Here are my Frst logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
Ran by User (administrator) on LAPTOP-1755NSUL (LENOVO 81DE) (16-09-2024 17:32:22)
Running from C:\Users\User\Desktop\FRST64.exe
Loaded Profiles: User
Platform: Microsoft Windows 10 Home Version 22H2 19045.4894 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\QuickTime\qttask.exe
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (20E7E2C9-A2A9-4A02-BB29-6FCFB9E042BB -> Lenovo(beijing) Limited) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.46.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_7c484f80872e1cd8\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [427304 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2019-09-16] (Apple Computer, Inc.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Run: [f.lux] => C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-01-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Policies\Explorer: [NoLogOff] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2019-09-16]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {8E42FD95-95C2-4895-BBBD-E207D9250084} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5173032 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {2D079743-8060-490B-92E1-BCB1AE9C0789} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-01] (Avast Software s.r.o. -> Avast Software)
Task: {586FE4FE-6957-416E-8D06-EAA00293F635} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-14] (HP Inc. -> HP Inc.)
Task: {8CD36375-BA6D-4BAB-B5E9-39984CF6868B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-14] (HP Inc. -> HP Inc.)
Task: {00F2EA6E-B0AF-478A-AF2C-45EE6DAF1A0C} - System32\Tasks\IObit StpSale (One-Time) => "C:\Program Files (x86)\IObit\Smart Defrag\pub\Stpsale.exe" -> C:\Program Files (x86)\IObit\Smart Defrag\pub\\/stp
Task: {19DCA661-18B7-4311-B46F-C783E6928E6D} - System32\Tasks\IObit SumSale2024 (One-Time) => "C:\Program Files (x86)\IObit\Smart Defrag\pub\sumsale.exe" -> C:\Program Files (x86)\IObit\Smart Defrag\pub\\/rpop
Task: {921E2E1C-15D1-4929-B3D7-023C72139098} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {94607245-E93A-4C80-B692-B97E8FB3E1F8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {14C87044-63B7-4671-AC72-40CE4F278118} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {07E8C8F6-27B9-4414-857C-23C2701B93A3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\39898a6c-abd8-4872-a91c-66fadac41753 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {B9F45627-5FE3-43C4-A2EF-2E4D55B7626B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3ef7a0bb-f57c-4da8-9d67-893cecaf32b9 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {26CB748C-6555-4F40-A766-5A42817BD2FF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\599328e5-c945-48db-a739-3fd7be1211bd => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {05FFBD61-BC24-475F-8A4C-2A43E0AC4FEA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6bc79892-85fa-4f02-bef1-ef3d6d576ae1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {6624974B-4805-4FAB-AFE0-ADE8DE5FBAA2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dbb061ce-8b7b-44b2-a9c7-f6131d751331 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {9A63893B-3426-45E4-BAA6-B6FD6034D957} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe [5786440 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {DC960A03-262D-4F7B-8FDE-6B9AEB012E67} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {23E7A971-068D-403E-B6FE-9DDE17D2FE59} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {3F4CFC6C-8E54-44F5-8143-C2AC6299CB93} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {39BF1E4F-231F-43D9-8EF6-DFF98CE38665} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7130D55B-51E0-41F7-BD7C-6B11495C631F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {8A298AA7-86DD-497C-84D4-99D68F5BEF68} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {E1EEF567-250D-4149-9E97-6FB05956879F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B45A18E2-87D9-44EB-9CF9-BDFC93B6FEDA} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3721576 2024-04-09] (IObit CO., LTD -> IObit)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5f488a56-4358-42ad-8336-f7518937ab4f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A4372414: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A4372414: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A43724142366E674: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A43724142366E674: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\75F6C6667616E676: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\75F6C6667616E676: [DhcpDomain] attlocal.net
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-15]
Edge Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-08-07]
FireFox:
========
FF DefaultProfile: h7vtrih6.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default [2024-09-16]
FF DownloadDir: C:\Users\User\Desktop
FF Homepage: Mozilla\Firefox\Profiles\h7vtrih6.default -> www.duckduckgo.com
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\Extensions\[email protected] [2024-07-30]
FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\Extensions\[email protected] [2024-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-12-08]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-08]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-08]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-08]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-08]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7248680 2024-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [771880 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1217832 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-30] (Avast Software s.r.o. -> AVAST Software)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2019-06-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-14] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-11] (Malwarebytes Inc. -> Malwarebytes)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2019-05-26] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2019-05-26] (Even Balance, Inc. -> )
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20536 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229832 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [381400 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [293944 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27744 2024-08-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28616 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [273456 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [549968 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [97736 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69176 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [949816 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1198648 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203832 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306744 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2024-03-22] (IObit Information Technology -> IObit)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-02-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-02-09] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-09-16 17:32 - 2024-09-16 17:36 - 000023223 _____ C:\Users\User\Desktop\FRST.txt
2024-09-16 17:30 - 2024-09-16 17:30 - 002397696 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2024-09-14 23:55 - 2024-09-14 23:55 - 000000000 ____D C:\Users\User\AppData\Roaming\com.playtinum.Halloween-Jigsaw
2024-09-14 23:52 - 2024-09-14 23:52 - 000002196 _____ C:\Users\Public\Desktop\Play Halloween Jigsaw Puzzle Stash.lnk
2024-09-14 23:52 - 2024-09-14 23:52 - 000001248 _____ C:\Users\Public\Desktop\More Great Games.lnk
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Halloween Jigsaw Puzzle Stash
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halloween Jigsaw Puzzle Stash
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\Program Files (x86)\Halloween Jigsaw Puzzle Stash
2024-09-13 16:54 - 2024-09-13 16:54 - 000013444 _____ C:\Users\User\Desktop\handyforms.odt
2024-09-12 16:03 - 2024-09-12 16:03 - 000000353 _____ C:\Users\User\Desktop\Jojo Siwa Hair Bows in Hair Accessories - Walmart.com.url
2024-09-12 16:02 - 2024-09-12 16:02 - 000000353 _____ C:\Users\User\Desktop\Packed Party Hair Tools & Accessories in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Scrunchies in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Head Wraps in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Hair Bows in Hair Accessories - Walmart.com.url
2024-09-12 16:00 - 2024-09-12 16:00 - 000000353 _____ C:\Users\User\Desktop\Headbands in Hair Accessories - Walmart.com.url
2024-09-12 16:00 - 2024-09-12 16:00 - 000000353 _____ C:\Users\User\Desktop\Clip In Extensions in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Hair Ties in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Hair Clips in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Barrettes in Hair Accessories - Walmart.com.url
2024-09-11 23:36 - 2024-09-11 23:36 - 000000328 _____ C:\Users\User\Desktop\For Sale_ 1013 N Sunnyvale Ln Unit E, Madison, WI 53713 _ realtor.com®.url
2024-09-11 09:47 - 2024-09-11 09:45 - 000315176 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2024-09-10 22:47 - 2024-09-10 22:47 - 000000000 ___HD C:\$WinREAgent
2024-09-08 13:44 - 2024-09-08 13:44 - 000000299 _____ C:\Users\User\Desktop\Final Meeting Agenda_June 2024_6-24_v2.xlsx - agenda-2024-06-26-28-508.pdf.url
2024-09-06 15:14 - 2024-09-06 15:14 - 000000240 _____ C:\Users\User\Desktop\Masks - HALOLIFE.url
2024-09-03 09:42 - 2024-09-03 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-03 09:37 - 2024-09-10 14:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-01 00:43 - 2024-09-01 00:43 - 000000000 ____D C:\Users\User\AppData\Roaming\JetFun
2024-08-31 01:25 - 2024-08-31 01:25 - 000000242 _____ C:\Users\User\Desktop\RMV Workforce Corp.url
2024-08-28 19:21 - 2024-08-28 19:21 - 000000271 _____ C:\Users\User\Desktop\West Nile Virus_ Symptoms, Treatment & Prevention.url
2024-08-26 16:06 - 2024-08-26 16:06 - 000000242 _____ C:\Users\User\Desktop\A Website For Property Management And Multi-Family Housing.url
2024-08-26 16:02 - 2024-08-26 16:02 - 000000260 _____ C:\Users\User\Desktop\Tools For Maintenance Technicians That Can Make You Easy Money.url
2024-08-26 14:53 - 2024-08-26 14:53 - 000000331 _____ C:\Users\User\Desktop\Woodford Adjustable Rod with Pressure Relief Valve to Prevent Bursting (10-Piece) RK-ADJ-PRV - The Home Depot.url
2024-08-26 14:53 - 2024-08-26 14:53 - 000000243 _____ C:\Users\User\Desktop\RK-ADJ-PRV Upgrade the Model 14, 16, 17, 19, 22 and V22 to PRV 4-in to – Eagle Mountain.url
2024-08-26 14:28 - 2024-08-26 14:28 - 000000271 _____ C:\Users\User\Desktop\Woodford Model 17 Freezeless Faucet.url
2024-08-26 13:56 - 2024-08-26 13:56 - 000000234 _____ C:\Users\User\Desktop\Your Shopping Cart – woodfordfaucet.url
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-09-16 17:35 - 2021-02-19 16:46 - 000000000 ____D C:\FRST
2024-09-16 17:09 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-16 16:58 - 2022-12-28 17:04 - 000000000 ____D C:\Users\User\Desktop\pics for returns
2024-09-16 16:07 - 2020-09-28 08:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-16 15:34 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-16 15:34 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-16 13:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-09-16 13:44 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2024-09-16 00:21 - 2024-07-29 17:42 - 000002738 _____ C:\WINDOWS\system32\Tasks\IObit SumSale2024 (One-Time)
2024-09-16 00:21 - 2024-03-12 22:08 - 000002728 _____ C:\WINDOWS\system32\Tasks\IObit StpSale (One-Time)
2024-09-16 00:21 - 2024-01-11 20:43 - 000002442 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2024-09-16 00:21 - 2020-09-28 09:14 - 000003492 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Task
2024-09-16 00:21 - 2020-09-28 09:14 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-16 00:21 - 2020-09-28 09:14 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-16 00:21 - 2020-09-28 09:14 - 000002764 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2024-09-16 00:21 - 2020-09-28 09:14 - 000002352 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON
2024-09-16 00:21 - 2020-09-28 09:14 - 000002306 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_Dolby
2024-09-16 00:21 - 2020-09-28 09:14 - 000002302 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2024-09-16 00:21 - 2018-11-23 18:49 - 000000000 ____D C:\ProgramData\TEMP
2024-09-15 23:51 - 2021-02-09 20:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2024-09-15 19:27 - 2018-11-22 11:36 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2024-09-15 19:26 - 2018-11-22 13:39 - 000000000 ____D C:\ProgramData\AVAST Software
2024-09-15 19:25 - 2020-09-28 09:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-09-15 19:25 - 2020-09-28 08:42 - 000008192 ___SH C:\DumpStack.log.tmp
2024-09-15 19:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-09-15 19:24 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-09-14 23:52 - 2018-11-23 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2024-09-14 12:51 - 2021-12-16 16:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-14 12:08 - 2020-06-23 14:55 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-13 14:48 - 2018-11-22 15:54 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2024-09-12 08:23 - 2020-09-28 09:04 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-09-11 12:09 - 2021-05-30 17:00 - 000000000 ____D C:\Users\User\AppData\Local\Avast Software
2024-09-11 11:09 - 2024-06-10 16:56 - 000456288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-09-11 11:01 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-09-11 11:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-09-11 10:57 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-09-11 10:32 - 2020-09-28 08:46 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-09-11 09:49 - 2021-02-09 20:52 - 000949816 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-09-11 09:49 - 2021-02-09 20:52 - 000381400 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-09-11 09:47 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-09-11 09:46 - 2021-02-09 20:52 - 001198648 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000549968 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000306744 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000293944 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000273456 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000097736 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000084536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000069176 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000028616 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-09-11 09:45 - 2021-02-09 20:52 - 000229832 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-09-11 09:45 - 2021-02-09 20:52 - 000020536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2024-09-10 14:42 - 2018-11-22 13:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-09-10 14:36 - 2018-11-22 13:37 - 199688632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-09-10 14:17 - 2018-11-22 14:03 - 000000000 ____D C:\ProgramData\Packages
2024-09-10 14:17 - 2018-11-22 11:36 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2024-09-10 14:09 - 2018-11-22 13:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-07 22:23 - 2024-07-20 10:16 - 000000258 _____ C:\Users\User\Desktop\Respiratory Illnesses Data Channel _ Respiratory Illnesses _ CDC.url
2024-09-03 09:42 - 2018-11-22 13:27 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
==================== Files in the root of some directories ========
2019-06-23 17:48 - 2019-06-23 17:48 - 000001536 _____ () C:\Users\User\AppData\Local\GfxMetrics.cfg
2019-06-23 17:48 - 2019-06-23 17:48 - 000206336 _____ () C:\Users\User\AppData\Local\GfxMetrics.dat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
And this is the Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by User (16-09-2024 17:42:08)
Running from C:\Users\User\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4894 (X64) (2020-09-28 14:15:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4161042128-27025238-194098315-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4161042128-27025238-194098315-503 - Limited - Disabled)
Guest (S-1-5-21-4161042128-27025238-194098315-501 - Limited - Disabled)
User (S-1-5-21-4161042128-27025238-194098315-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-4161042128-27025238-194098315-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Disabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader 7.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.8.6127 - Avast Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.5.0.0 - )
Curse at Twilight: Thief of Souls (HKLM-x32\...\BFG-Curse at Twilight - Thief of Souls) (Version: - )
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
f.lux (HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Flux) (Version: 4.131 - f.lux Software LLC)
Fishdom - Spooky Splash (HKLM-x32\...\BFG-Fishdom - Spooky Splash) (Version: - )
Fishdom (HKLM-x32\...\BFG-Fishdom) (Version: - )
Halloween Jigsaw Puzzle Stash (HKLM-x32\...\BFG-Halloween Jigsaw Puzzle Stash) (Version: - )
Hotel (HKLM-x32\...\BFG-Hotel) (Version: - )
Infected: The Twin Vaccine (HKLM-x32\...\BFG-Infected - The Twin Vaccine) (Version: - )
Intel® Chipset Device Software (HKLM\...\{7FB35D08-C75C-4A18-B593-1D7C3E8970AD}) (Version: 10.1.1.45 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{125B62DE-4575-4D4D-982F-AB6F9E913B54}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{DF4E2424-348F-4227-9096-8EA478DFAB4E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{258E992F-46AD-45FB-B83B-0CE0EC6FC549}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
LibreOffice 7.1.5.2 (HKLM\...\{4F0D0C39-A2CD-4908-AA4C-A1CC9BDCD71A}) (Version: 7.1.5.2 - The Document Foundation)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{8B4DBB94-B69B-4C4F-AADD-C10CFB220F1F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{56C76A75-BF3A-41E9-96D6-929E058DD38F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 130.0 (x64 en-US)) (Version: 130.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla)
NAPS2 6.1.2 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Smart Defrag 9 (HKLM-x32\...\Smart Defrag_is1) (Version: 9.4.0.342 - IObit)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-4) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\ZoomUMX) (Version: 5.17.10 (33775) - Zoom Video Communications, Inc.)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-14] (HP Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.9.183.0_x86__k1h2ywk1493x8 [2018-06-17] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.46.0_x64__5grkq8ppsgwt4 [2018-11-22] (LENOVO INC) [Startup Task]
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2019-12-07] (Skype)
VitalSource Bookshelf -> C:\Program Files\WindowsApps\VitalSourceTechnologiesIn.VitalSourceBookshelf_9.3.11.0_x64__wasrd15zsyawm [2020-08-24] (VitalSource Technologies Inc)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxDTCM.dll [2018-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Ed in a Box 2.4\DEB Website.lnk -> hxxp://www.driveredinabox.com
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Ed in a Box 2.4\Report Error.lnk -> hxxp://www.driveredinabox.com/support/index.ph
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:00AFE22A [456]
AlternateDataStreams: C:\ProgramData\TEMP:0125B9F7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:021703B2 [232]
AlternateDataStreams: C:\ProgramData\TEMP:07C99568 [211]
AlternateDataStreams: C:\ProgramData\TEMP:0E8117B1 [221]
AlternateDataStreams: C:\ProgramData\TEMP:0FF28C38 [255]
AlternateDataStreams: C:\ProgramData\TEMP:145E3D35 [249]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE [215]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [213]
AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96 [233]
AlternateDataStreams: C:\ProgramData\TEMP:3407CC28 [257]
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230 [222]
AlternateDataStreams: C:\ProgramData\TEMP:408A104E [244]
AlternateDataStreams: C:\ProgramData\TEMP:410A2E9A [232]
AlternateDataStreams: C:\ProgramData\TEMP:4329D25A [237]
AlternateDataStreams: C:\ProgramData\TEMP:507C1BA0 [242]
AlternateDataStreams: C:\ProgramData\TEMP:51E66512 [227]
AlternateDataStreams: C:\ProgramData\TEMP:52886450 [229]
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 [222]
AlternateDataStreams: C:\ProgramData\TEMP:5C0CABC7 [237]
AlternateDataStreams: C:\ProgramData\TEMP:5E9EE2DE [227]
AlternateDataStreams: C:\ProgramData\TEMP:60E755E6 [249]
AlternateDataStreams: C:\ProgramData\TEMP:6FD26134 [207]
AlternateDataStreams: C:\ProgramData\TEMP:717F51DE [229]
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB [228]
AlternateDataStreams: C:\ProgramData\TEMP:87E3D720 [248]
AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [226]
AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1 [240]
AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [233]
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [464]
AlternateDataStreams: C:\ProgramData\TEMP:9DB344BB [235]
AlternateDataStreams: C:\ProgramData\TEMP:A4CDE823 [238]
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67 [240]
AlternateDataStreams: C:\ProgramData\TEMP:C16218C3 [148]
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1 [246]
AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C [247]
AlternateDataStreams: C:\ProgramData\TEMP:D5151683 [233]
AlternateDataStreams: C:\ProgramData\TEMP:D5F4DEBF [257]
AlternateDataStreams: C:\ProgramData\TEMP:DCB8068C [247]
AlternateDataStreams: C:\ProgramData\TEMP:E402E439 [250]
AlternateDataStreams: C:\ProgramData\TEMP:ECFD9449 [436]
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [238]
AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C [248]
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D [229]
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790 [231]
AlternateDataStreams: C:\ProgramData\TEMP:FBE06E1D [466]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4161042128-27025238-194098315-1001 -> DefaultScope {DC664FD2-F673-4866-B722-5372B6511B33} URL =
SearchScopes: HKU\S-1-5-21-4161042128-27025238-194098315-1001 -> {DC664FD2-F673-4866-B722-5372B6511B33} URL =
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7940 more sites.
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123simsen.com -> www.123simsen.com
There are 7940 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-11-29 18:57 - 2024-06-10 11:27 - 000454626 ____R C:\WINDOWS\system32\drivers\etc\hosts
104.129.18.2 us-central-016.staticnetcontent.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15604 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Control Panel\Desktop\\Wallpaper -> c:\users\mariah\appdata\roaming\mozilla\firefox\desktop background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Qualcomm Atheros QCA9377 Wireless Network Adapter -> Qcamain10x64.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{156723D8-E0D2-45BC-8F99-7235682D219E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2C76ED30-C25B-4C42-B753-DCF7B6724405}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{3BA09F13-4EF6-4D98-BC32-F93C8FDBE180}C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe] => (Allow) C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe (Respondus, Inc. -> )
FirewallRules: [TCP Query User{7DC9AC5D-1503-487B-8CB9-E4853CDF15A9}C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe] => (Allow) C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe (Respondus, Inc. -> )
FirewallRules: [{9E874C3E-29D7-4825-965B-0E643C1BE226}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D46FC6F8-E5CA-40A1-9C47-2CE534415A05}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FAFE5243-D959-4CB9-928B-1A024702687B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5A4E17E0-8BFC-4585-BC09-015E0D1DDCED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{82A48892-3554-4D15-891D-92457F4AF409}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{8C67835F-CAA6-4063-83D3-1E48A51F1624}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5180858E-BF8D-4DD6-93CA-84E2540D1E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barrow Hill\Barrow Hill.exe (Macromedia, Inc.) [File not signed]
FirewallRules: [{49719C84-5817-4668-A95A-DA8438364CE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barrow Hill\Barrow Hill.exe (Macromedia, Inc.) [File not signed]
FirewallRules: [{5E264F81-EF6D-42EE-BF49-C66AD7853037}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{14ADC9EC-F919-4865-8BED-9E2ECDC61F9D}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{EFF7194F-CC11-4B8D-A3AE-E53B5C6DECD3}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F83DAFE8-69F7-49D0-8E87-EAFC9DDEC073}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A20D8879-D92D-4203-90E2-B541FF9F03C0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{8C585ADC-9819-4A8C-870F-C889791B0C5B}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Block) C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [UDP Query User{C0ED26EC-9BB5-4D12-BFFE-24385C9E58FC}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Block) C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [{31EB38E0-7557-424B-A5F0-8E22350CE856}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{C455D791-F662-4635-AFAA-AC5DA00AD146}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{BFE3F978-7398-4C9E-8212-03E5D5FAB49E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
==================== Restore Points =========================
30-08-2024 10:18:59 Scheduled Checkpoint
10-09-2024 14:43:19 Windows Modules Installer
11-09-2024 08:45:32 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/16/2024 05:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2e98
Faulting application start time: 0x01db08896e126b5f
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: fb16bf39-2ceb-4fdf-96ac-8c7353a2eff5
Faulting package full name:
Faulting package-relative application ID:
Error: (09/16/2024 03:50:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0xc8c
Faulting application start time: 0x01db087a101f5568
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 8f9567ec-0b5b-4bd2-ad2a-128df637d32c
Faulting package full name:
Faulting package-relative application ID:
Error: (09/16/2024 03:44:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x58c
Faulting application start time: 0x01db0878aa7e7238
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: 983b3afd-3f78-4cd9-bcce-b325771d9f6a
Faulting package full name:
Faulting package-relative application ID:
Error: (09/16/2024 03:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x58c
Faulting application start time: 0x01db0878aa7e7238
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 9c93b72a-8fe7-4a42-a42d-84ad4e2821db
Faulting package full name:
Faulting package-relative application ID:
Error: (09/16/2024 03:32:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x8d0
Faulting application start time: 0x01db0874799a1224
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: e1214d07-87c7-4331-9157-768253098764
Faulting package full name:
Faulting package-relative application ID:
Error: (09/16/2024 03:10:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x8d0
Faulting application start time: 0x01db0874799a1224
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 77a73837-0898-44eb-b938-e29c598ef28c
Faulting package full name:
Faulting package-relative application ID:
Error: (09/16/2024 03:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x2efc
Faulting application start time: 0x01db0870a3344d9d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: 44eaeb66-15be-44f7-9f88-86146698bacd
Faulting package full name:
Faulting package-relative application ID:
Error: (09/16/2024 02:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2efc
Faulting application start time: 0x01db0870a3344d9d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 0cada336-487c-4b83-a00d-b93a108ab41b
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (09/16/2024 01:35:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtkAudioService service.
Error: (09/15/2024 07:25:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.
Error: (09/15/2024 01:08:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.
Error: (09/15/2024 01:03:31 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.
Error: (09/15/2024 12:59:28 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.
Error: (09/15/2024 12:55:25 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.
Error: (09/15/2024 12:51:23 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.
Error: (09/15/2024 12:46:58 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.
Windows Defender:
================
Date: 2021-02-11 14:27:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-10 14:57:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-10 14:01:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-09 23:16:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-02-09 22:03:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Event[0]:
Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.413.253.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error code: 0x80004004
Error description: Operation aborted
Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.413.253.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error code: 0x80004004
Error description: Operation aborted
Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error Code: 0x80004004
Error description: Operation aborted
Date: 2024-05-15 12:32:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.154.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.19800.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-05-15 12:32:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.154.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.19800.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
CodeIntegrity:
===============
Date: 2024-09-16 17:44:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 8TCN61WW 05/19/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 83%
Total physical RAM: 4005.22 MB
Available physical RAM: 659.74 MB
Total Virtual: 7205.22 MB
Available Virtual: 2792.28 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:860.55 GB) (Model: ST1000LM035-1RK172) NTFS
\\?\Volume{65961297-bb8f-4dc0-b48d-610e36976871}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.35 GB) NTFS
\\?\Volume{58b07d5c-9037-4c4f-8447-1c8ba7f8e41f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EC695FFA)
Partition: GPT.
==================== End of Addition.txt =======================
Thanks again