Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop keeps restarting randomly [Solved]


  • This topic is locked This topic is locked

#1
Terryc250

Terryc250

    Member

  • Member
  • PipPipPip
  • 101 posts

Not sure what's going on but my laptop just randomly restarts or freezes every 10-20 minutes or so.
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
Ran by Administrator (administrator) on LAPTOP-D982FIHM (LENOVO 82N6) (18-10-2024 20:58:14)
Running from C:\Users\Administrator\Desktop\FRST64.exe
Loaded Profiles: tehke & Administrator
Platform: Microsoft Windows 11 Home Version 23H2 22631.4317 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(A-Volute SAS -> A-Volute) C:\Users\Administrator\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(LenovoGamingSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\Tobii\Tobii EyeX\Tobii.Service.exe ->) (Tobii AB -> Tobii AB) C:\Program Files\Tobii\Tobii EyeX\Tobii.EyeX.Engine.exe
(C:\Program Files\Tobii\Tobii EyeX\Tobii.Service.exe ->) (Tobii AB -> Tobii AB) C:\Program Files\Tobii\Tobii EyeX\Tobii.EyeX.Interaction.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_24256.2502.3123.1_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.89\msedgewebview2.exe <13>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(D:\Downloads\MB\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) D:\Downloads\MB\Malwarebytes.exe
(Dream Machines) [File not signed] C:\Program Files (x86)\DM1 Pro S\Monitor.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\FnHotkeyUtility.exe
(explorer.exe ->) (D6816951-877F-493B-B4EE-41AB9419C326 -> NVIDIA Corporation) C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj\nvcplui.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(explorer.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordVPN.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) () [File not signed] C:\Program Files\KelVPN\KelVPNService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (KeepSolid Inc. -> KeepSolid Inc.) D:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) D:\Downloads\MB\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvltsi.inf_amd64_4b4a49a5122b87e1\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0e38956337e3fd2b\RtkAudUService64.exe
(services.exe ->) (Tobii AB -> Tobii AB) C:\Program Files\Tobii\Tobii EyeX\Tobii.Service.exe
(svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 -> ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm\Nahimic3.exe
(svchost.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(svchost.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0e38956337e3fd2b\RtkAudUService64.exe [1625448 2022-11-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3069768 2022-04-08] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [RZTHXHelper] => C:\WINDOWS\system32\RZTHXHelper.exe (No File)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2740872 2022-11-21] (iMobie Inc. -> iMobie Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [DM1 Pro S Mouse Driver] => C:\Program Files (x86)\DM1 Pro S\Monitor.exe [765952 2017-04-27] (Dream Machines) [File not signed]
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [Discord] => C:\Users\tehke\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [Opera GX Stable] => C:\Users\tehke\AppData\Local\Programs\Opera GX\opera.exe [1306528 2024-09-26] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\tehke\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\tehke\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [MicrosoftEdgeAutoLaunch_5336C2924B55FD107B3D46AF0B1AC178] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3794984 2024-10-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2740872 2022-11-21] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe [576136 2022-11-21] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe [86424 2024-06-12] (Lenovo -> Lenovo)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\tehke\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-05-08] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [DAEMON Tools Lite Automount] => "G:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\MountPoints2: {ac8a5ee2-acb9-11ec-8aed-106fd99e34c8} - "E:\setup.EXE" /AUTORUN
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\terry\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe [86424 2024-06-12] (Lenovo -> Lenovo)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2740872 2022-11-21] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [AnyTransToolHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AnyTransToolHelper.exe [576136 2022-11-21] (iMobie Inc. -> iMobie Inc.)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [RazerAxon] => "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -autorun (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [RzAppEngine] => "C:\Program Files\Razer\RzAppEngine\rzappengine.exe" --start-hidden --url-params=apps=virtual-ring-light,streamer-companion-app,spatial-audio&autoStart=1 (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [MicrosoftEdgeAutoLaunch_9CE861ED124B1A707734DA2D6DCB9C85] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3794984 2024-10-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\...\Run: [Synapse3] => "C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe" /StartMinimized (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\...\Run: [MicrosoftEdgeAutoLaunch_9E340A4B8FFE17B011AC7F2648A3CF2E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3794984 2024-10-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3794984 2024-10-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3252700674-1244316876-1502611229-500\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\130.0.6723.59\Installer\chrmstp.exe [2024-10-18] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {DCC5E6F8-2B3A-44BE-9B80-5860CC919A91} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-08-29] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {307E2E8D-3FE5-4B36-BCC4-C6C823A6E1F2} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem131.0.6776.0{95C94CA1-8F7F-4318-BB32-B8CA12E64711} => C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe [5507168 2024-10-13] (Google LLC -> Google LLC)
Task: {C002060A-F7AC-41D5-A686-8703DB77D121} - System32\Tasks\HidHide_Updater => C:\Program Files\Nefarius Software Solutions\HidHide\HidHide_Updater.exe [1206200 2023-05-06] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.) -> C:\Program Files\Nefarius Software Solutions\HidHide\\/silent
Task: {9B2542E6-086D-49EA-93C2-02B5352754E9} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-11-09] () [File not signed]
Task: {11617D12-4B3C-4AF4-8F38-A30A4BC5E5AA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {9C49309C-2145-4677-9F0B-9EC1CC2EB47E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [98304 2022-05-06] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {1C319FDD-C11F-4D5E-ACC2-626F2FA42656} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [102400 2022-05-06] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {499912B1-75CC-441A-A387-1D13E5C8F522} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8519a184-dc5c-461e-80bc-c7f801a4de2f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {C5235512-233F-4302-9D65-09BD08DEAAA0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8a397280-b62e-4d7d-a617-ebcde526b642 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {BCE9BA9D-1249-4B7A-AE7D-05CD91CF9CDE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b46eff13-ddf0-4c0b-b60b-7c6cd261ce7f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {A5034D0B-5447-4E5C-B45B-AA4E2004E4E8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f4c95cac-3fdf-44f9-83bd-0cc7e66a838f => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {6BE238ED-A71F-49E0-B8F5-BBE9477261C9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fe59cab9-c120-4751-9537-91c0dae61158 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {2D919C47-B9B9-44F7-84FD-848263CEAC1B} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\Windows\system32\sc.exe [98304 2022-05-06] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {45D7879C-FDC7-4679-9BD1-EE1D425E5C50} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90976 2024-04-07] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle
Task: {9062F728-D805-47B2-B8E0-4196CF61702E} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [188656 2024-04-07] (Lenovo -> Lenovo Group Ltd.)
Task: {E91CA5CE-637F-4043-A1BD-54389D1C7883} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [98304 2022-05-06] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {BA835612-6945-4E3E-8276-F8FE30374EAB} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {62B172AE-A7DF-4EC2-9B9B-F8B0068C227B} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {165C51FE-88FC-46F5-86EE-C8174ED4A1EE} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {D85FE556-B54E-4263-A5AB-A4E57E02FD84} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {924A6861-0C9E-4510-8190-2B60DDBE6692} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {1AE370FD-A53C-401A-9B13-334C7FEE2391} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {32A0AB69-654E-46A4-A776-32CC92D5F697} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {CD9522DD-08F6-4AD1-8168-0D8B556632B1} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {45FD8AE5-5B64-45A5-8939-2F84E27024A1} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {918A3CB6-62B7-4155-BBCA-ECC2D40A968B} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {BF6BDDDA-07FE-49CE-A3A0-A286B7E60212} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.174\ScheduleEventAction.exe [17816 2024-08-30] (Lenovo -> Lenovo)
Task: {84F97A57-0BB5-4FD0-A817-0FC9D7DAD362} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\ScheduleEventAction.exe [30056 2024-09-12] (Lenovo -> Lenovo)
Task: {F3580E28-3B60-4D31-BA14-607D3CC67094} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\uninstall.exe [340968 2024-09-12] (Lenovo -> Lenovo)
Task: {633F720F-5F4E-4410-8A7F-6683E22C6D3D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21918696 2024-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {837AB4E7-32CE-48C3-BF5E-C98B64826209} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21918696 2024-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {0DAB57C9-55EF-42B5-899D-F303F7102475} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC95D63F-8CEC-4F3E-869F-2269110FA05D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B648AB6-E6D8-4905-8CCD-85B7308889EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5275568 2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {35E0E015-2B4E-433F-9512-E285E8CF5259} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5275568 2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {83A76509-D6E2-42D6-A6A4-7D11F8A49F23} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {585FF37C-E2CC-4D9D-8054-F6936C009B2B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3026B5D7-DC33-4561-95D5-6E31E37418C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {49C79727-AF57-4150-BBDE-E5FBB9A5D04D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpCmdRun.exe [1687208 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5FFE260E-32F1-4747-BEA5-8C55009C7F95} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3252700674-1244316876-1502611229-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672320 2024-10-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {36989C1C-D275-4997-9B5D-A71A18835E0D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34368 2024-10-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {D3E59819-91B1-44FB-8266-5065662052E5} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [844400 2022-03-29] (A-Volute SAS -> Nahimic)
Task: {5F1A05D1-AEAA-4C4C-BC5B-B29E56186078} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1105520 2022-03-29] (A-Volute SAS -> Nahimic)
Task: {D8D898A6-3778-4FA6-A935-70A387C99B36} - System32\Tasks\NahimicTask32 => C:\Windows\System32\..\SysWOW64\NahimicSvc32.exe [844400 ] (A-Volute SAS -> Nahimic)
Task: {561CDE61-9AC0-4D42-AD87-0FB24120E0C9} - System32\Tasks\NahimicTask64 => C:\Windows\System32\.\NahimicSvc64.exe [1105520 ] (A-Volute SAS -> Nahimic)
Task: {6CC5D955-5082-465A-BC72-1BE5CC090211} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E0D9AACC-85DC-4C12-94BE-0853951668A0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ABBE7EEA-E9BD-41B6-9D5E-D69733537572} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {43AE64D3-D4D1-4646-81D3-50BC0A3AC1C3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {055D9CF8-2E4C-452E-9565-D74F4EF66FD7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F75058A6-FE9D-43E0-9312-082C3A0905DB} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {978CBE89-F76F-41ED-B1CA-AA76306138CA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8CDC3969-BB25-4D6B-A5C8-84C0ACFA97D5} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5B3AFEED-1AD3-41AA-B67F-010DCC8B0BC5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2024-03-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {820E5226-8269-4DD2-AAAE-D2D4339685E4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {E99C436B-F57E-4D2B-8E76-ADD70103F937} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0523EA8-5DF0-4B5C-A016-A4D6343BA63A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EDBA1BC-0B71-4A64-B3AA-BAE60375919A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1006 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C061680-8495-46D3-AE94-B174F75ABCA5} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209176 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A6EF20A-8FC9-4AEE-A555-45C4AD5DA42B} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1652344982 => C:\Users\tehke\AppData\Local\Programs\Opera GX\launcher.exe [1306528 2024-09-26] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\tehke\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {88B67FCB-9FA5-43BC-B304-9AE32AD2E19D} - System32\Tasks\Opera GX scheduled Autoupdate 1650357760 => C:\Users\tehke\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe [5579168 2024-09-24] (Opera Norway AS -> Opera Software)
Task: {EE1ADD0E-6A2C-417C-BF00-C43C5B55E173} - System32\Tasks\ViGEmBus_Updater => C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBus_Updater.exe [1117096 2022-09-27] (Nefarius Software Solutions e.U. -> Nefarius Software Solutions e.U.) -> C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\\/silent
Task: {6B901360-EE57-48D7-951C-D74D0A7E48A3} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3252700674-1244316876-1502611229-1001 => C:\Users\tehke\AppData\Roaming\Zoom\bin\Zoom.exe [432456 2024-09-27] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3f438854-abf6-4678-8778-405ce82b3a9f}: [DhcpNameServer] 150.208.1.3
Tcpip\..\Interfaces\{9272e2bf-6bd5-1513-a95c-605fd4c46776}: [NameServer] 103.86.96.100,103.86.99.100
Tcpip\..\Interfaces\{c439920d-0d92-4cbf-9a78-ff265fa201f0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c439920d-0d92-4cbf-9a78-ff265fa201f0}: [DhcpDomain] lan
Tcpip\..\Interfaces\{c439920d-0d92-4cbf-9a78-ff265fa201f0}\4554C4553583445424: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c439920d-0d92-4cbf-9a78-ff265fa201f0}\455627279791023702960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 103.86.96.100,103.86.99.100
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2024-10-18]
Edge Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-10-18]
Edge Extension: (Edge relevant text changes) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-25]
Edge Extension: (AdBlock — block ads across the web) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2024-10-18]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-04-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-04-19] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2024-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-10-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
 
Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001) Opera GXStable - "C:\Users\tehke\AppData\Local\Programs\Opera GX\opera.exe"
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-10-13] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2573448 2024-10-12] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9202688 2024-08-01] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-08-03] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncHelper.exe [3525136 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
R2 KelVPNService; C:\Program Files\KelVPN\KelVPNService.exe [15511552 2023-06-22] () [File not signed]
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_1f1bd4b8a7603166\LenovoUtilityService.exe [178656 2024-08-21] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\LenovoVantageService.exe [34256 2024-09-12] (Lenovo -> Lenovo)
R2 MBAMService; D:\Downloads\MB\MBAMService.exe [9019096 2024-10-05] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; D:\Downloads\MB\MBVpnTunnelService.exe [3073888 2024-06-07] (Malwarebytes Inc. -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [918424 2024-10-02] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe [1431160 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1930888 2022-03-29] (A-Volute SAS -> Nahimic)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-12-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvltsi.inf_amd64_4b4a49a5122b87e1\Display.NvContainer\NVDisplay.Container.exe [1275544 2024-04-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.186.0915.0004\OneDriveUpdaterService.exe [3869200 2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 Tobii Service; C:\Program Files\Tobii\Tobii EyeX\Tobii.Service.exe [223528 2021-05-05] (Tobii AB -> Tobii AB)
R2 UDCService; C:\WINDOWS\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72432 2024-04-07] (Lenovo -> Lenovo Group Ltd.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10569840 2022-04-08] (Riot Games, Inc. -> Riot Games, Inc.)
R2 VPNUnlimitedService; D:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [54136 2024-04-12] (KeepSolid Inc. -> KeepSolid Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe [3199656 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe [133704 2024-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; "G:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33216 2021-12-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [544768 2023-12-12] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [188416 2023-11-14] (Microsoft Corporation) [File not signed]
S3 cpuz158; C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [44592 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R3 csaudio; C:\WINDOWS\System32\DriverStore\FileRepository\csaudio.inf_amd64_3abbd251e5a04b6f\csaudio.sys [322984 2022-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2022-03-26] (Disc Soft Ltd -> Disc Soft Ltd)
R3 FBNetFilter; C:\WINDOWS\System32\drivers\FBNetFlt.sys [60784 2023-12-06] (Lenovo -> Lenovo)
R3 HidHide; C:\WINDOWS\System32\drivers\HidHide.sys [66584 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [231504 2024-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MTKBTFilterX64; C:\WINDOWS\system32\DRIVERS\mtkbtfilterx.sys [286424 2022-05-14] (MEDIATEK INC. -> MediaTek Inc.)
R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1439976 2022-05-15] (MEDIATEK INC. -> MediaTek Inc.)
R3 NahimicBTLink; C:\WINDOWS\System32\drivers\NahimicBTLink.sys [85144 2021-09-13] (A-Volute SAS -> Windows ® Win 7 DDK provider)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85144 2021-09-13] (A-Volute SAS -> Windows ® Win 7 DDK provider)
R2 NDivert; C:\Program Files\NordVPN\7.29.3.0\Drivers\NDivert.sys [131472 2024-09-13] (nordvpn s.a. -> Nordvpn S.A.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2024-05-29] (nordvpn s.a. -> TEFINCOM S.A.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2024-03-12] (Nvidia Corporation -> NVIDIA Corporation)
R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [235016 2024-04-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [92664 2024-06-05] (WDKTestCert lev,133391533294737317 -> OpenVPN, Inc)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0094; C:\WINDOWS\System32\drivers\RzDev_0094.sys [55376 2021-01-21] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0095; C:\WINDOWS\System32\drivers\RzDev_0095.sys [56728 2020-12-10] (Razer USA Ltd. -> Razer Inc)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2023-07-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [41120 2024-08-29] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8571048 2022-04-08] (Riot Games, Inc. -> Riot Games, Inc.)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 VPNUSplitTunnel; D:\Program Files (x86)\VPN Unlimited\VpnuDriver\VpnuDriver.sys [49608 2023-11-30] (KeepSolid Inc. -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-09-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602392 2024-09-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-16] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2024-07-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-10-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-10-18 20:51 - 2024-10-18 20:52 - 000068653 _____ C:\Users\Administrator\Desktop\Addition.txt
2024-10-18 20:50 - 2024-10-18 20:58 - 000047725 _____ C:\Users\Administrator\Desktop\FRST.txt
2024-10-18 20:50 - 2024-10-18 20:50 - 002397696 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2024-10-18 20:50 - 2024-10-18 20:50 - 000000000 ____D C:\Users\Administrator\Desktop\FRST-OlderVersion
2024-10-18 20:44 - 2024-10-18 20:44 - 000176273 _____ C:\Users\Administrator\Desktop\Serving It Right.pdf
2024-10-18 20:36 - 2024-10-18 20:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\NordVPN
2024-10-18 20:36 - 2024-10-18 20:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\ToastNotificationManagerCompat
2024-10-18 20:35 - 2024-10-18 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\Nahimic
2024-10-18 20:19 - 2024-10-18 20:19 - 010219392 _____ (Google LLC) C:\Users\tehke\Downloads\ChromeSetup.exe
2024-10-18 20:19 - 2024-10-18 20:19 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-10-18 20:19 - 2024-10-18 20:19 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-10-18 19:59 - 2024-10-18 19:59 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-3252700674-1244316876-1502611229-500_1
2024-10-18 16:37 - 2024-10-18 16:38 - 000070722 _____ C:\Users\tehke\Downloads\Addition.txt
2024-10-18 16:36 - 2024-10-18 16:38 - 000069135 _____ C:\Users\tehke\Downloads\FRST.txt
2024-10-18 16:34 - 2024-10-18 16:34 - 002397696 _____ (Farbar) C:\Users\tehke\Downloads\FRST64.exe
2024-10-14 20:49 - 2024-10-18 05:48 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-10-10 17:53 - 2024-10-10 17:53 - 000033124 _____ C:\Users\tehke\Documents\Terry-Chhim.pdf
2024-10-09 21:40 - 2024-10-09 21:40 - 012080851 _____ C:\Users\tehke\Documents\AQPxtPMMIVeqVfyDzN6N1vOdgtNORH7NPlvbInNM_Mf6rncMN16rEETVanzplBWPQpabxD09z8OGsqDcGJUXPTcG.mp4
2024-10-03 18:38 - 2024-10-03 18:38 - 003497025 _____ C:\Users\tehke\Downloads\resume (1).pdf
2024-10-02 01:00 - 2024-10-02 01:00 - 000000000 ____D C:\Users\tehke\Documents\DM1S Updater_V16_560_28SSOP_3360_DD16H_V102
2024-10-02 00:40 - 2024-10-02 00:40 - 000000000 ____D C:\flassh
2024-10-01 23:47 - 2024-10-01 23:47 - 053555016 _____ C:\Users\tehke\Documents\Untitled-2.psd
2024-10-01 23:47 - 2024-10-01 23:47 - 041725242 _____ C:\Users\tehke\Documents\Untitled-3.psd
2024-10-01 22:00 - 2024-10-01 22:00 - 000001933 _____ C:\Users\Public\Desktop\DM1 Pro S Mouse Driver.lnk
2024-10-01 22:00 - 2024-10-01 22:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-10-01 22:00 - 2024-10-01 22:00 - 000000000 ____D C:\Users\tehke\Downloads\V16 DM1 S PRO Mouse Driver(Eng) 20170704
2024-10-01 22:00 - 2024-10-01 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DM1 Pro S
2024-10-01 22:00 - 2024-10-01 22:00 - 000000000 ____D C:\Program Files (x86)\DM1 Pro S
2024-09-27 03:23 - 2024-09-27 03:23 - 000000000 ____D C:\Users\tehke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-09-25 21:49 - 2024-10-18 05:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-25 21:49 - 2024-10-15 03:49 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-25 21:49 - 2024-09-25 21:49 - 000372088 _____ (Mozilla) C:\Users\tehke\Downloads\Firefox Installer.exe
2024-09-25 21:49 - 2024-09-25 21:49 - 000002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-09-25 21:49 - 2024-09-25 21:49 - 000001004 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-09-25 21:49 - 2024-09-25 21:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-25 21:49 - 2024-09-25 21:49 - 000000000 ____D C:\Users\tehke\AppData\Roaming\Mozilla
2024-09-25 21:49 - 2024-09-25 21:49 - 000000000 ____D C:\Users\tehke\AppData\Local\Mozilla
2024-09-18 14:53 - 2024-09-18 14:53 - 000000000 ____D C:\Users\tehke\Documents\Peace automatic configurations backup
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-10-18 20:58 - 2023-03-15 00:47 - 000000000 ____D C:\FRST
2024-10-18 20:56 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Malwarebytes
2024-10-18 20:56 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-10-18 20:53 - 2023-02-23 23:00 - 000851362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-10-18 20:53 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF
2024-10-18 20:50 - 2023-02-23 22:51 - 000000000 ____D C:\Users\tehke
2024-10-18 20:47 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-10-18 20:47 - 2022-03-24 14:18 - 000000000 ____D C:\ProgramData\Packages
2024-10-18 20:46 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2024-10-18 20:46 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\.tobii
2024-10-18 20:46 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator
2024-10-18 20:46 - 2023-02-23 22:55 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2024-10-18 20:46 - 2023-02-23 22:55 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2024-10-18 20:46 - 2023-02-23 22:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-10-18 20:46 - 2023-02-23 22:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-10-18 20:46 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-10-18 20:46 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-10-18 20:46 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-10-18 20:46 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-10-18 20:46 - 2022-02-14 20:16 - 000000000 ____D C:\ProgramData\NVIDIA
2024-10-18 20:45 - 2021-06-23 11:44 - 000012288 ___SH C:\DumpStack.log.tmp
2024-10-18 20:43 - 2023-04-29 11:32 - 000000000 ____D C:\Users\tehke\AppData\Local\Malwarebytes
2024-10-18 20:37 - 2024-01-19 11:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2024-10-18 20:37 - 2024-01-19 11:45 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials
2024-10-18 20:21 - 2022-03-24 14:18 - 000000000 ____D C:\Users\tehke\AppData\Local\Packages
2024-10-18 20:14 - 2022-03-24 14:21 - 000000000 ____D C:\Users\tehke\AppData\Roaming\discord
2024-10-18 20:13 - 2024-07-22 21:11 - 000000000 ____D C:\Users\tehke\AppData\Local\NordVPN
2024-10-18 20:13 - 2022-03-24 14:21 - 000000000 ____D C:\Users\tehke\AppData\Local\Discord
2024-10-18 20:12 - 2022-03-24 15:25 - 000000000 ____D C:\Users\tehke\.tobii
2024-10-18 20:00 - 2024-01-19 11:46 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2024-10-18 19:59 - 2024-01-19 11:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-10-18 19:59 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\NVIDIA
2024-10-18 19:59 - 2022-04-01 03:01 - 000000000 ____D C:\Users\tehke\Documents\ShareX
2024-10-18 19:55 - 2023-02-28 04:48 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-10-18 19:55 - 2022-05-06 22:17 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2024-10-18 19:54 - 2022-05-06 22:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-10-18 05:48 - 2022-04-21 14:48 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-10-17 23:06 - 2023-03-23 00:56 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-10-17 04:27 - 2022-03-24 14:18 - 000000000 ____D C:\Users\tehke\AppData\Local\D3DSCache
2024-10-15 21:23 - 2022-04-15 21:53 - 000000000 ____D C:\Users\tehke\AppData\Roaming\Microsoft\Word
2024-10-15 18:18 - 2024-01-19 11:46 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-500
2024-10-15 18:18 - 2023-02-23 22:55 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1006
2024-10-15 18:18 - 2023-02-23 22:55 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1004
2024-10-15 18:18 - 2023-02-23 22:55 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3252700674-1244316876-1502611229-1001
2024-10-15 18:18 - 2023-02-23 22:55 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-10-15 18:18 - 2022-04-19 02:11 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-10-14 17:44 - 2024-07-22 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2024-10-14 17:44 - 2024-07-22 21:10 - 000000000 ____D C:\Program Files\NordVPN
2024-10-14 01:09 - 2023-09-05 04:14 - 000000000 ____D C:\Users\tehke\AppData\Roaming\bluestacks-services
2024-10-14 01:08 - 2023-10-12 04:40 - 000000000 ____D C:\WINDOWS\Minidump
2024-10-14 01:08 - 2022-02-14 20:08 - 003691504 ____N C:\WINDOWS\Minidump\101424-17984-01.dmp
2024-10-14 01:07 - 2022-05-09 15:47 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2024-10-14 01:02 - 2022-03-24 14:57 - 000000000 ____D C:\Users\tehke\AppData\Local\Battle.net
2024-10-12 08:39 - 2023-01-17 12:07 - 000002249 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-10-12 08:39 - 2021-06-23 11:45 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-10-12 03:53 - 2022-03-24 23:28 - 000000000 ____D C:\Users\tehke\AppData\Roaming\vlc
2024-10-12 03:37 - 2022-10-04 02:21 - 000000000 ____D C:\Users\tehke\Downloads\Telegram Desktop
2024-10-10 13:21 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-10-10 13:05 - 2023-02-23 22:50 - 005164408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-10-10 13:04 - 2023-10-12 04:34 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-10-10 13:04 - 2022-05-06 23:10 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\IME
2024-10-10 13:04 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-10-10 13:04 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing
2024-10-09 20:59 - 2022-03-25 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-10-09 20:56 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-10-09 20:56 - 2022-03-25 15:32 - 201324920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-10-09 20:54 - 2023-02-23 22:54 - 003213312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-10-09 09:32 - 2023-02-23 22:55 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-10-09 09:32 - 2023-02-23 22:55 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-10-07 16:49 - 2022-03-24 14:18 - 000000000 ____D C:\Users\tehke\AppData\Local\PlaceholderTileLogoFolder
2024-10-05 17:50 - 2022-03-24 14:21 - 000002258 _____ C:\Users\tehke\Desktop\Discord.lnk
2024-10-02 23:31 - 2024-08-28 03:39 - 000000000 ____D C:\Users\tehke\AppData\Roaming\obs-studio
2024-10-02 00:45 - 2022-03-24 18:47 - 000000000 ____D C:\Users\tehke\AppData\Local\CrashDumps
2024-10-02 00:00 - 2023-02-23 22:19 - 000000000 ____D C:\Program Files\Razer
2024-10-02 00:00 - 2022-08-02 02:39 - 000000000 ____D C:\Users\terry\AppData\Local\Razer
2024-10-02 00:00 - 2022-04-07 16:00 - 000000000 ____D C:\Users\Terryc\AppData\Local\Razer
2024-10-02 00:00 - 2022-03-25 06:08 - 000000000 ____D C:\ProgramData\Razer
2024-10-02 00:00 - 2022-03-25 06:08 - 000000000 ____D C:\Program Files (x86)\Razer
2024-10-02 00:00 - 2022-03-24 14:26 - 000000000 ____D C:\Users\tehke\AppData\Local\Razer
2024-10-02 00:00 - 2022-03-24 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-10-01 23:54 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Razer
2024-10-01 23:49 - 2022-03-24 14:18 - 000000000 ____D C:\Users\tehke\AppData\Local\VirtualStore
2024-09-27 14:18 - 2024-09-06 02:54 - 000000000 ____D C:\Users\tehke\AppData\Roaming\Zoom
2024-09-27 03:23 - 2024-09-06 03:16 - 000004268 _____ C:\WINDOWS\system32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3252700674-1244316876-1502611229-1001
2024-09-26 17:15 - 2023-02-23 22:55 - 000004278 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1650357760
2024-09-26 17:15 - 2022-04-19 01:42 - 000001430 _____ C:\Users\tehke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser.lnk
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

Advertisements


#2
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by Administrator (18-10-2024 20:58:47)
Running from C:\Users\Administrator\Desktop
Microsoft Windows 11 Home Version 23H2 22631.4317 (X64) (2023-02-24 05:55:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3252700674-1244316876-1502611229-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3252700674-1244316876-1502611229-503 - Limited - Disabled)
Guest (S-1-5-21-3252700674-1244316876-1502611229-501 - Limited - Disabled)
tehke (S-1-5-21-3252700674-1244316876-1502611229-1001 - Administrator - Enabled) => C:\Users\tehke
terry (S-1-5-21-3252700674-1244316876-1502611229-1004 - Administrator - Enabled) => C:\Users\terry
Terryc (S-1-5-21-3252700674-1244316876-1502611229-1006 - Administrator - Enabled) => C:\Users\Terryc
terry_w2lrri1 (S-1-5-21-3252700674-1244316876-1502611229-1005 - Administrator - Enabled)
WDAGUtilityAccount (S-1-5-21-3252700674-1244316876-1502611229-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Photoshop (Beta) (HKLM\...\{KCF078A9-BA3F-458D-A4A0-3DBB7B169E6S}) (Version: 25.2.0 m.2357 - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_3) (Version: 14.0.3 - Adobe Inc.)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 8.8.4.0 - iMobie Inc.)
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BeamNG.drive v0.23 (HKLM-x32\...\BeamNG.drive_is1) (Version: 0.23 - BeamNG)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.13.0.1076 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\BlueStacks X) (Version: 10.3.20.1003 - now.gg, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Cheat Engine 7.4 (HKLM\...\Cheat Engine_is1) (Version:  - Cheat Engine)
Core Temp 1.18 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18 - ALCPU)
CPUID HWMonitor 1.45 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.45 - CPUID, Inc.)
CrystalDiskInfo 9.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.2 - Crystal Dew World)
Discord (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
DM1 Pro S Mouse Driver (HKLM-x32\...\{F71F2BA4-3CC5-4B76-8019-3421855296E2}) (Version: 1.0 - Dream Machines)
ELDEN RING (HKLM-x32\...\ELDEN RING_is1) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{FAC47927-1A6A-4C6E-AD7D-E9756794A4BC}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.3 - )
Final Fantasy VII Remake Intergrade (HKLM-x32\...\Final Fantasy VII Remake Intergrade_is1) (Version:  - )
GetDataBack Pro version 5.57 (HKLM\...\GetDataBack Pro Install_is1) (Version: 5.57 - Runtime Software, LLC)
Ghostwire Tokyo (HKLM-x32\...\Ghostwire Tokyo_is1) (Version: 0.0.0 - DODI-Repacks)
Glorious Model O Software (HKLM-x32\...\{0969D386-B5B4-41BD-98E3-4A1A7D32CB97}_is1) (Version: 1.0.9 - Glorious PC Gaming Race LLC.)
GoldWave v6.80 (HKLM\...\GoldWave v6.80) (Version: 6.80 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 130.0.6723.59 - Google LLC)
GSmartControl (HKLM\...\GSmartControl) (Version: 1.1.4 - Alexander Shaduri)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HidHide (HKLM\...\{48DD38C8-443E-4474-A249-AB32389E08F6}) (Version: 1.2.128 - Nefarius Software Solutions e.U.)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
KelVPN 7.6-1 (HKLM\...\KelVPN) (Version: 7.6-1 - KelVPN)
K-Lite Mega Codec Pack 17.9.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.9.4 - KLCP)
LatencyMon 7.31 (HKLM\...\LatencyMon_is1) (Version: 7.31 - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Legion Arena (HKLM-x32\...\Legion Arena_is1) (Version: 1.3.1.1 - Lenovo Group Ltd.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.2.24.0 - Lenovo Group Ltd.)
Malwarebytes version 5.1.11.133 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.11.133 - Malwarebytes)
MetaTrader 4 Axi Terminal (HKLM-x32\...\MetaTrader 4 Axi Terminal) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft .NET Host - 5.0.16 (x64) (HKLM\...\{DAA471F4-54A9-4820-A1C5-266B5153C144}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.7 (x64) (HKLM\...\{8F51A211-71F1-4858-8198-8A5A66818D16}) (Version: 48.31.44002 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.16 (x64) (HKLM\...\{29CBA832-8D09-42D0-82F4-3583EE247A5E}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.7 (x64) (HKLM\...\{E18A98D1-DF73-4E11-AC20-FD0190628270}) (Version: 48.31.44002 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.16 (x64) (HKLM\...\{16E242C4-24A9-4381-8023-0F246750CA47}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.16 (x64) (HKLM-x32\...\{68696b91-f423-4e8e-a58f-631366d0f77a}) (Version: 5.0.16.31117 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.7 (x64) (HKLM\...\{882F32A5-8330-4366-844A-2F3B73C3F021}) (Version: 48.31.44002 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 129.0.2792.89 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 129.0.2792.89 - Microsoft Corporation)
Microsoft Flight Simulator (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Microsoft Flight Simulator) (Version:  - HOODLUM)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14026.20302 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.186.0915.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.25506 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM\...\{90B8150E-08C5-4225-9F94-9BBB39D82601}) (Version: 40.64.31121 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM-x32\...\{c34fb08d-bd27-4d0b-a7bc-f7d5359f9518}) (Version: 5.0.16.31121 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.7 (x64) (HKLM\...\{30702F00-F514-4094-BA4A-A05B42FD1CAC}) (Version: 48.31.44003 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.7 (x64) (HKLM-x32\...\{a7dab025-ec7a-4e8a-add3-6d872f1d8aca}) (Version: 6.0.7.31422 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox (x64 en-CA) (HKLM\...\Mozilla Firefox 131.0.3 (x64 en-CA)) (Version: 131.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 130.0.1 - Mozilla)
NBA 2K19 (HKLM-x32\...\NBA 2K19_is1) (Version:  - )
NBA 2K22 (HKLM-x32\...\NBA 2K22_is1) (Version:  - )
Neural Filters (HKLM\...\{70F9BD38-D373-4CC8-BF4A-414DE0D0C42F}) (Version: 1.15.0.100 - Adobe)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.4.821 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.29.3.0 - Nord Security)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 552.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 552.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.2.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20302 - Microsoft Corporation) Hidden
Opera GX Stable 113.0.5230.135 (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Opera GX 113.0.5230.135) (Version: 113.0.5230.135 - Opera Software)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Peace (HKLM\...\Peace) (Version: 1.6.7.10 - P.E. Verbeek)
Python 3.12.6 (64-bit) (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\{316e3b12-1191-47df-b9d4-dcf0bf2f6cc4}) (Version: 3.12.6150.0 - Python Software Foundation)
Python 3.12.6 Add to Path (64-bit) (HKLM\...\{3C524136-E47A-45C7-BB2C-242EAC3F4C32}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python 3.12.6 Core Interpreter (64-bit) (HKLM\...\{901B913C-FA63-48D2-9842-7D7676739378}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python 3.12.6 Development Libraries (64-bit) (HKLM\...\{2F4E9933-7587-4D85-9BA1-F2903AFB36D8}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python 3.12.6 Documentation (64-bit) (HKLM\...\{46673E63-1CA8-43EA-B73B-AC20DDD77C5A}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python 3.12.6 Executables (64-bit) (HKLM\...\{537B2AF5-504B-4303-99CB-FDE56F47AA51}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python 3.12.6 pip Bootstrap (64-bit) (HKLM\...\{1D520CE1-F09A-4A26-B110-52081FEA0AB9}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python 3.12.6 Standard Library (64-bit) (HKLM\...\{1DAEF824-881A-49C6-B91E-1D28877FF18D}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python 3.12.6 Tcl/Tk Support (64-bit) (HKLM\...\{08A1963D-07D1-4620-929C-385F6A307772}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python 3.12.6 Test Suite (64-bit) (HKLM\...\{3334B843-864F-4F04-A635-5D2FD5840AD5}) (Version: 3.12.6150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FE223D83-99B9-41D5-99FC-FA3995D8F82D}) (Version: 3.12.6150.0 - Python Software Foundation)
qBittorrent 4.4.2 (HKLM-x32\...\qBittorrent) (Version: 4.4.2 - The qBittorrent project)
Raise Data Recovery (HKLM\...\rdr) (Version: 9.14 - LLC SysDev Laboratories)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
SeaTools (HKLM-x32\...\SeaTools 5.1.182) (Version: 5.1.182 - Seagate)
Session 1.11.5 (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\f1339da8-b3f2-5116-b780-aafa611bc7f7) (Version: 1.11.5 - Oxen Labs)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 16.0.1 - ShareX Team)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StepMania 5 (HKLM-x32\...\StepMania 5) (Version: 5.0.12 - StepMania)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
Telegram Desktop (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.6.3 - Telegram FZ-LLC)
Tobii Experience Software For Windows (LenovoY760) (HKLM\...\{7F9E80DA-CBD7-49F5-A756-294D0FA745F4}) (Version: 4.110.0.13215 - Tobii AB)
VALORANT (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
ViGEm Bus Driver (HKLM\...\{9C581C76-2D68-40F8-AA6F-94D3C5215C05}) (Version: 1.21.442 - Nefarius Software Solutions e.U.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
VPN Unlimited 9.2.0 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 9.2.0 - KeepSolid Inc.)
Wale (HKLM\...\{2C88370E-794C-482F-B9D5-CB770E48ACF6}) (Version: 0.7.5.0 - Jongtae Park (catright))
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.965 - McAfee, LLC)
WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司)
WickrMe (HKLM\...\{B49C1616-0DE8-4178-92C3-BD45602C2B8D}) (Version: 5.102.9 - Wickr Inc.)
Windows Driver Package - Razer Inc. (WinUSB) USB  (05/04/2016 6.2.9200.16385) (HKLM\...\874D6B1A2BD2AE8FF3594AB704F2A4A3F8342FB5) (Version: 05/04/2016 6.2.9200.16385 - Razer Inc.)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
X-Rite Color Assistant 2.12.0.0 (HKLM-x32\...\{6DCFB107-4604-4AA8-BEA6-CC80BCF0B3E4}_is1) (Version: 2.12.0.0 - X-Rite, Inc)
Zoom Workplace (HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\ZoomUMX) (Version: 6.1.12 (46889) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Copilot -> C:\Program Files\WindowsApps\Microsoft.Copilot_0.4.2.0_neutral__8wekyb3d8bbwe [2024-10-18] (Microsoft Corporation)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.20301.388.0_x64__rz1tebttyb220 [2024-01-20] (Dolby Laboratories)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2312.17.0_x64__k1h2ywk1493x8 [2024-07-05] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.5.109.0_x64__5grkq8ppsgwt4 [2024-01-20] (LENOVO INC) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-01-20] (Microsoft Corp.)
Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24257.205.3165.2029_x64__8wekyb3d8bbwe [2024-10-18] (Microsoft) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21027.539.0_x64__8wekyb3d8bbwe [2024-01-20] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2024-01-20] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2024-01-20] (Microsoft Corporation)
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm [2024-03-17] (A-Volute)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-04-17] (NVIDIA Corp.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-10-18] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.40.286.0_x64__dt26b99r8h8gj [2024-01-20] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2024-01-21] (Microsoft Studios) [MS Ad]
Tobii Experience -> C:\Program Files\WindowsApps\TobiiAB.TobiiEyeTrackingPortal_1.53.13804.0_x64__j9ea20k37yd2w [2024-07-05] (Tobii AB) [Startup Task]
Widgets Platform Runtime -> C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe [2024-10-18] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.AccountsService_cw5n1h2txyewy [2024-10-10] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-10-10] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.IrisService_cw5n1h2txyewy [2024-10-10] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.TwinSxS_cw5n1h2txyewy [2024-10-10] (Microsoft Windows)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-500_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.25506\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-500_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-500_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Administrator\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Downloads\MB\mbshlext.dll [2023-03-01] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.186.0915.0004\FileSyncShell64.dll [2024-10-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvltsi.inf_amd64_4b4a49a5122b87e1\nvshext.dll [2024-04-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Downloads\MB\mbshlext.dll [2023-03-01] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [55296 2005-01-21] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-10-01 22:00 - 2014-04-16 09:19 - 000049152 _____ () [File not signed] C:\Program Files (x86)\DM1 Pro S\hiddriver.dll
2024-10-01 22:00 - 2017-07-04 11:44 - 000057344 _____ () [File not signed] C:\Program Files (x86)\DM1 Pro S\lan.dll
2023-05-16 03:54 - 2022-07-15 07:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-04-07 23:35 - 2021-07-22 13:11 - 000076288 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] D:\Program Files (x86)\VPN Unlimited\cares.dll
2022-04-07 23:35 - 2023-07-04 09:25 - 000498688 _____ (The curl library, hxxps://curl.se/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libcurl.dll
2023-10-18 19:20 - 2023-07-19 09:19 - 005149696 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libcrypto-3-x64.dll
2023-10-18 19:20 - 2023-07-19 09:19 - 000777728 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] D:\Program Files (x86)\VPN Unlimited\libssl-3-x64.dll
2022-04-07 23:35 - 2023-10-22 08:00 - 006066176 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files (x86)\VPN Unlimited\Qt5Core.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3306]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3306]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-19] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-04-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-19] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-09-09] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-06] (Lenovo -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2024-07-22 21:29 - 2024-10-18 20:36 - 000000080 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\;C:\Users\terry\AppData\Local\Microsoft\WindowsApps;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tehke\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\1070956.jpg
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\terry\Downloads\th.jfif
HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
HKU\S-1-5-21-3252700674-1244316876-1502611229-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.
 
Network Binding:
=============
OpenVPN Data Channel Offload for NordVPN: OpenVPN Data Channel Offload -> ovpn-dco.sys
Local Area Connection: TAP-Windows Adapter V9 -> tap0901.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Wi-Fi: MediaTek Wi-Fi 6 MT7921 Wireless LAN Card -> mtkwl6ex.sys
Local Area Connection 2: TAP-NordVPN Windows Adapter V9 -> tapnordvpn.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
 
NordLwf: NordVPN LightWeight Firewall
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "CORSAIR iCUE 4 Software"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run: => "RZTHXHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "AirBackupHelper"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5336C2924B55FD107B3D46AF0B1AC178"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "LenovoVantageToolbar"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Opera GX Stable"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "AirBackupHelper"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "AnyTransToolHelper"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "electron.app.BlueStacks Services"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "AirBackupHelper"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "AnyTransToolHelper"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "LenovoVantageToolbar"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "RzAppEngine"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "RazerAxon"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{02BF276A-A2B4-472A-A1B9-045136E3548D}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [TCP Query User{3279C445-3008-4325-8EB4-1790CD109A12}C:\program files (x86)\imobie\anytrans\airbackuphelper.exe] => (Allow) C:\program files (x86)\imobie\anytrans\airbackuphelper.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{1FFE03ED-1DA7-4538-826D-A46A56FA0480}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{813A5889-4353-4820-B4A0-DC91B3C01A5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{201609B0-1BDD-4744-9FB0-53FC62154D95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBF99A41-C40A-4297-BE29-AC005E20D0A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{3461D076-3186-40A0-919C-159EA3A77B5D}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [TCP Query User{7B7D956B-DAB0-4DB5-B406-962CACACC163}C:\program files (x86)\imobie\anytrans\anytrans.exe] => (Allow) C:\program files (x86)\imobie\anytrans\anytrans.exe (iMobie Inc. -> iMobie Inc.)
FirewallRules: [{8ADE8427-B91F-4415-B1AF-910FE044734F}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{796EE9EB-2F72-481A-82CA-B1C330F5B8CF}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [UDP Query User{DF07C02D-411D-46F6-A64F-20000D982D6D}D:\program files\videolan\vlc\vlc.exe] => (Allow) D:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{E2EEC09E-4D60-4FC1-83A6-9835633838D5}D:\program files\videolan\vlc\vlc.exe] => (Allow) D:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4C548F2E-FD68-4203-8FC6-293A763F8752}D:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) D:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed]
FirewallRules: [TCP Query User{A9EDF648-C636-4527-ACB6-73B312DC5235}D:\program files\epic games\fallguys\fallguys_client_game.exe] => (Allow) D:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed]
FirewallRules: [UDP Query User{3370FAAD-4BE6-43F6-829B-0319816A03C2}C:\users\tehke\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\tehke\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{8C6C4E34-C687-4748-9AB7-A326FBACB2C3}C:\users\tehke\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\tehke\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{CEF0907C-E653-45FF-9A7C-F89E8E7EACDF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{624CF589-180A-43C9-B739-EB0C0B9662D2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1F2EC377-D610-423C-8A3B-973BC2D4E4E8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FA6F9461-B445-4597-A0E6-0F4DD671E277}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{236B3DCD-C294-4D82-9BCD-77F2CA833AE0}] => (Allow) D:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe (2K Sports) [File not signed]
FirewallRules: [{F5E41059-B84D-4F44-A9BF-68E829B4AB31}] => (Allow) D:\Program Files (x86)\2K Sports\NBA 2K14\nba2k14.exe (2K Sports) [File not signed]
FirewallRules: [{053F9DDC-B876-47C8-9140-8B44270FD3AB}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{EF09ABE3-EF47-483C-AADF-95CC8F2A5C1F}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{C67C87BF-74BC-47ED-A5CE-84C1702A5D6B}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FF6BC194-8D39-4399-B239-2F8900AC24BC}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{97C13D7B-B8BB-4284-9E33-B31644C942D3}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{42EB94E4-B8BD-487D-A206-EB0E8FCC74E6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{3EF70458-7853-4778-957B-971A239CD69E}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe => No File
FirewallRules: [UDP Query User{C57AF867-3C79-4791-9486-B0E91AF495C5}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe => No File
FirewallRules: [{60EECC99-BD04-47C2-8B6C-B68B34A4EA9C}] => (Allow) C:\Program Files\Tencent\WeChat\WeChat.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{5F74870A-5761-4B7A-97BD-071DD0D291AA}] => (Allow) D:\BlueStacks\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{1ADF556A-F147-4C41-9C48-81D9AC960A87}] => (Allow) D:\BlueStacks\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{6F873598-011D-40FD-96B1-6DADE091832F}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{C613D8F6-32F2-4704-9FCC-5FF5BF80B89F}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{272ECFCC-1162-4CE2-8D23-C9E2959516F8}D:\games\stepmania 5\program\stepmania.exe] => (Allow) D:\games\stepmania 5\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed]
FirewallRules: [UDP Query User{6411800B-B934-45EA-9AEE-C0C68596FC2C}D:\games\stepmania 5\program\stepmania.exe] => (Allow) D:\games\stepmania 5\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed]
FirewallRules: [{456558FA-2316-4DFD-8395-58AC65B6CD0D}] => (Allow) G:\Games\Steam\steamapps\common\Undisputed\Undisputed.exe => No File
FirewallRules: [{B640A35D-83A9-493E-A12A-AA660ADF280D}] => (Allow) G:\Games\Steam\steamapps\common\Undisputed\Undisputed.exe => No File
FirewallRules: [TCP Query User{A855FABB-F41E-47EF-9A9E-2C547C249745}G:\games\nba 2k22\nba2k22.exe] => (Block) G:\games\nba 2k22\nba2k22.exe => No File
FirewallRules: [UDP Query User{BA565023-7C4D-4A60-8418-F3BFDB4700D4}G:\games\nba 2k22\nba2k22.exe] => (Block) G:\games\nba 2k22\nba2k22.exe => No File
FirewallRules: [{719125C9-5CFB-44B9-88F7-8E6FC13396ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7F60E2F1-FE81-414E-9CF8-CCFC3021A5F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{31F663E5-5590-47D3-A567-40464A26D1FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{193BD387-2D15-4578-B053-A3FE382E7291}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AD41EAA1-6766-4E8B-A5D2-FC06274E31B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E959104C-3D53-4942-9207-F85BE2E6802F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DB3B8EB3-AF05-494D-931C-E900B289B2C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{03D7D46D-22AF-4DEF-BDA4-6F8536F0C898}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{157D526E-0F7F-4EF6-A756-8DAEA2F7FA71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5D9983D9-78A7-467C-8D90-11B4C0662E05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8A377BE0-E3B8-4690-A377-56AD4BD76C52}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2018D383-7C8F-4636-B37E-54AF1562FE5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F49DB459-5D96-449C-A5D8-985B5D702C61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F47EA20A-AC82-4105-A922-A38B2A2C7DF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D17521CF-9DC5-49F4-9A4B-21F08899FCEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2BC6901D-492D-49CB-95A9-E943139B8891}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D35281FE-8F6F-4A01-902C-CD595D7B9D0A}] => (Allow) D:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe (KeepSolid Inc. -> KeepSolid Inc.)
FirewallRules: [{28E1F351-3BEA-44DE-BB7A-E04F4DFEC13C}] => (Allow) D:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe (KeepSolid Inc. -> KeepSolid Inc.)
FirewallRules: [{060B49C4-1531-4305-AEB8-EAE55F6106F8}] => (Allow) D:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [{2C6653BA-A60E-4E5D-BAE0-4A80D048E0AC}] => (Allow) D:\Program Files (x86)\VPN Unlimited\openvpn.exe (The OpenVPN Project) [File not signed]
FirewallRules: [TCP Query User{22827E7B-9454-4D33-AF8F-71DC756D7DA5}D:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{32126533-BACF-4461-99C4-D3F0041C9FEE}D:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base92440\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{B942BEB7-A895-452C-880F-6712B92E4E3B}D:\program files (x86)\starcraft ii\versions\base92440\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base92440\sc2.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{B73C4562-9BD3-426D-BD4F-2A0D138FF361}D:\program files (x86)\starcraft ii\versions\base92440\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base92440\sc2.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{76000C94-0FC0-4125-AC02-699BF4CE16B9}] => (Block) D:\Program Files (x86)\StarCraft II\Support64\SC2Switcher_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{C8EDB7A1-89E3-4CBF-AF01-E46D83FFE1B2}] => (Allow) C:\Users\tehke\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D04765C1-0A6C-4A88-9315-7956C95435F6}] => (Allow) C:\Users\tehke\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CB93AD3E-AECD-410A-A6CC-DB9EDFC3017C}] => (Allow) C:\Users\tehke\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{16005D13-2AA9-458C-8BA3-0C31C15D58CC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE2C88A3-AD64-418A-BEF7-332C7E55AF5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C2AE1C71-C509-4590-B794-1B1B288038ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8D879C26-71C3-466B-AF52-96BDAD76BC97}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.89\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1189430-E4D6-43E2-94A5-FE337C94C6AA}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24256.2502.3123.1_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06557CE2-681B-47FE-BABE-C50D03A3F944}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24256.2502.3123.1_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F0B4BB93-8633-43EB-8845-0A1C4B603F7C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8EB42C35-E7C7-443B-BE8A-8111B3BB7DBC}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{E5FD63AA-8B1A-432A-9690-9FC6B0CB6A59}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{F50C85AA-63A7-4940-9D34-1C8D637A1ECD}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24257.205.3165.2029_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{44D5A5C5-2489-41A1-854F-A58D811A9214}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24257.205.3165.2029_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
17-10-2024 04:28:35 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: DCP-L2540DW
Description: DCP-L2540DW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Device Client Device
Description: Universal Device Client Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: DAEMON Tools Lite Virtual SCSI Bus
Description: DAEMON Tools Lite Virtual SCSI Bus
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Disc Soft Ltd
Service: dtlitescsibus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/18/2024 08:46:20 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-D982FIHM$ via https://AMD-KeyId-52...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 19 Oct 2024 03:46:24 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 54c03578-956f-4ce2-a9a3-036304897c9f
 
Method: GET(250ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (10/18/2024 08:46:20 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 19 Oct 2024 03:46:23 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 52f65c97-1635-4d7c-b1a6-72e15dd5a73b
 
Method: GET(281ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (10/18/2024 08:10:52 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-D982FIHM$ via https://AMD-KeyId-52...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 19 Oct 2024 03:10:55 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 02ca9f4b-e81d-4565-a793-d62d66af6270
 
Method: GET(281ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (10/18/2024 08:10:51 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 19 Oct 2024 03:10:54 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 0fa48537-76e7-41e0-8792-538f0d977a9e
 
Method: GET(3875ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (10/18/2024 07:55:56 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-D982FIHM$ via https://AMD-KeyId-52...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 19 Oct 2024 02:56:00 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 731d0488-4f2d-4cc7-ae6e-bc7f472d3731
 
Method: GET(265ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (10/18/2024 07:55:56 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-52...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 19 Oct 2024 02:56:00 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 33e34ceb-582c-4600-8a7b-7cf142dd52f6
 
Method: GET(640ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (10/18/2024 07:55:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (10/18/2024 07:55:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
 
System errors:
=============
Error: (10/18/2024 08:46:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:45:37 PM on ‎10/‎18/‎2024 was unexpected.
 
Error: (10/18/2024 08:37:27 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (10/18/2024 08:37:27 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
Error: (10/18/2024 08:10:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:08:46 PM on ‎10/‎18/‎2024 was unexpected.
 
Error: (10/18/2024 07:55:05 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Security Service service did not shut down properly after receiving a preshutdown control.
 
Error: (10/18/2024 06:45:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:44:37 PM on ‎10/‎18/‎2024 was unexpected.
 
Error: (10/18/2024 05:13:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:13:00 PM on ‎10/‎18/‎2024 was unexpected.
 
Error: (10/18/2024 04:53:09 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
 
Windows Defender:
================
Date: 2024-10-18 01:22:07
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-10-16 19:43:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-10-15 23:47:12
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-10-14 20:13:48
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-10-12 21:05:40
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2024-10-18 20:45:58
Description: 
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\dtlitescsibus.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x20. Status 0xC00000BB. 
 
Date: 2024-10-18 20:13:10
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\tehke\AppData\Local\Discord\app-1.0.9166\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements. 
 
Date: 2024-10-18 19:54:29
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO GKCN65WW 01/16/2024
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 9 5900HX with Radeon Graphics 
Percentage of memory in use: 29%
Total physical RAM: 32620.06 MB
Available physical RAM: 22843.2 MB
Total Virtual: 69484.06 MB
Available Virtual: 57836.66 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:952.62 GB) (Free:393.77 GB) (Model: SKHynix_HFS001TDE9X084N) NTFS
Drive d: (Data) (Fixed) (Total:953.85 GB) (Free:533.03 GB) (Model: SKHynix_HFS001TDE9X084N) NTFS
 
\\?\Volume{0af6318f-5335-4cce-bcf1-c37154c74faa}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.29 GB) NTFS
\\?\Volume{fe006d31-1f1e-4cea-b168-9297dd4deeac}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 43FF248E)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 953.9 GB) (Disk ID: 1B25E18B)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Hi, Terryc250.
 
Welcome back!

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
==================
 
To begin with:
 
1. P2P programs
 
We dealt with these programs in your previous topic. It seems that you tend to return to old bad habits. :)

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it now.

 

2. WickrMe

 

This was used to help organizations and government agencies to communicate securely through one-to-one and group messaging, voice and video calling, file sharing, screen sharing, and more. Now, it has been discontinued.  My recommendation is to uninstall it. 

 

 

3. WebAdvisor by McAfee

 

Did you intentionally install it? If yes, that's fine. If not, and it came bundled with other products, please uninstall it.

 

 

4. Policies 

 

Are you aware of these changes in Policies?

 

HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
 

 

 

In your next reply, please post:

  1. What did you do with the 3 programs mentioned above.
  2. A reply about policies.

  • 0

#4
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

1) Uninstall 2/3.   WickrMe doesn't appear in my programs list, and i cannot find the uninstall file in it's folder.

2) No I'm not aware of those.

Also, I'm almost certain something is causing my laptop to overheat.  When i prop my laptop over one of my large fans in my room it doesn't restart.  But as soon as I remove the fan, it starts back restarting every 10 minutes or so.


Edited by Terryc250, 20 October 2024 - 10:40 PM.

  • 0

#5
peterm

peterm

    Trusted Tech

  • Technician
  • 3,410 posts

When malware is finished DrM will pass you to tech

And it would help if you post the make model and serial number


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

1) Uninstall 2/3.   WickrMe doesn't appear in my programs list, and i cannot find the uninstall file in it's folder.

2) No I'm not aware of those.

Also, I'm almost certain something is causing my laptop to overheat.  When i prop my laptop over one of my large fans in my room it doesn't restart.  But as soon as I remove the fan, it starts back restarting every 10 minutes or so.

 

As soon as we check the computer for malware, we will deal with the other issues, Terry.

 

For now:

 

You have the following accounts with administrator's privileges:

 

tehke 
terry 
Terryc 
terry_w2lrri1 
 
Sign in with one of the above accounts each time and check if you see WickrMe. Uninstall it from any of these accounts.
 
After that, please attach fresh FRST logs for me to check. 
 
(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)
 

  • 0

#7
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

Here they are

Attached Files


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Hi.
 
Please do the following:

 
1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\StartupApproved\Run: => "RZTHXHelper"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "RzAppEngine"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "RazerAxon"
FirewallRules: [TCP Query User{3EF70458-7853-4778-957B-971A239CD69E}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe => No File
FirewallRules: [UDP Query User{C57AF867-3C79-4791-9486-B0E91AF495C5}D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base90136\sc2_x64.exe => No File
FirewallRules: [{456558FA-2316-4DFD-8395-58AC65B6CD0D}] => (Allow) G:\Games\Steam\steamapps\common\Undisputed\Undisputed.exe => No File
FirewallRules: [{B640A35D-83A9-493E-A12A-AA660ADF280D}] => (Allow) G:\Games\Steam\steamapps\common\Undisputed\Undisputed.exe => No File
FirewallRules: [TCP Query User{A855FABB-F41E-47EF-9A9E-2C547C249745}G:\games\nba 2k22\nba2k22.exe] => (Block) G:\games\nba 2k22\nba2k22.exe => No File
FirewallRules: [UDP Query User{BA565023-7C4D-4A60-8418-F3BFDB4700D4}G:\games\nba 2k22\nba2k22.exe] => (Block) G:\games\nba 2k22\nba2k22.exe => No File
HKLM\...\Run: [RZTHXHelper] => C:\WINDOWS\system32\RZTHXHelper.exe (No File)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Run: [DAEMON Tools Lite Automount] => "G:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\MountPoints2: {ac8a5ee2-acb9-11ec-8aed-106fd99e34c8} - "E:\setup.EXE" /AUTORUN
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [RazerAxon] => "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -autorun (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\Run: [RzAppEngine] => "C:\Program Files\Razer\RzAppEngine\rzappengine.exe" --start-hidden --url-params=apps=virtual-ring-light,streamer-companion-app,spatial-audio&autoStart=1 (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1006\...\Run: [Synapse3] => "C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe" /StartMinimized (No File)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (No File)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
S3 Disc Soft Lite Bus Service; "G:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X]
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0094; C:\WINDOWS\System32\drivers\RzDev_0094.sys [55376 2021-01-21] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0095; C:\WINDOWS\System32\drivers\RzDev_0095.sys [56728 2020-12-10] (Razer USA Ltd. -> Razer Inc)
2024-10-20 18:27 - 2024-10-20 18:27 - 000001393 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WickrMe.lnk
2024-10-20 18:27 - 2024-10-20 18:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Wickr, LLC
2024-10-20 18:27 - 2022-02-14 20:20 - 000000000 ____D C:\ProgramData\McAfee
2024-10-02 00:00 - 2023-02-23 22:19 - 000000000 ____D C:\Program Files\Razer
2024-10-02 00:00 - 2022-08-02 02:39 - 000000000 ____D C:\Users\terry\AppData\Local\Razer
2024-10-02 00:00 - 2022-04-07 16:00 - 000000000 ____D C:\Users\Terryc\AppData\Local\Razer
2024-10-02 00:00 - 2022-03-25 06:08 - 000000000 ____D C:\ProgramData\Razer
2024-10-02 00:00 - 2022-03-25 06:08 - 000000000 ____D C:\Program Files (x86)\Razer
2024-10-02 00:00 - 2022-03-24 14:26 - 000000000 ____D C:\Users\tehke\AppData\Local\Razer
2024-10-02 00:00 - 2022-03-24 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-10-01 23:54 - 2024-01-19 11:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\Razer
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-3252700674-1244316876-1502611229-1004\...\StartupApproved\Run: => "Synapse3"
C:\WINDOWS\System32\drivers\RzCommon.sys
C:\WINDOWS\System32\drivers\RzDev_0094.sys
C:\WINDOWS\System32\drivers\RzDev_0095.sys
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

2. Run Malwarebytes (scan only)

  • Open Malwarebytes you have already installed. 
  • Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
  • Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
  • Return to the Dashboard and choose Scan.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

3. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click the Scan Now button.
  • Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
  • If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
  • Click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.
  • Note: Click Skip Basic Repair if you are asked to.
     

 

In your next reply, please post:

  • The fixlog.txt
  • The Malwarebytes report
  • The AdwCleaner[S0*].txt

  • 0

#9
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/22/2024
Scan Time: 6:00 PM
Log File: 2f7e2e04-90da-11ef-b59e-88a4c298b695.json
 
-Software Information-
Version: 5.1.11.139
Components Version: 1.0.5072
Update Package Version: 1.0.90779
License: Free
 
-System Information-
OS: Windows 11 (Build 22631.4317)
CPU: x64
File System: NTFS
User: LAPTOP-D982FIHM\tehke
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 317324
Threats Detected: 19
Threats Quarantined: 0
Time Elapsed: 4 min, 14 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 2
PUP.Optional.EasyLife, C:\USERS\TEHKE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 1312, 691263, 1.0.90779, , ame, , , 
PUP.Optional.EasyLife, C:\USERS\TERRY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 1312, 691263, 1.0.90779, , ame, , , 
 
File: 17
PUP.Optional.GoodGame, C:\USERS\TEHKE\DESKTOP\GOODGAME EMPIRE.URL, No Action By User, 3313, 261883, 1.0.90779, , ame, , F9DF9F2BE0C308673868DC57C09CD5C1, 6051815E72B8895F18C7B80A58FB6D917A3756586653A0B711D981DAD149CAD5
PUP.Optional.EasyLife, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 1312, 691263, 1.0.90779, , ame, , EFECB3AD40EBFC072AA7741FE64482A7, C33F4B707F63046B3FE6900B8BAF5FB5EEFCEAE843B1B86D15A2A5F95C51CE0F
PUP.Optional.EasyLife, C:\Users\tehke\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 1312, 691263, 1.0.90779, , ame, , 2C1767F13044C6731E1F0591AACA752A, 7E49B41F53B6AAC7CE943737058E6BA52E07E1C2ABD09F7A531D10F6F7DABC56
PUP.Optional.EasyLife, C:\Users\tehke\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\013960.log, No Action By User, 1312, 691263, 1.0.90779, , ame, , E9C9A970CC6C56FD040B390D70C0A93E, 70D63E32A8008F8C0EEB938279F0E16CD41847F25A057C2EC9948015CFF761C7
PUP.Optional.EasyLife, C:\Users\tehke\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\013962.ldb, No Action By User, 1312, 691263, 1.0.90779, , ame, , 4F89102DF64D3CA8265696CDFF511092, D8704398E9C046D79CCF1D9062D50C0170E994D3363BA71E2596270A303A5467
PUP.Optional.EasyLife, C:\Users\tehke\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 1312, 691263, 1.0.90779, , ame, , 3FB8819D2719300755A11CED3516D27B, B01DAAF33DEB27EEF3056D6AB8110C0AF7B3FE86C53D438829922C10AF6E3474
PUP.Optional.EasyLife, C:\Users\tehke\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 1312, 691263, 1.0.90779, , ame, , , 
PUP.Optional.EasyLife, C:\Users\tehke\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 1312, 691263, 1.0.90779, , ame, , F7DD51C30BA5E09BC26545ACDF48143A, 26872E0D5CEFD921699794328DDF047D8A4DB15D6EECE1F66425204E5633F1A2
PUP.Optional.EasyLife, C:\Users\tehke\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 1312, 691263, 1.0.90779, , ame, , 8F47AFB5637FD6A8C2466B31513D845A, B45A2352D49493BBBD1618D09DDA31B64FAED6BE5E68B655B8975EBD639CE0CE
PUP.Optional.EasyLife, C:\Users\tehke\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-007632, No Action By User, 1312, 691263, 1.0.90779, , ame, , 84C1820D4AAE5E3AE3348DA91BE41694, 5C31654E6E79A431A1BD74C41E5D5DD0BB9AF9CFC17DAEF568D55D60AC612D9F
PUP.Optional.EasyLife, C:\Users\terry\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.ldb, No Action By User, 1312, 691263, 1.0.90779, , ame, , 071A2F0E7354D2204F1AAD90CE9ADDAE, DAC4C5FC974F53A0A08A7652796338D606ECCF436CA3304C1AD2DF17F33179C5
PUP.Optional.EasyLife, C:\Users\terry\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.log, No Action By User, 1312, 691263, 1.0.90779, , ame, , 7AD2A7067B8DD3095B1030FCEB8713B9, 5D2880FF31AF9B4320FBB7AA86504C6B87778D262EC30A17403AAABABF8592C5
PUP.Optional.EasyLife, C:\Users\terry\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 1312, 691263, 1.0.90779, , ame, , 206702161F94C5CD39FADD03F4014D98, 1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
PUP.Optional.EasyLife, C:\Users\terry\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 1312, 691263, 1.0.90779, , ame, , , 
PUP.Optional.EasyLife, C:\Users\terry\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 1312, 691263, 1.0.90779, , ame, , 8DF7B68309F7C9C25C92727442AD1D05, 24C007D02568AE213226888D69EE1979345E3D3D4364C82F42B11F0732911AE9
PUP.Optional.EasyLife, C:\Users\terry\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 1312, 691263, 1.0.90779, , ame, , 23D5E2C7C422F69B8557B1C815563886, 677A443689F98BDF6E8414846DC6B84E366F4BF76926E9DB4D123708A1309DD4
PUP.Optional.EasyLife, C:\Users\terry\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000002, No Action By User, 1312, 691263, 1.0.90779, , ame, , CAC957700015874F7057CA87F68B0CEE, C947B280B984F028C46438623273D638B5343E96EEB2845C2BE300E9E13B3C2F
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

Attached Files


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Many things were detected! Let's clean!

1. Disable the Sync option in Google

You have many bad items which will remain in the system even if we clean them now. To avoid that:

Turn Google Sync option OFF in this computer and in all the devices you are using. DO NOT turn it on, until I ask you to.

This link can help you work around with Google Sync: Delete synced information from your account


2. AdwCleaner (Clean mode)

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • Once the scan completes, AdwCleaner shows you what it found on your computer. Check the boxes next to any items you want to quarantine and disable, then click Next.
  • Now, AdwCleaner will show you any preinstalled software it found on your device. Again, check the boxes next to any items you want to quarantine and disable. If you don't want to remove any preinstalled software, click Cancel and continue.
  • Click Continue, then click Restart now, and you’re done.
  • Once your computer has restarted:
    • Click the Log Files tab.
    • Click Skip Basic Repair to finish the cleaning process
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

3. Malwarebytes (Clean mode)

Run Malwarebytes as you did before, but this time, when the threats are found:

  • Make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

 

In your next reply please post:

  • If you successfully tuned off Google Sync for ALL your devices
  • The AdwCleaner[C0*].txt
  • The Malwarebytes report

  • 0

Advertisements


#11
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

1) Yes
3) I went to Scanner, then wen to the Reports, double clicked on the latest Scan Report, but it did nothing, so I just ran the scan again but this time quarantined what was detected.

Attached Files


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Great!
 
Do not turn the Sync option on yet!
 
To ensure that everything is clean:


1. ESET Online Scan

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

2. Fresh FRST logs

 

Run the FRST tool, as you did before, and attach for me fresh FRST logs to check.

 

 

 

In your next reply, please post: 

  1. The eset.txt
  2. The fresh FRST logs, Addition and FRST (attached)
  3. Feedback: How is the computer running now? 

  • 0

#13
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

I tried taking my laptop off my portable fan, and it did automatically restart after 10 or so minutes.  Also, whenever I try going to a website, there's like this loading delay for like 5 seconds (which never used to happen), before it starts loading the site.

Attached Files


  • 0

#14
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,284 posts

Hi, Terry.
 

I tried taking my laptop off my portable fan, and it did automatically restart after 10 or so minutes.

 
This has nothing to do with malware. As I already said, as soon as we finish from here, you should go to the Hardware Forum for issues like that.
 

Also, whenever I try going to a website, there's like this loading delay for like 5 seconds (which never used to happen), before it starts loading the site.

 
Not a malware related issue too, but we can do some maintenance and see the result. 
 
Is this happening when you are using a specific browser or any browser?
 
 
1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{2db59e37-0d0f-9458-c133-85e699bb3bdd}\localserver32 -> "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3252700674-1244316876-1502611229-1001_Classes\CLSID\{995f8d89-8ab5-dd20-098d-b9419e93fd76}\localserver32 -> "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -ToastActivated => No File
HKU\S-1-5-21-3252700674-1244316876-1502611229-500\...\Run: [UninstallT20] => ms-teamsupdate.exe -UninstallT20 (No File)
HKU\S-1-5-21-3252700674-1244316876-1502611229-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {11617D12-4B3C-4AF4-8F38-A30A4BC5E5AA} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {1C319FDD-C11F-4D5E-ACC2-626F2FA42656} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {70137374-4037-466A-8D61-E6BD79F7B778} - \Lenovo\ImController\TimeBasedEvents\0eafcb93-c918-47d1-aa78-9f0a9c7537ea -> No File <==== ATTENTION
Task: {9C49309C-2145-4677-9F0B-9EC1CC2EB47E} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {AD87D9D7-D805-4D80-B973-1B35AC142DBA} - \Lenovo\ImController\TimeBasedEvents\2b400477-b410-472f-991a-8bdf52f14e31 -> No File <==== ATTENTION
Task: {DA969C05-950D-47BB-AF14-75AEF1AB895C} - \Lenovo\ImController\TimeBasedEvents\bfe8d88e-5782-4385-9540-5dfd613862c8 -> No File <==== ATTENTION
Task: {E5260E54-F441-4FBD-8923-BD0ED5D23221} - \Lenovo\ImController\TimeBasedEvents\88180b79-df47-4719-8854-20f1623e5b10 -> No File <==== ATTENTION
Task: {EBEEF0C0-2956-485E-A93D-BEF0256477C4} - \Lenovo\ImController\TimeBasedEvents\f2a4393c-a227-4fb4-bf1d-5286e12c915a -> No File <==== ATTENTION
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
S3 ALSysIO; \??\C:\Users\tehke\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION
2024-10-21 14:54 - 2022-04-15 18:41 - 000000000 ____D C:\Users\tehke\AppData\Local\Wickr, LLC
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

2. Check disk

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
       chkdsk C: /r
    
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

 

 

In your next reply, please post:

  1. A reply about loading websites and the related browser(s)
  2. The fixlog.txt
  3. The result from the disk's check

  • 0

#15
Terryc250

Terryc250

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 101 posts

1) Seems to happen with all browsers

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP