28 - 2023-02-14 20:28 - 000000000 ____D C:\Users\jakea\AppData\Local\IsolatedStorage
2023-02-14 20:27 - 2023-02-14 20:28 - 000000609 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2023-02-14 20:27 - 2023-02-14 20:27 - 000002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2022.lnk
2023-02-14 20:27 - 2023-02-14 20:27 - 000002012 _____ C:\Users\Public\Desktop\TurboTax 2022.lnk
2023-02-14 20:26 - 2023-02-14 20:26 - 000000000 ____D C:\Program Files (x86)\TurboTax
2023-02-14 20:21 - 2023-02-14 20:26 - 000000000 ____D C:\ProgramData\Intuit
2023-02-11 14:23 - 2023-02-11 14:23 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-02-25 16:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-25 16:28 - 2021-07-27 12:35 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-25 15:18 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-22 01:20 - 2022-05-15 22:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-21 22:51 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-21 22:49 - 2022-05-15 23:03 - 000803404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-21 22:49 - 2021-07-27 14:23 - 000000000 ____D C:\Users\jakea\AppData\Roaming\discord
2023-02-21 22:49 - 2021-06-05 07:09 - 000000000 ____D C:\WINDOWS\INF
2023-02-21 22:44 - 2022-05-15 22:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-21 22:44 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-21 22:44 - 2020-11-21 04:08 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-21 22:41 - 2021-06-05 07:01 - 002883584 _____ C:\WINDOWS\system32\config\BBI
2023-02-21 21:30 - 2021-04-16 14:52 - 000000000 ____D C:\Users\jakea\AppData\Local\D3DSCache
2023-02-21 21:26 - 2022-05-15 22:59 - 000002880 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2023-02-21 21:20 - 2022-05-15 22:55 - 000000000 ____D C:\Users\jakea
2023-02-21 21:15 - 2021-10-19 23:06 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-19 19:29 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-02-19 19:13 - 2022-05-15 22:59 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3C5E7448-4E9F-4F52-8A65-02CBAFBC3972}
2023-02-19 19:08 - 2022-08-02 23:20 - 000000000 ____D C:\Users\jakea\AppData\Local\ElevatedDiagnostics
2023-02-19 12:11 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-19 11:45 - 2021-06-05 07:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-02-19 11:44 - 2022-05-15 22:54 - 000480120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-19 11:44 - 2021-04-16 14:29 - 000000000 ____D C:\Program Files (x86)\McAfee
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\Provisioning
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\BrowserCore
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-19 11:41 - 2020-11-21 04:10 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-17 17:30 - 2022-05-15 22:59 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1522195674-1015883375-685675973-1001
2023-02-17 17:30 - 2022-05-15 22:59 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-02-17 17:30 - 2021-10-22 20:01 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-02-17 17:30 - 2021-10-18 14:29 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-17 17:30 - 2021-07-27 12:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-17 17:30 - 2021-07-27 12:35 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-02-17 17:30 - 2021-07-27 12:24 - 000000000 ___RD C:\Users\jakea\OneDrive
2023-02-14 23:39 - 2021-04-16 14:52 - 000000000 ____D C:\Users\jakea\AppData\Local\Packages
2023-02-14 22:46 - 2021-07-29 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-14 22:44 - 2021-07-29 20:14 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-02-14 22:40 - 2021-06-05 07:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-14 20:14 - 2020-11-21 04:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-11 14:39 - 2022-05-15 22:59 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2023-02-11 14:35 - 2022-05-15 22:59 - 000004122 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
2023-02-11 14:35 - 2022-05-15 22:59 - 000003756 _____ C:\WINDOWS\system32\Tasks\ASUS Optimization 36D18D69AFC3
2023-02-11 14:35 - 2021-07-29 20:16 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-02-11 14:35 - 2021-04-16 15:24 - 000000000 ____D C:\ProgramData\ASUS
2023-02-10 22:36 - 2020-11-21 04:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-02-10 22:36 - 2020-11-21 04:13 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-10 22:13 - 2022-05-15 22:59 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-10 22:13 - 2022-05-15 22:59 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
*********Addition**********
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by jakea (25-02-2023 16:53:38)
Running from C:\Users\jakea\OneDrive\Desktop
Microsoft Windows 11 Home Version 21H2 22000.1219 (X64) (2022-05-16 03:59:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1522195674-1015883375-685675973-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1522195674-1015883375-685675973-503 - Limited - Disabled)
Guest (S-1-5-21-1522195674-1015883375-685675973-501 - Limited - Disabled)
jakea (S-1-5-21-1522195674-1015883375-685675973-1001 - Administrator - Enabled) => C:\Users\jakea
WDAGUtilityAccount (S-1-5-21-1522195674-1015883375-685675973-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Discord (HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
FiveM (HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\CitizenFX_FiveM) (Version:  - Cfx.re)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.104 - Google LLC)
McAfee LiveSafe   (HKLM-x32\...\MSC) (Version: 16.0 R37 - McAfee, LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.49 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.023.0129.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Teams) (Version: 1.5.00.17656 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{843E8BAC-637E-4354-94D7-73D910E2168F}) (Version: 4.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30040 (HKLM-x32\...\{5c6cccca-61ec-4667-a8d9-e133a59a5a73}) (Version: 14.29.30040.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30040 (HKLM\...\{B3FA5A71-A9C3-42B3-B567-F92C163F3F5B}) (Version: 14.29.30040 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30040 (HKLM\...\{C56D2482-32F7-4CB7-AF41-4CC51EBCB17D}) (Version: 14.29.30040 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.61.899.21511 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.22.3 - TeamViewer)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TurboTax 2022 (HKLM-x32\...\{E02EC8E6-200F-4BF9-AF32-572FEA31F457}) (Version: 022.000.0429 - Intuit Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 128.0.10632 - Ubisoft)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.803 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinZip 25.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2412F}) (Version: 25.0.14273 - Corel Corporation)
Zoom (HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\ZoomUMX) (Version: 5.11.11 (8425) - Zoom Video Communications, Inc.)
 
Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2022-04-29] (Advanced Micro Devices Inc.) [Startup Task]
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-11-29] (Microsoft Corporation)
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-02-14] (Microsoft Corp.)
DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.9.0_x64__t5j2fzbtdg37r [2022-07-12] (DTS, Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6 [2023-02-14] (HP Inc.)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-02-17] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-05-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-05-15] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10114.505.0_x64__8wekyb3d8bbwe [2023-02-14] (Microsoft Corporation)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy [2023-02-14] (ASUSTeK COMPUTER INC.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-27] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.29.256.0_x64__dt26b99r8h8gj [2022-07-26] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-02-14] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0 [2023-02-17] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-17] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-17] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1522195674-1015883375-685675973-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\jakea\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1522195674-1015883375-685675973-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-1522195674-1015883375-685675973-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-05-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-09-25] (Corel Corporation -> WinZip Computing)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Camera.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hfhhnacclhffhdffklopdkcgdhifgngh
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Web Store - Extensions (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=danlolkegnelmganmpmblebidhaemach
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Web Store - Extensions.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=milicbojknglojckldjcigmgnbnilbba
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Device Detective.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hlnpoimdggajnihjkmicmfbaneeagecf
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mic Note -Voice Recorder & Notepad.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=nhkoenoennbjnibepkjdheodiaojdgpk
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\NWEA Secure Testing.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=omkghcboodpimaoimdkmigofhjcpmpeb
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Jake - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
 
==================== Loaded Modules (Whitelisted) =============
 
2022-04-29 23:07 - 2022-04-29 23:07 - 000438784 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\amdlinkremoteserver.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000017920 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\libEGL.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 003567616 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\libGLESv2.dll
2022-04-29 23:07 - 2022-04-29 23:08 - 000258560 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\WirelessVR-windesktop64.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\D3DCompiler_47.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qgif.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qicns.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qico.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qjpeg.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qsvg.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qtga.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwbmp.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwebp.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\platforms\qwindows.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\sqldrivers\qsqlite.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\styles\qwindowsvistastyle.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Core.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Gui.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Multimedia.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5MultimediaQuick.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Network.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Positioning.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Qml.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QmlModels.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QmlWorkerScript.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Quick.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickControls2.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickTemplates2.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Sql.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Svg.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebChannel.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngine.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngineCore.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Widgets.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WinExtras.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Xml.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5XmlPatterns.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtMultimedia\declarative_multimedia.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQml\qmlplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick.2\qtquick2plugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls\qtquickcontrolsplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Dialogs\dialogplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Layouts\qquicklayoutsplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Window.2\windowplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngine\qtwebengineplugin.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-1522195674-1015883375-685675973-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1522195674-1015883375-685675973-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-08-22] (McAfee, LLC -> McAfee, LLC)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\sharepoint.com -> hxxps://pennstateoffice365-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2022-08-06 23:08 - 2022-08-06 23:15 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jakea\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AsusAppService => 2
MSCONFIG\Services: ASUSLinkNear => 2
MSCONFIG\Services: ASUSLinkRemote => 2
MSCONFIG\Services: ASUSOptimization => 2
MSCONFIG\Services: ASUSSoftwareManager => 2
MSCONFIG\Services: ASUSSwitch => 2
MSCONFIG\Services: ASUSSystemAnalysis => 2
MSCONFIG\Services: ASUSSystemDiagnosis => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: DtsApo4Service => 2
MSCONFIG\Services: ELANFPService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: McAfee WebAdvisor => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: QcomWlanSrv => 2
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: RtkAudioUniversalService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0FA9A17E-CF0D-4F58-8820-98C9AD85B527}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{72106D8B-C631-44C4-83A6-43CA04F9FCE9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{ECAEC1BB-2882-4494-97A7-6FE2BEBFB5EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{6612500C-3FE4-48F0-A8EF-5B588991FFFA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{81C2ED46-A9AE-4797-A78F-2427E3A149A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EmergeNYC\EMERGENYC.exe () [File not signed]
FirewallRules: [{498ED041-9A74-4BC0-95DE-262C0AA43F47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EmergeNYC\EMERGENYC.exe () [File not signed]
FirewallRules: [{99398A09-51EA-403F-878F-2A2BE2617D56}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1D49D82-160B-4090-9BA8-BDA7A78C93EA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0E5BBE1-2260-4403-91E7-B6D7023519C7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A1BB944-E9ED-4EE5-B47F-C6F95BAAB2FA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E5DC4E6A-9D0E-4799-B1B3-F861C7675AFA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7C81DAA8-34EA-4AEB-B704-B7C3E181BE9B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{532CA660-6648-4F39-B531-688028BE83D7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5A5620E7-611A-4DA9-A030-5E7CDCF99028}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9F44D03B-57B7-493A-BB90-F34923F75807}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59619AC0-81D3-4BC7-8764-0EEBA9F75895}] => (Allow) C:\Users\jakea\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{25A4E905-DEF0-4961-A236-6ED7090C73BB}] => (Allow) C:\Users\jakea\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5445EC77-4502-49A4-9133-8DD4184A4A4C}] => (Allow) C:\Users\jakea\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{650D748A-970C-4A9B-9433-EC9C4E5CE8D4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{47CE2FFE-9004-4F74-9799-B8AB240EF98C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F39BBC13-ADFD-43CA-ACDB-B4F0BF3A9ECF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DE5C8637-8675-4581-BFEF-85DB06C02239}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{068EFB4E-0E08-452D-A370-D7615B98A739}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C1A4CF-5531-439A-B304-10EA500CBB7D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{6DF34211-D882-4728-8547-8974EE7DCF1D}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [TCP Query User{5018577B-A2F7-44DE-BA9A-DE85DDAE30C4}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe => No File
FirewallRules: [UDP Query User{47147020-E777-4AD1-8E04-391478A13023}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe => No File
FirewallRules: [TCP Query User{4E7B3E18-DD4B-42ED-A959-6F4B01DBB5D4}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2612_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2612_gtaprocess.exe => No File
FirewallRules: [UDP Query User{BD6CFDC2-CF81-4EEF-ABD1-9324EA987627}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2612_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2612_gtaprocess.exe => No File
FirewallRules: [TCP Query User{234189FC-4448-4B6E-958E-149A98938A55}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2545_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2545_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{3FA5A9CE-48F7-4CC8-AD87-0A811F6B28D0}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2545_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2545_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{C522DDAF-D9EF-42BF-9656-0C8365F053C1}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_chromebrowser] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_chromebrowser (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{5D5663D3-E6FA-433D-A997-AD54A2E440B8}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_chromebrowser] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_chromebrowser (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{0BC1E914-390B-48BB-9FE1-62A8643C08A5}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [UDP Query User{52A9532B-A074-4336-87B6-1B238F200F20}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [TCP Query User{42154E20-0EEC-4303-82F5-6F3D24D0DE56}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{4D252E00-15C1-4673-95E5-F9FB34B806A9}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{DB2FA627-552B-4A25-AB22-7ABCEF226106}C:\users\jakea\appdata\local\discord\app-1.0.9005\discord.exe] => (Block) C:\users\jakea\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [UDP Query User{EB1EEFE6-BCC2-43DD-BBEC-0FD188EFF7F8}C:\users\jakea\appdata\local\discord\app-1.0.9005\discord.exe] => (Block) C:\users\jakea\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [{A234A281-EB29-48DB-990A-43ACAEE7FAB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{E13E9D0C-9818-400F-9560-29DA8DF5D89B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{80419F7A-0E96-4193-AB86-4F3D9815DA6C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D16545D0-E6F1-431E-BF73-D367D590CDE5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5CCC7C29-63B3-4B90-996C-B1389A016C22}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D74A6997-3E7C-4292-BC26-E93D2CEFE842}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{45B7BA1B-5ABC-4FC0-9D35-F9A1C354E1D1}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{9716C2A4-C124-4E98-A9FF-0F0AC6D17B37}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{5BD6EE16-EA42-4A56-BA42-60D6720951F7}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{A4344233-834C-4EC3-B805-50E923BE208D}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{8DA82B40-C134-4A5A-B48F-63897DDBCD93}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2022\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{8BC6C99E-B332-4685-9346-13F3CB8589FF}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{6CF38C9B-B9CE-46F1-B7A9-F976DA25E81F}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{CE5B8B84-7C48-4102-8C6C-7604697B8C8C}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{39E9CC4B-8196-4ADC-BDEA-396A09F14E3E}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{8A7CE93B-1450-4BDC-B5CD-7699689955D1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C469E591-944E-407F-8FC2-BECBA6D1ABD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F6EA0279-F048-4D04-9963-BD55F7AACFEB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C35A7CF-D64A-4ABE-ABFC-EFFE9C554DD7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0396097C-ED9B-4788-AFDD-E1ECB393A541}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DC833E54-1106-459D-967C-D3746FB2F836}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B4D3B61B-4C1A-4945-B6E3-BFEF7C2898B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{981763A6-A466-4492-ADA3-2704ADC66B16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39C03D82-E82D-4E80-8ACD-974627D25294}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{16957117-0DB5-4B00-85AA-C4573FB166C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2DEC4DC-5D54-4956-A302-5C3A18601413}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{71D5E241-4D7E-4753-86EC-66C2CBD1CD95}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0CC224A7-C6AC-4FDA-A878-2C5028E7A027}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D857569B-93F8-40B0-932C-D3EA29461BC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{1F040C01-2B18-4845-9449-EAC2F2901B59}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{B2DE88EC-FCB0-413C-B90D-5CD8461F80F7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{3C97011C-8157-4DC8-94D4-281E2740EA91}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{BEE585FD-B293-4740-AD9A-74C1C3C25BF2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{A64D99A9-54CD-4663-B927-075CE2860478}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{615F7FE0-C733-44A0-9B01-51651C370D01}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.49\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
14-02-2023 20:22:24 Installed TurboTax 2022
22-02-2023 01:41:01 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/25/2023 03:18:00 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (02/25/2023 01:18:00 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (02/25/2023 11:18:01 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (02/25/2023 11:00:13 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (02/25/2023 09:18:00 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (02/25/2023 07:18:00 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (02/25/2023 05:18:01 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (02/25/2023 04:03:18 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
 
System errors:
=============
Error: (02/25/2023 04:54:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
Access is denied.
 
Error: (02/25/2023 04:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The operation completed successfully.
 
Error: (02/25/2023 04:54:13 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0
 
Error: (02/25/2023 04:54:13 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5
 
Error: (02/25/2023 04:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service has not been started.
 
Error: (02/25/2023 04:54:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
Access is denied.
 
Error: (02/25/2023 04:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service has not been started.
 
Error: (02/25/2023 04:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service has not been started.
 
 
Windows Defender:
================
Date: 2023-02-24 20:44:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-02-23 20:44:58
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-02-22 20:44:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-02-22 08:19:06
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanClicker:Win32/Doplik.U
Severity: Severe
Category: Trojan Notifier
Path: containerfile:_C:\$Recycle.Bin\S-1-5-21-1522195674-1015883375-685675973-1001\$R409FUA.iso; containerfile:_C:\$Recycle.Bin\S-1-5-21-1522195674-1015883375-685675973-1001\$RI3QCAF.iso; containerfile:_C:\Users\jakea\Downloads\List Server.iso; file:_C:\$Recycle.Bin\S-1-5-21-1522195674-1015883375-685675973-1001\$R409FUA.iso->app.zip->Energy/Energy.exe->(ZipSfx)->start.bin; file:_C:\$Recycle.Bin\S-1-5-21-1522195674-1015883375-685675973-1001\$RI3QCAF.iso->app.zip->Energy/Energy.exe->(ZipSfx)->start.bin; file:_C:\Users\jakea\Downloads\List Server.iso->app.zip->Energy/Energy.exe->(ZipSfx)->start.bin
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.383.274.0, AS: 1.383.274.0, NIS: 1.383.274.0
Engine Version: AM: 1.1.20000.2, NIS: 1.1.20000.2
 
Date: 2023-02-22 01:23:21
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanClicker:Win32/Doplik.U
Severity: Severe
Category: Trojan Notifier
Path: containerfile:_C:\$Recycle.Bin\S-1-5-21-1522195674-1015883375-685675973-1001\$R409FUA.iso; containerfile:_C:\$Recycle.Bin\S-1-5-21-1522195674-1015883375-685675973-1001\$RI3QCAF.iso; containerfile:_C:\Users\jakea\Downloads\List Server.iso; file:_C:\$Recycle.Bin\S-1-5-21-1522195674-1015883375-685675973-1001\$R409FUA.iso->app.zip->Energy/Energy.exe->(ZipSfx)->start.bin; file:_C:\$Recycle.Bin\S-1-5-21-1522195674-1015883375-685675973-1001\$RI3QCAF.iso->app.zip->Energy/Energy.exe->(ZipSfx)->start.bin; file:_C:\Users\jakea\Downloads\List Server.iso->app.zip->Energy/Energy.exe->(ZipSfx)->start.bin
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.383.274.0, AS: 1.383.274.0, NIS: 1.383.274.0
Engine Version: AM: 1.1.20000.2, NIS: 1.1.20000.2
Event[0]
 
Date: 2023-02-21 22:45:01
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042c
Error description: The dependency service or group failed to start. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.
 
Date: 2023-02-21 21:56:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.383.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-02-21 21:56:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.383.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-02-21 21:56:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.383.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-02-21 21:56:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.383.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===============
Date: 2023-02-25 16:49:57
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
 
Date: 2023-02-22 20:44:57
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-02-22 08:20:32
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends International, LLC. X515UA.306 11/29/2021
Motherboard: ASUSTeK COMPUTER INC. X515UA
Processor: AMD Ryzen 5 5500U with Radeon Graphics 
Percentage of memory in use: 47%
Total physical RAM: 15755.75 MB
Available physical RAM: 8344.38 MB
Total Virtual: 27531.75 MB
Available Virtual: 18239.99 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:475.79 GB) (Free:176.5 GB) (Model: SAMSUNG MZVLQ512HALU-00000) NTFS
Drive d: (TINY) (Removable) (Total:7.44 GB) (Free:7.13 GB) FAT32
 
\\?\Volume{323d325b-8b54-4f7a-8237-e268b83e0e90}\ (RECOVERY) (Fixed) (Total:0.68 GB) (Free:0.19 GB) NTFS
\\?\Volume{35a9b8e7-1720-4875-a687-d982f9aec508}\ (MYASUS) (Fixed) (Total:0.19 GB) (Free:0.13 GB) FAT32
\\?\Volume{1a5222aa-e1a1-4087-93d6-864606e1eba0}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 4D94FA98)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.5 GB) (Disk ID: B5263172)
Partition 1: (Active) - (Size=7.5 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

The virus you cite is just a possible PUP (Potentially unwanted Program).  Looking at your FRST logs I see several services which aren't running and a problem with the permissions or presence of the file that DHCP Client uses.  The hard drive may have had a glitch or there may well be an undetected virus.

 

You also have McAfee installed and disabled.  I would uninstall both McAfee programs and also WinZip (most free versions of WinZip come with PUPS.  Use 7-zip instead.)

Delete: C:\Users\jakea\Downloads\List Server.iso

Empty the Recycle Bin.  

 

 

Then:

 

Let's see if DISM or SFC can help.

 

In the Windows Search box type: cmd

It should find Command Prompt.  Right click on it and Run As Administrator.

 

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

(I use two spaces where only one is needed so you can see where the single spaces go - the forum software likes to squeeze things together)

(If you want to you can copy the line and then right click in the Command Prompt window instead of typing)
hit Enter and it should begin the scan and fix routine.  When it finishes it should say:
The operation completed successfully.  (IF it doesn't run or doesn't complete let me know what does happen)
 
Reboot.
 
Reopen the Command Prompt as before.  Type:
 
sfc  /scannow
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then let me know.
 
Reboot and rerun FRST as before and post the logs.

  • 0

#3
Jamazz

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

That was odd. I was not notified of your reply and apologize for not responding to you sooner. Apparently, an OP does not get set to auto-follow their threads. I clicked follow, so now I should respond with more reliability. Perhaps I can change that with a profile setting, but it's never happened to me in the past. Dunno. Anyway, back to the show...

 

I uninstalled both instances of McAfee then WinZip.

Removed the .ISO file and emptied the recycle bin.

 

At first, I was unable to run commands in CMD (Needed Elevated Privs), so I opened PowerShell. I still wasn't able to run commands. After looking it up, I ran a start-process command to give me admin, and it worked.

 

I ran DISM, as well as SFC.

 

DISM came back with 'Restore Option Completed Successfully

SFC came back with 'Windows Resource Protection found corrupt files and repaired them' - which I hear is a good thing.

 

FRST64 was ran after a reboot. Here's the FRST and Additions again:

 

 

**********FRST*****************

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2023

Ran by jakea (administrator) on LAPTOP-DC9VAHIO (ASUSTeK COMPUTER INC. VivoBook_ASUSLaptop X515UA_M515UA) (01-03-2023 21:48:04)
Running from C:\Users\jakea\OneDrive\Desktop
Loaded Profiles: jakea
Platform: Microsoft Windows 11 Home Version 21H2 22000.1219 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(C:\Program Files\Microsoft OneDrive\OneDrive.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.023.0129.0002\Microsoft.SharePoint.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.49\msedgewebview2.exe <13>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UtcDecoderHost.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d92d7bec4b020758\RtkAudUService64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2629552 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Run: [Discord] => C:\Users\jakea\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\jakea\AppData\Local\Microsoft\Teams\Update.exe [2508480 2022-07-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe [2023-02-17] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2105557F-C1D9-4975-91F5-121E7289C8D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-27] (Google LLC -> Google LLC)
Task: {3625BE60-013E-4455-B799-3F82566058B4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3FF5314C-094D-4C0C-94CA-BE64B2958534} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d92d7bec4b020758\RtkAudUService64.exe [1372264 2021-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {4A408A42-DE74-438C-9C6D-25FFECA37F03} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSOptimization\AsusHotkey.exe [263784 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {4C8DB756-EEBB-472F-9A4A-9E0227DB4211} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1522195674-1015883375-685675973-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CCFD9BA-25E5-44B7-A792-FD76E0E3CD5C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {50DE1267-DC30-4D44-959C-ED5879EC4FDC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {629B354A-9F5A-42AB-93D9-BAC2A85BC35D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {854C3EAA-584C-467B-95CC-74B43C44AD67} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E55E58A-24E9-47DA-AB6E-7545011AC3E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168920 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {978A6E3D-9696-4E7D-BA02-AB5B97B676A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0D5442E-42E9-4132-A1C1-9B4C619FC036} - System32\Tasks\Microsoft\Windows\WaaSMedic\DeferredWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {B29DA8C3-AE63-49F9-8D0D-86E01D8F11F3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B977A7E9-349A-460B-B4C6-5FBA98955200} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606624 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {BF16F7C1-68DD-466E-B55D-6090CB9EE936} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {EDB04188-423C-4EC2-B3D0-8AFD87FB9E6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-27] (Google LLC -> Google LLC)
Task: {F1BA69A8-2B11-4083-9A72-0F2F9647622A} - System32\Tasks\ASUS Live Update 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSSoftwareManager\AsusUpdateChecker.exe /start (No File)
Task: {F289366B-7BB9-4422-A4D8-3F25B53CB1B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F3EFC62B-517D-4115-BFCE-7640919E867D} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSoftwareManager\AsusUpdateChecker.exe [788104 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {F967C7D3-1C49-4576-8844-55935E398AC7} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3826312 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\jakea\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-01]
Edge Notifications: Default -> hxxps://www.allwealthinfo.com; hxxps://www.facebook.com
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Profile 3
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Default [2023-02-19]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.forbes.com; hxxps://www.reddit.com; hxxps://www.youtube.com
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-27]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-19]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-19]
CHR Notifications: Profile 1 -> hxxps://patch.com; hxxps://www.bestresultsfast.com; hxxps://www.facebook.com
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-11]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2023-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-02]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-05-08]
CHR Extension: (Google Translate) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-05-08]
CHR Extension: (Slides) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-18]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2021-08-18]
CHR Extension: (Lightspeed Filter Agent) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adkcpkpghahmbopkjchobieckeoaoeem [2022-05-08] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/chrome-filter/354d6e8ceb12d30f1ab9fa05314a1094e9fecab82bd40d0a04f159fb6b314bac/ChromeFilter.xml] <==== ATTENTION
CHR Extension: (Docs) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-18]
CHR Extension: (Google Drive) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-18]
CHR Extension: (Quizlet) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2021-08-18]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2021-08-18]
CHR Extension: (Print PDF RTF Vocabulary) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bjdpiejkbpnhaimlkollakenafppjlcl [2021-08-18]
CHR Extension: (YouTube) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-18]
CHR Extension: (InsertLearning) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dehajjkfchegiinhcmoclkfbnmpgcahj [2021-08-18]
CHR Extension: (ThingLink) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\epcaehkmiggnoljjoaecbgmdnjcjohke [2021-08-18]
CHR Extension: (Sheets) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-01-28]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-08]
CHR Extension: (Relay Classifier) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdecjbnmkkdgnmbceicnedgnkgfggpgh [2021-08-18] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/RelayClassifier/354d6e8ceb12d30f1ab9fa05314a1094e9fecab82bd40d0a04f159fb6b314bac/RelayClassifier.xml] <==== ATTENTION
CHR Extension: (Camera) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hfhhnacclhffhdffklopdkcgdhifgngh [2021-08-18]
CHR Extension: (Equatio - Math made digital) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hjngolefdpdnooamgdldlkjgmdcmcjnc [2022-05-08]
CHR Extension: (Device Detective) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hlnpoimdggajnihjkmicmfbaneeagecf [2022-05-08] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/DeviceDetective/354d6e8ceb12d30f1ab9fa05314a1094e9fecab82bd40d0a04f159fb6b314bac/DeviceDetectiveApp.xml] <==== ATTENTION
CHR Extension: (Zoom) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2022-05-08]
CHR Extension: (Tracker for Chrome) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmgjiknkpcfkhgajgmpkkehdjmidlgl [2021-08-18] [UpdateUrl:hxxps://lightspeed-apps.s3.amazonaws.com/chrome-monitor/auto-update.xml] <==== ATTENTION
CHR Extension: (ClassLink OneClick Extension) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jgfbgkjjlonelmpenhpfeeljjlcgnkpe [2021-08-18]
CHR Extension: (Test Words in Classics) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jiimhamcenafdpnjldmdkiimnlmjfkci [2021-08-18]
CHR Extension: (Calculator) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2021-08-18]
CHR Extension: (Chrome Audio Capture) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kfokdmfpdnokpmpbjhjbcabgligoelgp [2021-11-29]
CHR Extension: (Plotly) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\khajkhinhblhaenlhpodnblkmpdgclne [2021-08-18]
CHR Extension: (World Data Atlas) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knlgfedckdhkgjinnhogmhkbcjpmmhko [2021-08-18]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2022-05-08]
CHR Extension: (My Study Life) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2021-08-18]
CHR Extension: (Mic Note -Voice Recorder & Notepad) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nhkoenoennbjnibepkjdheodiaojdgpk [2021-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-18]
CHR Extension: (The QR Code Extension) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oijdcdmnjjgnnhgljmhkjlablaejfeeb [2021-08-18]
CHR Extension: (Video Editor for Chromebook & more: Free app) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2021-08-18]
CHR Extension: (NWEA Secure Testing) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\omkghcboodpimaoimdkmigofhjcpmpeb [2021-08-18]
CHR Extension: (Gmail) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-18]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-03-01]
CHR Notifications: Profile 3 -> hxxps://business.facebook.com; hxxps://www.facebook.com; hxxps://www.netflix.com; hxxps://www.youtube.com
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-19]
CHR Extension: (Auto Refresh Plus | Page Monitor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hgeljhfekpckiiplhkigfehkdpldcggm [2023-02-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-14]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 4 [2022-08-06]
CHR Notifications: Profile 4 -> hxxps://www.youtube.com
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jakea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-29]
CHR Profile: C:\Users\jakea\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\AsusAppService\AsusAppService.exe [1162376 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkNear\AsusLinkNear.exe [1320072 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
S4 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkRemote\AsusLinkRemote.exe [764504 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
S4 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSOptimization\AsusOptimization.exe [394344 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSoftwareManager\AsusSoftwareManager.exe [1113176 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSwitch\AsusSwitch.exe [635480 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3606624 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S4 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [791176 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8912272 2022-01-28] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
S4 DtsApo4Service; C:\WINDOWS\System32\DTS\PC\APO4x\DtsApo4Service.exe [241448 2022-04-15] (DTS, Inc. -> DTS Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncHelper.exe [3486640 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
S4 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-24] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
S4 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [856472 2023-02-10] (McAfee, LLC -> McAfee, LLC)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.023.0129.0002\OneDriveUpdaterService.exe [3857328 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
S4 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188736 2021-07-20] (Qualcomm Atheros, Inc. -> )
S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2458576 2022-07-31] (Rockstar Games, Inc. -> Rockstar Games)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14770472 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25016 2021-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository͹771.inf_amd64_466f8ae730e6c425\B379389\amdkmdag.sys [80562672 2022-05-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [150840 2021-07-08] (Alcorlink Corp. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_314b5cb6bf57f471\AsusPTPFilter.sys [116712 2021-12-02] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
S3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemAnalysis\AsusSAIO.sys [46736 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSOptimization\AsusWmiAcpi.sys [45248 2022-12-07] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2023-02-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473336 2023-02-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-14] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-02-25 16:43 - 2023-03-01 21:48 - 000000000 ____D C:\FRST
2023-02-22 01:44 - 2023-03-01 21:41 - 097255424 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-02-22 01:41 - 2023-02-22 01:44 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-02-19 18:20 - 2023-03-01 21:34 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2023-02-19 11:43 - 2023-02-19 11:43 - 001205180 _____ C:\WINDOWS\Minidump\021923-7500-01.dmp
2023-02-19 11:42 - 2023-02-19 11:44 - 000000000 ____D C:\WINDOWS\Minidump
2023-02-19 11:42 - 2023-02-19 11:43 - 675731275 _____ C:\WINDOWS\MEMORY.DMP
2023-02-19 11:42 - 2023-02-19 11:42 - 000000000 _____ C:\WINDOWS\Minidump\021923-10109-01.dmp
2023-02-14 20:38 - 2023-02-14 20:38 - 000000000 ____D C:\Users\jakea\AppData\Local\Intuit
2023-02-14 20:33 - 2023-02-19 23:49 - 000000000 ____D C:\Users\jakea\OneDrive\Documents\TurboTax
2023-02-14 20:28 - 2023-02-19 12:18 - 000000000 ____D C:\Users\jakea\AppData\Local\Glance
2023-02-14 20:28 - 2023-02-14 20:28 - 000000000 ____D C:\Users\jakea\AppData\Roaming\Intuit
2023-02-14 20:28 - 2023-02-14 20:28 - 000000000 ____D C:\Users\jakea\AppData\Local\IsolatedStorage
2023-02-14 20:27 - 2023-02-14 20:28 - 000000609 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2023-02-14 20:27 - 2023-02-14 20:27 - 000002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2022.lnk
2023-02-14 20:27 - 2023-02-14 20:27 - 000002012 _____ C:\Users\Public\Desktop\TurboTax 2022.lnk
2023-02-14 20:26 - 2023-02-14 20:26 - 000000000 ____D C:\Program Files (x86)\TurboTax
2023-02-14 20:21 - 2023-02-14 20:26 - 000000000 ____D C:\ProgramData\Intuit
2023-02-11 14:23 - 2023-02-11 14:23 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-03-01 21:47 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-03-01 21:46 - 2022-05-15 23:03 - 000803404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-01 21:46 - 2021-06-05 07:09 - 000000000 ____D C:\WINDOWS\INF
2023-03-01 21:45 - 2021-07-27 14:23 - 000000000 ____D C:\Users\jakea\AppData\Roaming\discord
2023-03-01 21:41 - 2022-05-15 22:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-01 21:41 - 2022-05-15 22:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-03-01 21:41 - 2021-07-27 12:35 - 000000000 ____D C:\Program Files (x86)\Google
2023-03-01 21:41 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-03-01 21:41 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\ServiceState
2023-03-01 21:41 - 2021-06-05 07:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-01 21:41 - 2021-06-05 07:01 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2023-03-01 21:41 - 2020-11-21 04:08 - 000012288 ___SH C:\DumpStack.log.tmp
2023-03-01 21:34 - 2021-04-16 14:29 - 000000000 ____D C:\ProgramData\McAfee
2023-03-01 21:34 - 2021-04-16 14:29 - 000000000 ____D C:\Program Files\McAfee
2023-03-01 21:33 - 2021-06-05 07:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-03-01 21:14 - 2021-07-28 22:38 - 000000000 ____D C:\ProgramData\WinZip
2023-03-01 21:13 - 2021-07-27 12:24 - 000000000 ____D C:\ProgramData\Packages
2023-03-01 21:13 - 2021-04-16 14:52 - 000000000 ____D C:\Users\jakea\AppData\Local\Packages
2023-03-01 21:12 - 2021-06-05 07:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-03-01 21:12 - 2021-06-05 07:01 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-02-21 21:30 - 2021-04-16 14:52 - 000000000 ____D C:\Users\jakea\AppData\Local\D3DSCache
2023-02-21 21:26 - 2022-05-15 22:59 - 000002880 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2023-02-21 21:20 - 2022-05-15 22:55 - 000000000 ____D C:\Users\jakea
2023-02-21 21:15 - 2021-10-19 23:06 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-19 19:29 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-02-19 19:13 - 2022-05-15 22:59 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3C5E7448-4E9F-4F52-8A65-02CBAFBC3972}
2023-02-19 19:08 - 2022-08-02 23:20 - 000000000 ____D C:\Users\jakea\AppData\Local\ElevatedDiagnostics
2023-02-19 12:11 - 2021-06-05 07:10 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-19 11:44 - 2022-05-15 22:54 - 000480120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\Provisioning
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\BrowserCore
2023-02-19 11:43 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-19 11:41 - 2020-11-21 04:10 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-17 17:30 - 2022-05-15 22:59 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1522195674-1015883375-685675973-1001
2023-02-17 17:30 - 2022-05-15 22:59 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-02-17 17:30 - 2021-10-22 20:01 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-02-17 17:30 - 2021-10-18 14:29 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-17 17:30 - 2021-07-27 12:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-17 17:30 - 2021-07-27 12:35 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-02-17 17:30 - 2021-07-27 12:24 - 000000000 ___RD C:\Users\jakea\OneDrive
2023-02-14 22:46 - 2021-07-29 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-14 22:44 - 2021-07-29 20:14 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-02-14 20:14 - 2020-11-21 04:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-11 14:35 - 2022-05-15 22:59 - 000004122 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
2023-02-11 14:35 - 2022-05-15 22:59 - 000003756 _____ C:\WINDOWS\system32\Tasks\ASUS Optimization 36D18D69AFC3
2023-02-11 14:35 - 2021-07-29 20:16 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-02-11 14:35 - 2021-04-16 15:24 - 000000000 ____D C:\ProgramData\ASUS
2023-02-10 22:36 - 2020-11-21 04:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-02-10 22:36 - 2020-11-21 04:13 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-10 22:13 - 2022-05-15 22:59 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-10 22:13 - 2022-05-15 22:59 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
***********Addition***************
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by jakea (01-03-2023 21:48:54)
Running from C:\Users\jakea\OneDrive\Desktop
Microsoft Windows 11 Home Version 21H2 22000.1219 (X64) (2022-05-16 03:59:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1522195674-1015883375-685675973-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1522195674-1015883375-685675973-503 - Limited - Disabled)
Guest (S-1-5-21-1522195674-1015883375-685675973-501 - Limited - Disabled)
jakea (S-1-5-21-1522195674-1015883375-685675973-1001 - Administrator - Enabled) => C:\Users\jakea
WDAGUtilityAccount (S-1-5-21-1522195674-1015883375-685675973-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Discord (HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
FiveM (HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\CitizenFX_FiveM) (Version:  - Cfx.re)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.104 - Google LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.49 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.023.0129.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\Teams) (Version: 1.5.00.17656 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{843E8BAC-637E-4354-94D7-73D910E2168F}) (Version: 4.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30040 (HKLM-x32\...\{5c6cccca-61ec-4667-a8d9-e133a59a5a73}) (Version: 14.29.30040.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30040 (HKLM\...\{B3FA5A71-A9C3-42B3-B567-F92C163F3F5B}) (Version: 14.29.30040 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30040 (HKLM\...\{C56D2482-32F7-4CB7-AF41-4CC51EBCB17D}) (Version: 14.29.30040 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.61.899.21511 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.22.3 - TeamViewer)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TurboTax 2022 (HKLM-x32\...\{E02EC8E6-200F-4BF9-AF32-572FEA31F457}) (Version: 022.000.0429 - Intuit Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 128.0.10632 - Ubisoft)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.803 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\ZoomUMX) (Version: 5.11.11 (8425) - Zoom Video Communications, Inc.)
 
Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2022-04-29] (Advanced Micro Devices Inc.) [Startup Task]
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-11-29] (Microsoft Corporation)
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-02-14] (Microsoft Corp.)
DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.9.0_x64__t5j2fzbtdg37r [2022-07-12] (DTS, Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6 [2023-02-14] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-05-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-05-15] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10114.505.0_x64__8wekyb3d8bbwe [2023-02-14] (Microsoft Corporation)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy [2023-02-14] (ASUSTeK COMPUTER INC.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-27] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.29.256.0_x64__dt26b99r8h8gj [2022-07-26] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-02-14] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0 [2023-02-17] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-17] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-17] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1522195674-1015883375-685675973-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\jakea\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1522195674-1015883375-685675973-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-05-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Camera.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hfhhnacclhffhdffklopdkcgdhifgngh
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Web Store - Extensions (1).lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=danlolkegnelmganmpmblebidhaemach
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Web Store - Extensions.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=milicbojknglojckldjcigmgnbnilbba
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Device Detective.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hlnpoimdggajnihjkmicmfbaneeagecf
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mic Note -Voice Recorder & Notepad.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=nhkoenoennbjnibepkjdheodiaojdgpk
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\NWEA Secure Testing.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=omkghcboodpimaoimdkmigofhjcpmpeb
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 2" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\jakea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Jake - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
 
==================== Loaded Modules (Whitelisted) =============
 
2022-04-29 23:07 - 2022-04-29 23:07 - 000438784 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\amdlinkremoteserver.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000017920 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\libEGL.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 003567616 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\libGLESv2.dll
2022-04-29 23:07 - 2022-04-29 23:08 - 000258560 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\WirelessVR-windesktop64.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\D3DCompiler_47.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qgif.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qicns.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qico.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qjpeg.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qsvg.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qtga.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwbmp.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwebp.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\platforms\qwindows.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\sqldrivers\qsqlite.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\styles\qwindowsvistastyle.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Core.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Gui.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Multimedia.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5MultimediaQuick.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Network.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Positioning.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Qml.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QmlModels.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QmlWorkerScript.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Quick.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickControls2.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickTemplates2.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Sql.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Svg.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebChannel.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngine.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngineCore.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Widgets.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WinExtras.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Xml.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5XmlPatterns.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtMultimedia\declarative_multimedia.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQml\qmlplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick.2\qtquick2plugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls\qtquickcontrolsplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Dialogs\dialogplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Layouts\qquicklayoutsplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Window.2\windowplugin.dll
2022-04-29 23:07 - 2022-04-29 23:07 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngine\qtwebengineplugin.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-1522195674-1015883375-685675973-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1522195674-1015883375-685675973-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-02-10] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1522195674-1015883375-685675973-1001\...\sharepoint.com -> hxxps://pennstateoffice365-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2022-08-06 23:08 - 2022-08-06 23:15 - 000000442 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1522195674-1015883375-685675973-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jakea\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AsusAppService => 2
MSCONFIG\Services: ASUSLinkNear => 2
MSCONFIG\Services: ASUSLinkRemote => 2
MSCONFIG\Services: ASUSOptimization => 2
MSCONFIG\Services: ASUSSoftwareManager => 2
MSCONFIG\Services: ASUSSwitch => 2
MSCONFIG\Services: ASUSSystemAnalysis => 2
MSCONFIG\Services: ASUSSystemDiagnosis => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: DtsApo4Service => 2
MSCONFIG\Services: ELANFPService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: McAfee WebAdvisor => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: QcomWlanSrv => 2
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: RtkAudioUniversalService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0FA9A17E-CF0D-4F58-8820-98C9AD85B527}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{72106D8B-C631-44C4-83A6-43CA04F9FCE9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{ECAEC1BB-2882-4494-97A7-6FE2BEBFB5EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{6612500C-3FE4-48F0-A8EF-5B588991FFFA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\rainbowsix_be.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{81C2ED46-A9AE-4797-A78F-2427E3A149A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EmergeNYC\EMERGENYC.exe () [File not signed]
FirewallRules: [{498ED041-9A74-4BC0-95DE-262C0AA43F47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EmergeNYC\EMERGENYC.exe () [File not signed]
FirewallRules: [{99398A09-51EA-403F-878F-2A2BE2617D56}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1D49D82-160B-4090-9BA8-BDA7A78C93EA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0E5BBE1-2260-4403-91E7-B6D7023519C7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A1BB944-E9ED-4EE5-B47F-C6F95BAAB2FA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E5DC4E6A-9D0E-4799-B1B3-F861C7675AFA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7C81DAA8-34EA-4AEB-B704-B7C3E181BE9B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{532CA660-6648-4F39-B531-688028BE83D7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5A5620E7-611A-4DA9-A030-5E7CDCF99028}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9F44D03B-57B7-493A-BB90-F34923F75807}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59619AC0-81D3-4BC7-8764-0EEBA9F75895}] => (Allow) C:\Users\jakea\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{25A4E905-DEF0-4961-A236-6ED7090C73BB}] => (Allow) C:\Users\jakea\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5445EC77-4502-49A4-9133-8DD4184A4A4C}] => (Allow) C:\Users\jakea\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{650D748A-970C-4A9B-9433-EC9C4E5CE8D4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{47CE2FFE-9004-4F74-9799-B8AB240EF98C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F39BBC13-ADFD-43CA-ACDB-B4F0BF3A9ECF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DE5C8637-8675-4581-BFEF-85DB06C02239}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{068EFB4E-0E08-452D-A370-D7615B98A739}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{E8C1A4CF-5531-439A-B304-10EA500CBB7D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{6DF34211-D882-4728-8547-8974EE7DCF1D}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [TCP Query User{5018577B-A2F7-44DE-BA9A-DE85DDAE30C4}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe => No File
FirewallRules: [UDP Query User{47147020-E777-4AD1-8E04-391478A13023}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe => No File
FirewallRules: [TCP Query User{4E7B3E18-DD4B-42ED-A959-6F4B01DBB5D4}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2612_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2612_gtaprocess.exe => No File
FirewallRules: [UDP Query User{BD6CFDC2-CF81-4EEF-ABD1-9324EA987627}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2612_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2612_gtaprocess.exe => No File
FirewallRules: [TCP Query User{234189FC-4448-4B6E-958E-149A98938A55}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2545_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2545_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{3FA5A9CE-48F7-4CC8-AD87-0A811F6B28D0}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2545_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2545_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{C522DDAF-D9EF-42BF-9656-0C8365F053C1}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_chromebrowser] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_chromebrowser (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{5D5663D3-E6FA-433D-A997-AD54A2E440B8}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_chromebrowser] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_chromebrowser (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{0BC1E914-390B-48BB-9FE1-62A8643C08A5}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [UDP Query User{52A9532B-A074-4336-87B6-1B238F200F20}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe => No File
FirewallRules: [TCP Query User{42154E20-0EEC-4303-82F5-6F3D24D0DE56}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{4D252E00-15C1-4673-95E5-F9FB34B806A9}C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\jakea\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{DB2FA627-552B-4A25-AB22-7ABCEF226106}C:\users\jakea\appdata\local\discord\app-1.0.9005\discord.exe] => (Block) C:\users\jakea\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [UDP Query User{EB1EEFE6-BCC2-43DD-BBEC-0FD188EFF7F8}C:\users\jakea\appdata\local\discord\app-1.0.9005\discord.exe] => (Block) C:\users\jakea\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [{A234A281-EB29-48DB-990A-43ACAEE7FAB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{E13E9D0C-9818-400F-9560-29DA8DF5D89B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{80419F7A-0E96-4193-AB86-4F3D9815DA6C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D16545D0-E6F1-431E-BF73-D367D590CDE5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5CCC7C29-63B3-4B90-996C-B1389A016C22}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D74A6997-3E7C-4292-BC26-E93D2CEFE842}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{45B7BA1B-5ABC-4FC0-9D35-F9A1C354E1D1}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{9716C2A4-C124-4E98-A9FF-0F0AC6D17B37}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{5BD6EE16-EA42-4A56-BA42-60D6720951F7}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{A4344233-834C-4EC3-B805-50E923BE208D}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{8DA82B40-C134-4A5A-B48F-63897DDBCD93}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2022\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{8BC6C99E-B332-4685-9346-13F3CB8589FF}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{6CF38C9B-B9CE-46F1-B7A9-F976DA25E81F}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{CE5B8B84-7C48-4102-8C6C-7604697B8C8C}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{39E9CC4B-8196-4ADC-BDEA-396A09F14E3E}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{8A7CE93B-1450-4BDC-B5CD-7699689955D1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C469E591-944E-407F-8FC2-BECBA6D1ABD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F6EA0279-F048-4D04-9963-BD55F7AACFEB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C35A7CF-D64A-4ABE-ABFC-EFFE9C554DD7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0396097C-ED9B-4788-AFDD-E1ECB393A541}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DC833E54-1106-459D-967C-D3746FB2F836}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B4D3B61B-4C1A-4945-B6E3-BFEF7C2898B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{981763A6-A466-4492-ADA3-2704ADC66B16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39C03D82-E82D-4E80-8ACD-974627D25294}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{16957117-0DB5-4B00-85AA-C4573FB166C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2DEC4DC-5D54-4956-A302-5C3A18601413}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{71D5E241-4D7E-4753-86EC-66C2CBD1CD95}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0CC224A7-C6AC-4FDA-A878-2C5028E7A027}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D857569B-93F8-40B0-932C-D3EA29461BC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{1F040C01-2B18-4845-9449-EAC2F2901B59}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{B2DE88EC-FCB0-413C-B90D-5CD8461F80F7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{3C97011C-8157-4DC8-94D4-281E2740EA91}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{BEE585FD-B293-4740-AD9A-74C1C3C25BF2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{A64D99A9-54CD-4663-B927-075CE2860478}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]
FirewallRules: [{615F7FE0-C733-44A0-9B01-51651C370D01}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.49\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
22-02-2023 01:41:01 Scheduled Checkpoint
27-02-2023 07:47:24 Windows Modules Installer
01-03-2023 21:14:03 Removed WinZip 25.0.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/01/2023 09:43:45 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (03/01/2023 09:41:49 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-DC9VAHIO$ via https://AMD-KeyId-52...plates/Aik/scepfailed:
 
GetCACaps
 
Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
 
Error: (03/01/2023 09:41:49 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:
 
GetCACaps
 
Method: GET(63ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
 
Error: (03/01/2023 09:41:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.22000.1165, time stamp: 0xa1f1d96a
Faulting module name: Taskbar.dll, version: 10.0.22000.1165, time stamp: 0x46dfe866
Exception code: 0xc000027b
Fault offset: 0x0000000000099da4
Faulting process id: 0x1544
Faulting application start time: 0x01d94cb08758d9f8
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\Taskbar.dll
Report Id: 7b7ebed7-8534-4fa5-9ee8-7c790742de3e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/01/2023 09:41:46 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
10.0.22000.1219
 
Error: (03/01/2023 09:41:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   Initializing Writer
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {28de1d3a-2a90-42a1-a3dc-a6b73760cbae}
 
Error: (03/01/2023 09:41:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (03/01/2023 09:41:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
 
System errors:
=============
Error: (03/01/2023 09:49:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service has not been started.
 
Error: (03/01/2023 09:49:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
Access is denied.
 
Error: (03/01/2023 09:49:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service has not been started.
 
Error: (03/01/2023 09:49:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The operation completed successfully.
 
Error: (03/01/2023 09:49:21 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0
 
Error: (03/01/2023 09:49:21 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5
 
Error: (03/01/2023 09:49:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The service has not been started.
 
Error: (03/01/2023 09:49:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
Access is denied.
 
 
Windows Defender:
================
Date: 2023-02-28 20:45:01
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-02-27 20:45:01
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-02-26 20:45:01
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-02-25 20:45:00
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-02-24 20:44:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2023-03-01 21:41:49
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042c
Error description: The dependency service or group failed to start. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.
 
Date: 2023-03-01 21:34:55
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042c
Error description: The dependency service or group failed to start. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.
 
Date: 2023-02-21 22:45:01
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042c
Error description: The dependency service or group failed to start. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.
 
Date: 2023-02-21 21:56:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.383.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-02-21 21:56:05
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.383.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20000.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===============
Date: 2023-03-01 21:12:14
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee.com\Agent\WSCLLCGlobalSign.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-03-01 21:12:14
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends International, LLC. X515UA.306 11/29/2021
Motherboard: ASUSTeK COMPUTER INC. X515UA
Processor: AMD Ryzen 5 5500U with Radeon Graphics 
Percentage of memory in use: 24%
Total physical RAM: 15755.75 MB
Available physical RAM: 11939.65 MB
Total Virtual: 18187.75 MB
Available Virtual: 12713.12 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:475.79 GB) (Free:186.64 GB) (Model: SAMSUNG MZVLQ512HALU-00000) NTFS
Drive d: (TINY) (Removable) (Total:7.44 GB) (Free:7.13 GB) FAT32
 
\\?\Volume{323d325b-8b54-4f7a-8237-e268b83e0e90}\ (RECOVERY) (Fixed) (Total:0.68 GB) (Free:0.19 GB) NTFS
\\?\Volume{35a9b8e7-1720-4875-a687-d982f9aec508}\ (MYASUS) (Fixed) (Total:0.19 GB) (Free:0.13 GB) FAT32
\\?\Volume{1a5222aa-e1a1-4087-93d6-864606e1eba0}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 4D94FA98)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 7.5 GB) (Disk ID: B5263172)
Partition 1: (Active) - (Size=7.5 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================

Edited by Jamazz, 01 March 2023 - 09:14 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Did you check your Spam folder?

 

Anyway we still have a problem with DHCP Client:

 

Error: (03/01/2023 09:49:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
Access is denied.

 

 

The DHCP Client uses

%SystemRoot%\system32\dhcpcore.dll

so I assume that's the file that it can't access.  

 

Open FRST64 (run as admin) and put dhcpcore.dll in the FRST search box then hit Search Files.  You will get one file.  Please post.  This is not going to fix anything just tell us if the file is present and has not been modified.


  • 0

#5
Jamazz

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

All good on the notifications. I'm getting them now, after following the thread.

 

Here's the search for dhcpcore.dll

 

 

*****************************************************

 

Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by jakea (02-03-2023 12:34:32)
Running from C:\Users\jakea\OneDrive\Desktop
Boot Mode: Normal
 
================== Search Files: "dhcpcore.dll" =============
 
C:\Windows\WinSxS\wow64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.71_none_5988e398a93d0e4f\dhcpcore.dll
[2022-05-16 02:47][2022-05-16 02:47] 000333648 _____ (Microsoft Corporation) F780A5B543F1272D01293485C87711B5 [File is digitally signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.71_none_5988e398a93d0e4f\r\dhcpcore.dll
[2022-05-16 02:47][2022-05-16 02:47] 000016676 _____ () 40F7982A923E9EC8A646A4A83A7D931E [File not signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.71_none_5988e398a93d0e4f\f\dhcpcore.dll
[2022-05-16 02:47][2022-05-16 02:47] 000004017 _____ () 0CABD2AE96CB71DD33AB03E60593BBCE [File not signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.1098_none_f09d1a7ec4f6c7f3\dhcpcore.dll
[2022-11-10 17:50][2022-11-10 17:50] 000335704 _____ (Microsoft Corporation) F71C889C1D5ADF605BCE3963E19CBB1B [File is digitally signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.1098_none_f09d1a7ec4f6c7f3\r\dhcpcore.dll
[2022-11-10 17:50][2022-11-10 17:50] 000058773 _____ () BBDEB0EAFB39502872589E487CDEF91B [File not signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.1098_none_f09d1a7ec4f6c7f3\f\dhcpcore.dll
[2022-11-10 17:47][2022-11-04 17:52] 000013253 _____ () FDFDB848A7C701587BB6B849A4C70C78 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.71_none_4f34394674dc4c54\dhcpcore.dll
[2022-05-16 02:46][2022-05-16 02:46] 000426320 _____ (Microsoft Corporation) C5D775BE8DAE96BC0DEC8809B42EBB16 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.71_none_4f34394674dc4c54\r\dhcpcore.dll
[2022-05-16 02:46][2022-05-16 02:46] 000029211 _____ () 95B211F3E0B350B9D968581EE3495DA7 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.71_none_4f34394674dc4c54\f\dhcpcore.dll
[2022-05-16 02:46][2022-05-16 02:46] 000003773 _____ () BCADD1772623050DC2308E6D207B6D29 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.1098_none_e648702c909605f8\dhcpcore.dll
[2022-11-10 17:50][2022-11-10 17:50] 000427360 _____ (Microsoft Corporation) 85BD98228BDC03572024FD4993BF5A2C [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.1098_none_e648702c909605f8\r\dhcpcore.dll
[2022-11-10 17:50][2022-11-10 17:50] 000069366 _____ () 362E0DBDF544B3C4FEBF98CADA5B5262 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.22000.1098_none_e648702c909605f8\f\dhcpcore.dll
[2022-11-10 17:47][2022-11-04 19:17] 000016596 _____ () 10A3C70098D05CDC68F946F462702CED [File not signed]
 
C:\Windows\SysWOW64\dhcpcore.dll
[2022-11-10 17:50][2022-11-10 17:50] 000335704 _____ (Microsoft Corporation) F71C889C1D5ADF605BCE3963E19CBB1B [File is digitally signed]
 
C:\Windows\System32\dhcpcore.dll
[2022-11-10 17:50][2022-11-10 17:50] 000427360 _____ (Microsoft Corporation) 85BD98228BDC03572024FD4993BF5A2C [File is digitally signed]
 
 
====== End of Search ======

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looks like the file is present and unmodified in both locations:

 

C:\Windows\SysWOW64\dhcpcore.dll
[2022-11-10 17:50][2022-11-10 17:50] 000335704 _____ (Microsoft Corporation) F71C889C1D5ADF605BCE3963E19CBB1B [File is digitally signed]
 
C:\Windows\System32\dhcpcore.dll
[2022-11-10 17:50][2022-11-10 17:50] 000427360 _____ (Microsoft Corporation) 85BD98228BDC03572024FD4993BF5A2C [File is digitally signed

 

]
Let's try a fixlist and see if it's a permission problem.
 
Download the attached fixlist.txt file
Attached File  fixlist.txt   442bytes   92 downloads
to the same folder where FRST64 lives.
 
Run FRST as before and press Fix.
You will get one file please post.
 
 

  • 0

#7
Jamazz

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by jakea (02-03-2023 17:12:58) Run:1
Running from C:\Users\jakea\OneDrive\Desktop
Loaded Profiles: jakea
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
File: C:\Windows\SysWOW64\dhcpcore.dll
File: C:\Windows\System32\dhcpcore.dll
SetDefaultFilePermissions:  C:\Windows\SysWOW64\dhcpcore.dll
SetDefaultFilePermissions:  C:\Windows\System32\dhcpcore.dll
File: C:\Windows\SysWOW64\dhcpcore.dll
File: C:\Windows\System32\dhcpcore.dll
CMD: sc start DHCP
CMD: sc query DHCP
CMD: sc start bfe
CMD: sc query bfe
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp" /s
 
*****************
 
 
========================= File: C:\Windows\SysWOW64\dhcpcore.dll ========================
 
C:\Windows\SysWOW64\dhcpcore.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22000.1219.cat
File is digitally signed
MD5: F71C889C1D5ADF605BCE3963E19CBB1B
Creation and modification date: 2022-11-10 17:50 - 2022-11-10 17:50
Size: 000335704
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: dhcpcore.dll
Original Name: dhcpcore.dll
Product: Microsoft® Windows® Operating System
Description: DHCP Client Service
File Version: 10.0.22000.1098 (WinBuild.160101.0800)
Product Version: 10.0.22000.1098
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\Windows\System32\dhcpcore.dll ========================
 
C:\Windows\System32\dhcpcore.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.1219.cat
File is digitally signed
MD5: 85BD98228BDC03572024FD4993BF5A2C
Creation and modification date: 2022-11-10 17:50 - 2022-11-10 17:50
Size: 000427360
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: dhcpcore.dll
Original Name: dhcpcore.dll
Product: Microsoft® Windows® Operating System
Description: DHCP Client Service
File Version: 10.0.22000.1098 (WinBuild.160101.0800)
Product Version: 10.0.22000.1098
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0
 
====== End of File: ======
 
"C:\Windows\SysWOW64\dhcpcore.dll" => Default permissions restored successfully.
"C:\Windows\System32\dhcpcore.dll" => Default permissions restored successfully.
 
========================= File: C:\Windows\SysWOW64\dhcpcore.dll ========================
 
C:\Windows\SysWOW64\dhcpcore.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0011~31bf3856ad364e35~amd64~~10.0.22000.1219.cat
File is digitally signed
MD5: F71C889C1D5ADF605BCE3963E19CBB1B
Creation and modification date: 2022-11-10 17:50 - 2022-11-10 17:50
Size: 000335704
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: dhcpcore.dll
Original Name: dhcpcore.dll
Product: Microsoft® Windows® Operating System
Description: DHCP Client Service
File Version: 10.0.22000.1098 (WinBuild.160101.0800)
Product Version: 10.0.22000.1098
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\Windows\System32\dhcpcore.dll ========================
 
C:\Windows\System32\dhcpcore.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.22000.1219.cat
File is digitally signed
MD5: 85BD98228BDC03572024FD4993BF5A2C
Creation and modification date: 2022-11-10 17:50 - 2022-11-10 17:50
Size: 000427360
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: dhcpcore.dll
Original Name: dhcpcore.dll
Product: Microsoft® Windows® Operating System
Description: DHCP Client Service
File Version: 10.0.22000.1098 (WinBuild.160101.0800)
Product Version: 10.0.22000.1098
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0
 
====== End of File: ======
 
 
========= sc start DHCP =========
 
 
SERVICE_NAME: DHCP 
        TYPE               : 30  WIN32  
        STATE              : 2  START_PENDING 
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 7852
        FLAGS              : 
 
========= End of CMD: =========
 
 
========= sc query DHCP =========
 
 
SERVICE_NAME: DHCP 
        TYPE               : 30  WIN32  
        STATE              : 1  STOPPED 
        WIN32_EXIT_CODE    : 5  (0x5)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
========= End of CMD: =========
 
 
========= sc start bfe =========
 
 
SERVICE_NAME: bfe 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 2  START_PENDING 
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 9316
        FLAGS              : 
 
========= End of CMD: =========
 
 
========= sc query bfe =========
 
 
SERVICE_NAME: bfe 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 1  STOPPED 
        WIN32_EXIT_CODE    : 5  (0x5)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
========= End of CMD: =========
 
 
========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
    DependOnService    REG_MULTI_SZ    NSI\0Afd
    Description    REG_SZ    @%SystemRoot%\system32\dhcpcore.dll,-101
    DisplayName    REG_SZ    @%SystemRoot%\system32\dhcpcore.dll,-100
    ErrorControl    REG_DWORD    0x1
    FailureActions    REG_BINARY    805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
    Group    REG_SZ    TDI
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
    ObjectName    REG_SZ    NT Authority\LocalService
    RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\system32\dhcpcore.dll
    ServiceSidType    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations
    Options    REG_BINARY    32000000000000000400000000000000FFFFFF7F0000000001000000000000000400000000000000FFFFFF7F00000000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Linkage
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Linkage\Disabled
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\system32\dhcpcore.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\1
    KeyType    REG_DWORD    0x7
    RegLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpSubnetMaskOpt\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpSubnetMaskOpt
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15
    KeyType    REG_DWORD    0x1
    RegLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain\0SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\220
    KeyType    REG_DWORD    0x3
    RegSendLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest
    VendorType    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\3
    KeyType    REG_DWORD    0x7
    RegLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDefaultGateway\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpDefaultGateway
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\44
    KeyType    REG_DWORD    0x1
    RegLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList\0SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\46
    KeyType    REG_DWORD    0x4
    RegLocation    REG_SZ    SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\47
    KeyType    REG_DWORD    0x1
    RegLocation    REG_SZ    SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\6
    KeyType    REG_DWORD    0x1
    RegLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\DhcpNetbiosOptions
    KeyType    REG_DWORD    0x4
    OptionId    REG_DWORD    0x1
    RegLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNetbiosOptions
    VendorType    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parametersv6
    DllName    REG_EXPAND_SZ    %SystemRoot%\system32\dhcpcore6.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parametersv6\Options
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parametersv6\Options\23
    KeyType    REG_DWORD    0x3
    RegLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\?\Dhcpv6DNSServers\0SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Dhcpv6DNSServers
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parametersv6\Options\24
    KeyType    REG_DWORD    0x3
    RegLocation    REG_MULTI_SZ    SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\?\Dhcpv6DomainSearchList\0SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Dhcpv6DomainSearchList
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Security
    Security    REG_BINARY    01001480A4000000B0000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200740005000000000014008D01020001010000000000050B00000000001800FD0102000102000000000005200000002C02000000001800FF010F0001020000000000052000000020020000000014009D01020001010000000000020100000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 17:13:00 ====

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Permissions for dhcpcore seem to be OK.  Registry entry looks OK.  Not sure why it won't start.  I also had the fixlist check the BFE service (Base Filtering Engine) as this was reported not running by FRST.  It appears to have the same access problem even tho I didn't see an event to that effect.  BFE is a very important for networking as it controls the firewall among a host of other things and it may be part of the DHCP problem so  have FRST do Search Files for bfe.dll just like we did with dhcpcore.dll.  Post the result.

 

I'll also give you a fixlist which will check access to the file.

 

Attached File  fixlist.txt   382bytes   95 downloads

 

As before and post the fixlog.

 

 

 


  • 0

#9
Jamazz

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Here's the Search for BFE and the FixLog I ran.

 

**************************************************************

 

Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by jakea (02-03-2023 22:26:04)
Running from C:\Users\jakea\OneDrive\Desktop
Boot Mode: Normal
 
================== Search Files: "bfe.dll" =============
 
C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.22000.708_none_c8a74e53afa0d991\BFE.DLL
[2022-06-23 12:51][2022-06-23 12:51] 000925696 _____ (Microsoft Corporation) 71C76FEE2121CF925B0980AD420F6477 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.22000.708_none_c8a74e53afa0d991\r\BFE.DLL
[2022-06-23 12:51][2022-06-23 12:51] 000134750 _____ () 25B70CA87ABA37400985B104EBB2EB97 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.22000.708_none_c8a74e53afa0d991\f\BFE.DLL
[2022-06-23 12:44][2022-06-07 17:38] 000013693 _____ () A9FBD8E73A71AF3EBE8A71BCAB55CBBF [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.22000.1042_none_4673b5c5621a0d69\BFE.DLL
[2022-11-10 17:50][2022-11-10 17:50] 000925696 _____ (Microsoft Corporation) 275FC3E10F6DF61ABD5EC38850082450 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.22000.1042_none_4673b5c5621a0d69\r\BFE.DLL
[2022-11-10 17:50][2022-11-10 17:50] 000134744 _____ () 278CF326AAA36835E7A4177B5BA1E71C [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-network-security_31bf3856ad364e35_10.0.22000.1042_none_4673b5c5621a0d69\f\BFE.DLL
[2022-11-10 17:47][2022-11-04 19:16] 000013707 _____ () FDE33F38C127AB2E10477C95630D3591 [File not signed]
 
C:\Windows\System32\BFE.DLL
[2022-11-10 17:50][2022-11-10 17:50] 000925696 _____ (Microsoft Corporation) 275FC3E10F6DF61ABD5EC38850082450 [File is digitally signed]
 
 
====== End of Search ======
 
 
*******************************************************************
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by jakea (02-03-2023 22:24:41) Run:2
Running from C:\Users\jakea\OneDrive\Desktop
Loaded Profiles: jakea
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
File: C:\Windows\System32\bfe.dll
SetDefaultFilePermissions:  C:\Windows\System32\bfe.dll
File: C:\Windows\System32\bfe.dll
Unlock: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp" 
Unlock: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe" 
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe" 
CMD: sc start dhcp
CMD: sc query dhcp
 
*****************
 
 
========================= File: C:\Windows\System32\bfe.dll ========================
 
C:\Windows\System32\bfe.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Network-Security-Core-Package~31bf3856ad364e35~amd64~~10.0.22000.1042.cat
File is digitally signed
MD5: 275FC3E10F6DF61ABD5EC38850082450
Creation and modification date: 2022-11-10 17:50 - 2022-11-10 17:50
Size: 000925696
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: BFE.DLL
Original Name: BFE.DLL
Product: Microsoft® Windows® Operating System
Description: Base Filtering Engine
File Version: 10.0.22000.1042 (WinBuild.160101.0800)
Product Version: 10.0.22000.1042
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0
 
====== End of File: ======
 
"C:\Windows\System32\bfe.dll" => Default permissions restored successfully.
 
========================= File: C:\Windows\System32\bfe.dll ========================
 
C:\Windows\System32\bfe.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Network-Security-Core-Package~31bf3856ad364e35~amd64~~10.0.22000.1042.cat
File is digitally signed
MD5: 275FC3E10F6DF61ABD5EC38850082450
Creation and modification date: 2022-11-10 17:50 - 2022-11-10 17:50
Size: 000925696
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: BFE.DLL
Original Name: BFE.DLL
Product: Microsoft® Windows® Operating System
Description: Base Filtering Engine
File Version: 10.0.22000.1042 (WinBuild.160101.0800)
Product Version: 10.0.22000.1042
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0
 
====== End of File: ======
 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp" => was unlocked
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe" => was unlocked
 
========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe" =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe
    DependOnService    REG_MULTI_SZ    RpcSs
    Description    REG_SZ    @%SystemRoot%\system32\bfe.dll,-1002
    DisplayName    REG_SZ    @%SystemRoot%\system32\bfe.dll,-1001
    ErrorControl    REG_DWORD    0x1
    FailureActions    REG_BINARY    805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000
    Group    REG_SZ    NetworkProvider
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege
    ServiceSidType    REG_DWORD    0x3
    Start    REG_DWORD    0x2
    SvcHostSplitDisable    REG_DWORD    0x1
    Type    REG_DWORD    0x20
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bfe\Security
 
 
========= End of Reg: =========
 
 
========= sc start dhcp =========
 
 
SERVICE_NAME: dhcp 
        TYPE               : 30  WIN32  
        STATE              : 2  START_PENDING 
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 7848
        FLAGS              : 
 
========= End of CMD: =========
 
 
========= sc query dhcp =========
 
 
SERVICE_NAME: dhcp 
        TYPE               : 30  WIN32  
        STATE              : 1  STOPPED 
        WIN32_EXIT_CODE    : 5  (0x5)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
========= End of CMD: =========
 
 
==== End of Fixlog 22:24:42 ====

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Not seeing anything obvious other than you may be a bit out of date.

 

I think the next thing to do is download Win 11 to a USB  (8GB or bigger) and boot from it.  There is an option to repair upgrade which leaves your data and programs intact but fixes any problems with Windows.  https://www.microsof...nload/windows11

 

Start with "Create Windows 11 Installation Media"

 

More info:

https://answers.micr...87-f40096ec3085


  • 0

Advertisements


#11
Jamazz

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Okay, I will start prepping a USB to try and recover windows 11 file integrity. I've done this before, so I am familiar with the process. The only thing the laptop can't do, is connect to the internet. With RPC/DHCP still hosed, it won't connect. I assume I can just skip the 'Update' portion of the repair, or wait until it times-out. I tried to release/renew with admin privs in Powershell, but it is still complaining about the RPC service.

 

I'll come back soon, with the results, hopefully. Thanks!


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

RPC is required for DHCP.  I didn't see that in your log.  Search for

services

and hit Enter.  It should open the services menu.  Scroll down to Remote Procedure Call (RPC)  - there are actually two of them.  We want the first.  I assume it is not Running.   Right click and select Properties. Verify Startup Type: is Automatic.  Report if it's not.  Try to Start the service.  Does it give you an error?  What does it say.

 

Have FRST Search Files for combase.dll and post the result.  Also run this fixlist

Attached File  fixlist.txt   438bytes   88 downloads

as before:

 

 


  • 0

#13
Jamazz

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Looks like I hit another brick wall. Here's the error I got when trying to repair Windows 11. I will be unable to fulfil your last request until later this evening, or tomorrow. I'm late for work.

 

 

***************************************************

 

We Couldn't install Windows 11
We've set your PC back to the way it was right before you started installing Windows 11
 
0xC1900101 - 0x30018
The installation failed in the FIRST_BOOT phase with an error during SYSPREP_SPECIALIZE operation

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Open a Command Window (admin) and type:

 

chkdsk /r C:

 

Hit Enter and it will say it can't do it now but can schedule it for next boot.  Tell it y and then reboot. 

The disk check should start and can take a few hours.  It will reboot when done.

 

I'd rerun the DISM and SFC files after it reboots.

 

This might also help:

 

https://www.partitio...boot-phase.html


  • 0

#15
Jamazz

Jamazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Good news. Functionality was restored to a certain point using Windows 11 restore. At first, I was selecting to save files and applications. Attempts were getting backed-out due to the failure error I reported before, and again with a separate failure error report while attempting to do it again. So, I decided to just save files and 86 the applications. I am now using the affected laptop to write this post.

 

Since the situation changed a bit, I have not processed the instructions in the last two posts you sent.

 

What are the next steps? I assume there are final clean up and exodus processes I need to do.

 

In the meantime I am updating the laptop with default Windows Update stuff.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP