www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/764699/cpu-running-at-100-all-the-time-freezes-unless-i-open-task-manager/#entry5296013
Effective URL: https://www.bleepingcomputer.com/forums/t/764699/cpu-running-at-100-all-the-time-freezes-unless-i-open-task-manager/
Submission: On December 15 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/764699/cpu-running-at-100-all-the-time-freezes-unless-i-open-task-manager/
Submission: On December 15 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:764699" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="764699">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/764699/cpu-running-at-100-all-the-time-freezes-unless-i-open-task-manager/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Telecom operators targeted in recent espionage hacking campaign
Featured Deal: Want to learn how to program? This deal helps you get started
CPU RUNNING AT 100% ALL THE TIME FREEZES UNLESS I OPEN TASK MANAGER
Started by FDSEARCHANDRESCUE , Dec 05 2021 06:42 PM
* Please log in to reply
11 replies to this topic
#1 FDSEARCHANDRESCUE
FDSEARCHANDRESCUE
*
* Members
* 76 posts
* OFFLINE
Posted 05 December 2021 - 06:42 PM
So the computer freezes a lot unless i open task manager then the cpu usage
drops to around 50 % did an in-[place upgrade to try to fix it no help. sorry
couldn't attach says max size of file 201 bytes
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2021
Ran by jrmon (administrator) on DESKTOP-74A964F (HP HP Pavilion Gaming Laptop
15-dk0xxx) (05-12-2021 14:49:32)
Running from C:\Users\jrmon\Downloads
Loaded Profiles: jrmon & bleepit
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1387 (X64) Language:
English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(Acronis International GmbH -> Acronis International GmbH) C:\Program
Files\Acronis\CyberProtect\cyber-protect-service.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
<43>
(Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll
[3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher ->
Logitech)
HKLM\...\Run: [RtkAudUService] =>
C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe
[1201448 2020-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common
Files\Acronis\Schedule2\schedhlp.exe [644000 2021-03-23] (Acronis International
GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files
(x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6206360 2021-03-23] (Acronis
International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common
Files\Acronis\TibMounter\tib_mounter_monitor.exe [446392 2021-03-23] (Acronis
International GmbH -> Acronis International GmbH)
HKU\S-1-5-21-4279344840-4050428063-4090944218-1001\Control
Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [154624
2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program
Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-12-02]
(Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {024B492D-F7D1-416F-9529-C5B364B66D70} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-02] (Google LLC -> Google
LLC)
Task: {33CC8724-518E-4116-AB54-4374D611E927} - System32\Tasks\EOSv3 Scheduler
onTime =>
C:\Users\jrmon\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
[19989464 2021-12-03] (ESET, spol. s r.o. -> ESET)
Task: {4AF0A2C4-9E1F-4B46-956B-6B5682F1ACDD} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe
[901056 2021-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {75BE6A50-241F-4B71-B106-71992351924A} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-12-02] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {89A0F090-256C-4B9E-8F9B-8140BFEBB37B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe
[901056 2021-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AA26C667-2554-43E9-96F2-7CFBAD9EBC27} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-02] (Google LLC -> Google
LLC)
Task: {CA16F68A-97B5-4ABE-9D6A-96CD1E22058C} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-12-02] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {D76DF828-AAB6-4DE1-AA62-606E39DC1DE6} - System32\Tasks\EOSv3 Scheduler
onLogOn =>
C:\Users\jrmon\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
[19989464 2021-12-03] (ESET, spol. s r.o. -> ESET)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{ca3c8938-ea0c-41ef-b590-7a95c7a8ccdf}: [DhcpNameServer]
1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{f797456d-f8e6-44b4-bac8-c96fcbe2461d}: [DhcpNameServer]
1.1.1.1 1.0.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\jrmon\AppData\Local\Microsoft\Edge\User Data\Default
[2021-12-05]
Edge HomePage: Default -> hxxp://google.com/
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultSuggestURL: Default ->
hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Google Translate) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-12-02]
Edge Extension: (Honey) - C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-12-02]
Edge Extension: (Print This Frame!) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\bamldpmhndfcingobhmkholjnkioglob [2021-12-02]
Edge Extension: (Nimbus Screenshot & Screen Video Recorder) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2021-12-02]
Edge Extension: (DuckDuckGo) - C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2021-12-02]
Edge Extension: (Picture-in-Picture Everywhere) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2021-12-02]
Edge Extension: (Grammarly for Microsoft Edge) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-12-02]
Edge Extension: (MightyText - SMS from PC & Text from Computer) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2021-12-02]
Edge Extension: (Adobe Acrobat) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-02]
Edge Extension: (Open in PDF Viewer) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ehndikigeekodlnbohjndjjiikphickb [2021-12-02]
Edge Extension: (GoFullPage - Full Page Screen Capture) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-12-02]
Edge Extension: (Wayback Machine) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2021-12-02]
Edge Extension: (Office - Enable Copy and Paste) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2021-12-02]
Edge Extension: (HTML5 PDF Printing in Chrome) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ijijaapeochdlcbbagbccnggdljabank [2021-12-02]
Edge Extension: (Capital One Shopping: Add to Edge for Free) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2021-12-02]
Edge Extension: (Print Selection to PDF) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\leelcgmlfncnjldfomkmpefndongkijg [2021-12-02]
Edge Extension: (Buster: Captcha Solver for Humans) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl [2021-12-02]
Edge Extension: (AdBlock — best ad blocker) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-12-02]
Edge Extension: (Microsoft Rewards) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\nlbmdekgjkajiobkcbpolefohlelfhfe [2021-12-02]
Edge Extension: (Alto Unlock PDF by PDFfiller) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\obhnipnolfnallbhomgbkmfpnnjnpnce [2021-12-02]
Edge Extension: (ScriptSafe) - C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2021-12-02]
Edge Extension: (Print Edit WE) -
C:\Users\jrmon\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\olnblpmehglpcallpnbgmikjblmkopia [2021-12-03]
Chrome:
=======
CHR Profile: C:\Users\jrmon\AppData\Local\Google\Chrome\User Data\Default
[2021-12-05]
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default ->
"hxxps://www.google.com/","hxxp://isearch.avg.com/?cid={A2386DE4-FE46-4CD5-92B4-F38774BFD2E7}&mid=1d278627fef347d0a3b1d14acce4e9e6-5c71cbb8cdc649a56d368e1fe905acc554930569&lang=&ds=&pr=&d=2012-07-08%2007:37:13&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={A2386DE4-FE46-4CD5-92B4-F38774BFD2E7}&mid=1d278627fef347d0a3b1d14acce4e9e6-5c71cbb8cdc649a56d368e1fe905acc554930569&lang=&ds=&pr=&d=2012-07-08%2007:37:13&v=15.2.0.5&pid=avg&sg=0&sap=hp","hxxp://isearch.avg.com/?cid={A2386DE4-FE46-4CD5-92B4-F38774BFD2E7}&mid=1d278627fef347d0a3b1d14acce4e9e6-5c71cbb8cdc649a56d368e1fe905acc554930569&lang=&ds=&coid=&cmpid=&pr=&d=2012-07-08%2007:37:13&v=18.1.9.799&pid=avg&sg=0&sap=hp","hxxps://www.google.com/","hxxps://www.google.com/?trackid=sp-006","hxxps://www.google.com/","hxxps://www.google.com","hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={A5705990-393D-11E2-B345-50E549C22E60}","hxxps://mysearch.avg.com?cid={3B7BB920-7F17-491D-AD47-5D1FD282E10C}&mid=302759cf219e47d2a74c557dd16a3aaf-28d70fb03b44511fb8d5e95dffa10d73ebd768b7&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-06-11
19:09:57&v=3.1.0.7&pid=wtu&sg=&sap=hp","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default ->
hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Google Translate) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-12-02]
CHR Extension: (Slides) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-02]
CHR Extension: (Dark Theme for Google Chrome) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2021-12-02]
CHR Extension: (Docs) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-02]
CHR Extension: (Google Drive) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-02]
CHR Extension: (DuckDuckGo) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-12-02]
CHR Extension: (YouTube) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-02]
CHR Extension: (Honey) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-12-02]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2021-12-02]
CHR Extension: (De-Mainstream YouTube™) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dkcdmdpcapjlaoioeenamjdanpeehjan [2021-12-02]
CHR Extension: (Adobe Acrobat) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-02]
CHR Extension: (Microsoft Rewards) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2021-12-02]
CHR Extension: (Sheets) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-02]
CHR Extension: (Word Online) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2021-12-02]
CHR Extension: (Qualys BrowserCheck for Windows) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\foklmnihmhdobgonljkdamiiohnobkff [2021-12-02]
CHR Extension: (Wayback Machine) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2021-12-02]
CHR Extension: (Google Docs Offline) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-02]
CHR Extension: (AdBlock — best ad blocker) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-12-02]
CHR Extension: (Office - Enable Copy and Paste) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2021-12-02]
CHR Extension: (RetailMeNot Deal Finder™️) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2021-12-02]
CHR Extension: (Grammarly for Chrome) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-12-05]
CHR Extension: (Google Play) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2021-12-02]
CHR Extension: (Who stole my pictures?) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mcdbnfhkikiofkkicppioekloflmaibd [2021-12-02]
CHR Extension: (PowerPoint Online) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2021-12-02]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2021-12-04]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-12-02]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-02]
CHR Extension: (Xodo PDF Viewer & Editor) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\okimpmfnmbjbaciaeaikdiecpobfomfh [2021-12-02]
CHR Extension: (EXE/DLL PE Viewer and Editor) -
C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pamiaaolplcjdpjbejdkmlpgnfjgohff [2021-12-02]
CHR Extension: (Gmail) - C:\Users\jrmon\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-02]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S4 aakore; C:\Program Files (x86)\Acronis\Agent\aakore.exe [9022120 2021-03-23]
(Acronis International GmbH -> Acronis International GmbH)
S4 AcronisActiveProtectionService; C:\Program Files (x86)\Common
Files\Acronis\ActiveProtection\anti_ransomware_service.exe [12952232 2021-03-23]
(Acronis International GmbH -> )
R2 AcronisCyberProtectionService; C:\Program
Files\Acronis\CyberProtect\cyber-protect-service.exe [1425256 2021-03-23]
(Acronis International GmbH -> Acronis International GmbH)
S4 AcrSch2Svc; C:\Program Files (x86)\Common
Files\Acronis\Schedule2\schedul2.exe [1052280 2021-03-23] (Acronis International
GmbH -> Acronis International GmbH)
S4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
[6391536 2021-12-02] (Acronis International GmbH -> )
S4 HPAppHelperCap;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\AppHelperCap.exe
[755704 2021-09-24] (HP Inc. -> HP Inc.)
S4 HPDiagsCap;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\DiagsCap.exe
[754184 2021-09-24] (HP Inc. -> HP Inc.)
S4 HPNetworkCap;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\NetworkCap.exe
[751104 2021-09-24] (HP Inc. -> HP Inc.)
S4 HPOmenCap;
C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_57d17b764309f47c\x64\OmenCap\OmenCap.exe
[690160 2021-09-28] (HP Inc. -> HP Inc.)
S4 HPSysInfoCap;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\SysInfoCap.exe
[754688 2021-09-24] (HP Inc. -> HP Inc.)
S4 HpTouchpointAnalyticsService;
C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\TouchpointAnalyticsClientService.exe
[494688 2021-09-24] (HP Inc. -> HP Inc.)
S4 mmsminisrv; C:\Program Files (x86)\Common
Files\Acronis\Infrastructure\mms_mini.exe [4878840 2021-03-23] (Acronis
International GmbH -> Acronis International GmbH)
S4 mobile_backup_server; C:\Program Files (x86)\Common
Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2021-03-23]
(Acronis International GmbH -> Acronis International GmbH)
S4 mobile_backup_status_server; C:\Program Files
(x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [2136488 2021-03-23]
(Acronis International GmbH -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [6136520 2021-12-02] (Microsoft Windows Publisher ->
Microsoft Corporation)
S4 syncagentsrv; C:\Program Files (x86)\Common
Files\Acronis\SyncAgent\syncagentsrv.exe [7398360 2021-03-23] (Acronis
International GmbH -> )
S4 Tib Mounter Service; C:\Program Files (x86)\Common
Files\Acronis\TibMounter64\tib_mounter_service.exe [5910328 2021-03-23] (Acronis
International GmbH -> Acronis International GmbH)
S3 VBoxSDS; H:\VBoxSDS.exe [694016 2020-07-09] (Oracle Corporation -> Oracle
Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-12-02] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-12-02] (Microsoft
Windows Publisher -> Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem;
C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\Display.NvContainer\NVDisplay.Container.exe
-s NVDisplay.ContainerLocalSystem -f
%ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d
C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\Display.NvContainer\plugins\LocalSystem
-r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R3 AmPeStorU; C:\Windows\system32\drivers\AmPeStorU.sys [243744 2020-08-27]
(Alcorlink Corp. -> )
S1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2021-12-04] (Zemana
D.O.O. Sarajevo -> Copyright 2018.)
R2 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [367096 2021-03-23] (Bitdefender
SRL -> Bitdefender)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [720392
2021-12-02] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [392840
2021-12-02] (Acronis International GmbH -> Acronis International GmbH)
R3 HPCustomCapDriver;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys
[25592 2021-09-16] (HP Inc. -> HP Inc.)
R3 HPOmenCustomCapDriver;
C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys
[33464 2018-12-19] (HP Inc. -> HP Inc.)
S0 ngelam; C:\Windows\System32\drivers\ngelam.sys [16344 2021-12-03] (Microsoft
Windows Early Launch Anti-malware Publisher -> Acronis International GmbH)
R1 ngscan; C:\Windows\System32\DRIVERS\ngscan.sys [179104 2021-03-23] (Acronis
International GmbH -> Acronis International GmbH)
S3 tib; C:\Windows\system32\DRIVERS\tib.sys [887032 2021-12-02] (Acronis
International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [175648 2021-12-02]
(Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [694920 2021-12-02] (Acronis
International GmbH -> Acronis International GmbH)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [237376 2020-07-10]
(Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [248248 2020-07-10]
(Oracle Corporation -> Oracle Corporation)
R3 ViGEmBus;
C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_e84845c70c38fbe7\x64\ViGEmBus.sys
[74648 2018-08-01] (HP Inc. -> Benjamin Höglinger-Stelzer)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [334984
2021-12-02] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [251016
2021-12-02] (Acronis International GmbH -> Acronis International GmbH)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-12-02]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26]
(WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [435424 2021-12-02]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-12-02]
(Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64;
C:\Windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP
Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-05 14:49 - 2021-12-05 14:49 - 000000000 ____D C:\FRST
2021-12-05 14:41 - 2021-12-05 14:41 - 002311680 _____ (Farbar)
C:\Users\jrmon\Downloads\FRST64.exe
2021-12-05 14:36 - 2021-12-05 14:50 - 000024116 _____
C:\Users\jrmon\Downloads\FRST.txt
2021-12-05 14:36 - 2021-12-05 14:36 - 000068813 _____
C:\Users\jrmon\Downloads\Addition.txt
2021-12-05 14:36 - 2021-12-05 14:36 - 000051706 _____
C:\Users\jrmon\Downloads\FRST (1).txt
2021-12-05 14:22 - 2021-12-05 14:41 - 000000000 ____D
C:\Users\jrmon\AppData\Local\ElevatedDiagnostics
2021-12-05 14:11 - 2020-08-27 22:23 - 000041112 _____
C:\Users\jrmon\Desktop\SEAPODAT.INTELAUDIO.CTLR_DEV_34C8&LINKTYPE_05&DEVTYPE_05&VEN_8086&DEV_AE35.zip
2021-12-05 12:38 - 2021-12-05 12:38 - 000001242 _____
C:\Users\jrmon\AppData\LocalLow\wbk65F7.tmp
2021-12-05 12:36 - 2021-12-05 12:36 - 000001522 _____
C:\Users\jrmon\AppData\LocalLow\wbkC6F8.tmp
2021-12-05 12:36 - 2021-12-05 12:36 - 000001107 _____
C:\Users\jrmon\AppData\LocalLow\wbkC6DF.tmp
2021-12-05 12:36 - 2021-12-05 12:36 - 000001096 _____
C:\Users\jrmon\AppData\LocalLow\wbkC6E5.tmp
2021-12-05 12:36 - 2021-12-05 12:36 - 000000760 _____
C:\Users\jrmon\AppData\LocalLow\wbkC6E2.tmp
2021-12-05 12:00 - 2021-12-05 12:00 - 003553098 _____
C:\Users\bleepit\Downloads\Amazon.com - Order 111-2787398-6397827-combined.pdf
2021-12-05 11:36 - 2021-12-05 11:37 - 003553098 _____
C:\Users\bleepit\Downloads\Amazon.com - Order 111-2787398-6397827-combined
(1).pdf
2021-12-05 08:41 - 2021-12-05 08:41 - 000000000 ____D C:\Users\bleepit\grow
2021-12-05 08:39 - 2021-12-05 08:39 - 000000000 ____D C:\Users\bleepit\New
folder
2021-12-05 08:24 - 2021-12-05 08:26 - 000001721 _____
C:\Users\bleepit\Documents\New Database.odb
2021-12-05 08:24 - 2021-12-05 08:24 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\OpenOffice
2021-12-05 08:22 - 2021-12-05 08:22 - 000065690 _____
C:\Users\bleepit\Downloads\3650.pdf
2021-12-05 05:06 - 2021-12-05 05:06 - 000000000 ____D
C:\Users\bleepit\AppData\Local\PlaceholderTileLogoFolder
2021-12-05 05:06 - 2021-12-05 05:06 - 000000000 ____D
C:\Users\bleepit\AppData\Local\ElevatedDiagnostics
2021-12-05 04:41 - 2021-12-05 12:12 - 000000000 ____D
C:\Users\bleepit\AppData\Local\Comms
2021-12-05 04:34 - 2021-12-05 04:41 - 000000000 ____D
C:\Users\bleepit\Desktop\sitbox1
2021-12-05 04:26 - 2021-12-05 04:54 - 000000000 ____D
C:\Users\bleepit\.VirtualBox
2021-12-05 04:23 - 2021-12-05 11:36 - 000000000 ____D
C:\Users\bleepit\AppData\Local\Packages
2021-12-05 04:23 - 2021-12-05 11:27 - 000000000 ____D
C:\Users\bleepit\AppData\Local\ConnectedDevicesPlatform
2021-12-05 04:23 - 2021-12-05 08:41 - 000000000 ____D C:\Users\bleepit
2021-12-05 04:23 - 2021-12-05 08:15 - 000000000 ____D
C:\Users\bleepit\AppData\Local\Google
2021-12-05 04:23 - 2021-12-05 08:03 - 000000000 ____D
C:\Users\bleepit\AppData\Local\D3DSCache
2021-12-05 04:23 - 2021-12-05 04:40 - 000000000 ____D
C:\Users\bleepit\AppData\Local\Publishers
2021-12-05 04:23 - 2021-12-05 04:23 - 000000020 ___SH
C:\Users\bleepit\ntuser.ini
2021-12-05 04:23 - 2021-12-05 04:23 - 000000000 ___RD C:\Users\bleepit\3D
Objects
2021-12-05 04:23 - 2021-12-05 04:23 - 000000000 ____D
C:\Users\bleepit\AppData\LocalLow\Intel
2021-12-05 04:23 - 2021-12-05 04:23 - 000000000 ____D
C:\Users\bleepit\AppData\Local\VirtualStore
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\vlc
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\TranslucentTB
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\SideQuest
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\OculusClient
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\Oculus Developer Hub
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\Oculus
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\Notepad++
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\LibreOffice
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\HideAway
2021-12-05 04:23 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\bleepit\AppData\Roaming\cura
2021-12-05 04:23 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\bleepit\AppData\Local\Ultimaker B.V
2021-12-05 04:23 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\bleepit\AppData\Local\SumatraPDF
2021-12-05 04:23 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\bleepit\AppData\Local\sidequest-updater
2021-12-05 04:23 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\bleepit\AppData\Local\oculus developer hub-updater
2021-12-05 04:23 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\bleepit\AppData\Local\Oculus
2021-12-05 04:23 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\bleepit\AppData\Local\HideAway
2021-12-05 04:23 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\bleepit\AppData\Local\GoPro
2021-12-05 04:23 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\bleepit\AppData\Local\cura
2021-12-05 04:15 - 2021-12-05 04:15 - 000003188 _____
C:\Users\jrmon\Desktop\lol.txt
2021-12-05 02:35 - 2021-12-05 02:35 - 000000000 ____D
C:\Windows\system32\appmgmt
2021-12-05 02:25 - 2021-12-05 02:25 - 000000000 ____D
C:\Users\jrmon\Desktop\VirtualBox VMs
2021-12-05 02:23 - 2021-12-05 04:26 - 000000000 ____D C:\ProgramData\VirtualBox
2021-12-05 02:23 - 2021-12-05 02:47 - 000000000 ____D C:\Users\jrmon\.VirtualBox
2021-12-05 02:23 - 2021-12-05 02:23 - 000000514 _____
C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2021-12-05 02:23 - 2021-12-05 02:23 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2021-12-05 02:20 - 2020-07-10 01:36 - 001024848 _____ (Oracle Corporation)
C:\Windows\system32\Drivers\VBoxDrv.sys
2021-12-05 02:20 - 2020-07-10 01:36 - 000188072 _____ (Oracle Corporation)
C:\Windows\system32\Drivers\VBoxUSBMon.sys
2021-12-04 23:51 - 2021-12-05 11:10 - 000000444 _____
C:\Windows\system32\Drivers\etc\hosts.ics
2021-12-04 09:00 - 2021-12-04 09:00 - 000000000 ___SD
C:\Windows\system32\containers
2021-12-04 09:00 - 2021-12-04 09:00 - 000000000 ____D
C:\Windows\system32\BestPractices
2021-12-04 09:00 - 2021-12-04 09:00 - 000000000 ____D
C:\Users\Public\Documents\Hyper-V
2021-12-04 09:00 - 2021-12-04 09:00 - 000000000 ____D C:\Program Files\Hyper-V
2021-12-04 08:52 - 2021-12-04 08:52 - 000000000 ___HD C:\DiskGenius_WinPE
2021-12-04 08:44 - 2021-12-04 08:59 - 170537992 _____ (Oracle Corporation)
C:\Users\jrmon\Downloads\VirtualBox-6.0.24-139119-Win.exe
2021-12-04 08:25 - 2021-12-04 08:25 - 000000443 _____
C:\Users\Public\Desktop\DiskGenius.lnk
2021-12-04 08:25 - 2021-12-04 08:25 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskGenius
2021-12-04 08:20 - 2021-12-04 08:24 - 065060952 _____ (Eassos Co., Ltd. )
C:\Users\jrmon\Downloads\DGEngSetup5421239.exe
2021-12-04 08:19 - 2021-12-04 08:19 - 000007794 _____
C:\Users\jrmon\Downloads\INV_744061543_200281699_202109011125.pdf
2021-12-04 06:46 - 2021-12-04 06:47 - 014626798 _____
C:\Users\jrmon\Downloads\dh-win-v1.24.exe
2021-12-04 06:36 - 2021-12-04 06:39 - 000000005 _____
C:\Users\jrmon\Documents\NACO_pwr.txt
2021-12-04 04:29 - 2021-12-04 04:29 - 000001128 _____
C:\Users\Public\Desktop\OpenOffice 4.1.11.lnk
2021-12-04 04:29 - 2021-12-04 04:29 - 000000000 ___SD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11
2021-12-04 04:29 - 2021-12-04 04:29 - 000000000 ____D C:\Program Files
(x86)\OpenOffice 4
2021-12-04 04:27 - 2021-12-04 04:27 - 000000000 ____D
C:\Users\jrmon\Desktop\OpenOffice 4.1.11 (en-US) Installation Files
2021-12-04 04:12 - 2021-12-04 04:21 - 142721408 _____ (Apache Software
Foundation)
C:\Users\jrmon\Downloads\Apache_OpenOffice_4.1.11_Win_x86_install_en-US.exe
2021-12-04 03:58 - 2021-12-04 03:58 - 002086424 _____ (Malwarebytes)
C:\Users\jrmon\Downloads\MBSetup-076886.076886-Consumer.exe
2021-12-04 03:56 - 2021-12-04 03:56 - 001802704 _____ (Bleeping Computer, LLC)
C:\Users\jrmon\Downloads\rkill.exe
2021-12-04 03:56 - 2021-12-04 03:56 - 000002070 _____
C:\Users\jrmon\Desktop\Rkill.txt
2021-12-04 03:37 - 2021-12-04 03:37 - 000003858 _____
C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2021-12-04 03:37 - 2021-12-04 03:37 - 000003416 _____
C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2021-12-04 01:16 - 2021-12-04 01:16 - 000000000 ____D C:\EEK
2021-12-04 01:14 - 2021-12-04 04:00 - 000232792 _____ (Copyright 2018.)
C:\Windows\system32\Drivers\amsdk.sys
2021-12-04 01:12 - 2021-12-04 04:00 - 000000000 ____D
C:\Users\jrmon\AppData\Local\AMSDK
2021-12-04 00:47 - 2021-12-04 01:15 - 328228608 _____
C:\Users\jrmon\Downloads\EmsisoftEmergencyKit.exe
2021-12-04 00:45 - 2021-12-04 00:46 - 013922376 _____ (Zemana Ltd. )
C:\Users\jrmon\Downloads\AntiMalware_Setup.exe
2021-12-03 22:53 - 2021-12-03 22:53 - 000001276 _____
C:\Users\jrmon\Desktop\ESET Online Scanner.lnk
2021-12-03 22:51 - 2021-12-03 22:53 - 000001382 _____
C:\Users\jrmon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online
Scanner.lnk
2021-12-03 22:51 - 2021-12-03 22:51 - 000000000 ____D
C:\Users\jrmon\AppData\Local\ESET
2021-12-03 22:50 - 2021-12-03 22:51 - 013311448 _____ (ESET)
C:\Users\jrmon\Downloads\esetonlinescanner.exe
2021-12-03 21:33 - 2021-12-05 04:57 - 000001607 _____
C:\Windows\system32\config\VSMIDK
2021-12-03 17:37 - 2021-12-03 17:37 - 000000000 ___RD
C:\Users\jrmon\Documents\Scanned Documents
2021-12-03 17:37 - 2021-12-03 17:37 - 000000000 ____D
C:\Users\jrmon\Documents\Fax
2021-12-03 17:20 - 2021-12-03 17:20 - 000509890 _____
C:\Users\jrmon\Downloads\Gmail - Receipt for Your Payment to Bloom City
Organics.pdf
2021-12-03 17:13 - 2021-12-03 17:13 - 000000000 ____D
C:\Users\jrmon\AppData\Roaming\NVIDIA
2021-12-03 17:13 - 2021-12-03 17:13 - 000000000 ____D
C:\Users\jrmon\AppData\Roaming\LibreOffice
2021-12-03 05:08 - 2021-12-05 14:20 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2021-12-03 02:57 - 2021-12-03 02:57 - 000000000 ____D
C:\Users\jrmon\AppData\Roaming\Acronis
2021-12-02 23:51 - 2021-12-02 23:51 - 000000000 ____D
C:\Users\jrmon\AppData\Local\PeerDistRepub
2021-12-02 19:28 - 2021-12-02 19:30 - 013068360 _____
C:\Users\jrmon\Downloads\grip.zep
2021-12-02 19:26 - 2021-12-02 19:26 - 000000813 _____
C:\Users\jrmon\Downloads\noname.txt
2021-12-02 18:39 - 2021-12-02 18:39 - 000128512 _____
C:\Users\jrmon\Downloads\Download.PDF
2021-12-02 13:26 - 2021-12-02 13:26 - 000887032 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\tib.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000720392 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\file_protector.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000694920 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\tnd.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000392840 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000391816 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\snapman.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000334984 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\virtual_file.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000251016 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\volume_tracker.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000183944 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000175648 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2021-12-02 13:26 - 2021-12-02 13:26 - 000001286 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk
2021-12-02 13:26 - 2021-12-02 13:26 - 000001274 _____
C:\Users\Public\Desktop\Acronis True Image.lnk
2021-12-02 13:26 - 2021-12-02 13:26 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2021-12-02 13:26 - 2021-12-02 13:26 - 000000000 ____D C:\ProgramData\Apple
2021-12-02 13:26 - 2021-12-02 13:26 - 000000000 ____D C:\ProgramData\Acronis
Mobile Backup Data
2021-12-02 13:26 - 2021-12-02 13:26 - 000000000 ____D C:\Program Files\Common
Files\Acronis
2021-12-02 13:26 - 2021-12-02 13:26 - 000000000 ____D C:\Program Files\Acronis
2021-12-02 13:26 - 2021-03-23 22:06 - 000367096 _____ (Bitdefender)
C:\Windows\system32\Drivers\bddci.sys
2021-12-02 13:26 - 2021-03-23 22:06 - 000179104 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\ngscan.sys
2021-12-02 13:25 - 2021-12-03 02:57 - 000000000 ____D C:\ProgramData\Acronis
2021-12-02 13:25 - 2021-12-02 13:25 - 000000000 ____D C:\Program Files
(x86)\Acronis
2021-12-02 12:15 - 2021-12-02 13:09 - 812403432 _____
C:\Users\jrmon\Downloads\AcronisTrueImage2021.exe
2021-12-02 10:17 - 2021-12-02 10:17 - 000000000 ____D
C:\Users\jrmon\Documents\(.mht) Microsoft Single file web page archive
2021-12-02 09:57 - 2021-12-02 10:17 - 000000000 ____D
C:\Users\jrmon\Documents\(.docx) MS Office 2007 WORD Document
2021-12-02 09:56 - 2021-12-02 09:56 - 000000000 ____D
C:\Users\jrmon\Documents\(.xlsx) MS Office 2007 EXCEL Document
2021-12-02 09:56 - 2021-12-02 09:56 - 000000000 ____D
C:\Users\jrmon\Documents\(.xls) MS Office EXCEL or WPS Office ET Document
2021-12-02 09:56 - 2021-12-02 09:56 - 000000000 ____D
C:\Users\jrmon\Documents\(.rtf) Rich Text Format Document (005)
2021-12-02 09:56 - 2021-12-02 09:56 - 000000000 ____D
C:\Users\jrmon\Documents\(.rtf) Rich Text Format Document (004)
2021-12-02 09:55 - 2021-12-02 09:56 - 000000000 ____D
C:\Users\jrmon\Documents\(.rtf) Rich Text Format Document (003)
2021-12-02 09:55 - 2021-12-02 09:55 - 000000000 ____D
C:\Users\jrmon\Documents\(.rtf) Rich Text Format Document (002)
2021-12-02 09:55 - 2021-12-02 09:55 - 000000000 ____D
C:\Users\jrmon\Documents\(.rtf) Rich Text Format Document (001)
2021-12-02 09:55 - 2021-12-02 09:55 - 000000000 ____D
C:\Users\jrmon\Documents\(.rtf) Rich Text Format Document
2021-12-02 08:09 - 2021-12-02 08:10 - 000000000 ____D
C:\Users\jrmon\Desktop\CLASSACTION
2021-12-02 08:06 - 2021-11-11 08:00 - 017288333 _____
C:\Users\jrmon\Desktop\+Photogrammetry.zip
2021-12-02 08:05 - 2021-12-02 08:05 - 000000000 ____D C:\Users\jrmon\Desktop\Tor
Browser
2021-12-02 08:04 - 2021-12-02 08:04 - 000000000 ____D
C:\Users\jrmon\Desktop\TEXE FILES
2021-12-02 08:03 - 2021-12-02 09:52 - 000000000 ____D
C:\Users\jrmon\Documents\(.pptx) MS Office 2007 PowerPoint Document
2021-12-02 08:03 - 2021-12-02 08:03 - 000000000 ____D
C:\Users\jrmon\Documents\(.ppt) MS Office PowerPoint or WPS Office DPS Document
2021-12-02 08:02 - 2021-12-02 08:03 - 000000000 ____D
C:\Users\jrmon\Documents\(.pdf) Adobe Acrobat PDF or Adobe Illustrator File
(002)
2021-12-02 07:59 - 2021-12-02 08:02 - 000000000 ____D
C:\Users\jrmon\Documents\(.pdf) Adobe Acrobat PDF or Adobe Illustrator File
(001)
2021-12-02 07:56 - 2021-12-02 07:59 - 000000000 ____D
C:\Users\jrmon\Documents\(.pdf) Adobe Acrobat PDF or Adobe Illustrator File
2021-12-02 07:53 - 2021-12-02 07:56 - 000000000 ____D
C:\Users\jrmon\Documents\(.odt) OpenOffice.org Writer Document
2021-12-02 07:52 - 2021-12-02 07:52 - 000000000 ____D
C:\Users\jrmon\Documents\(.odg) OpenOffice.org Draw File
2021-12-02 07:52 - 2021-12-02 07:52 - 000000000 ____D
C:\Users\jrmon\Documents\(.mpp) Microsoft Office Project
2021-12-02 07:50 - 2021-12-05 08:37 - 000000000 ____D C:\Users\jrmon\Desktop\New
folder
2021-12-02 07:48 - 2021-12-02 07:48 - 000000000 ____D
C:\Users\jrmon\Desktop\Monteleone-Di Geronimo
2021-12-02 07:47 - 2021-12-02 07:47 - 000000000 ____D
C:\Users\jrmon\Desktop\Oculus
2021-12-02 07:36 - 2021-12-02 09:09 - 000000000 ____D
C:\Users\jrmon\Documents\Document Files
2021-12-02 07:33 - 2021-12-05 08:40 - 000000000 ____D
C:\Users\jrmon\Desktop\grow
2021-12-02 07:33 - 2021-12-02 08:11 - 000000000 ____D
C:\Users\jrmon\Desktop\chad
2021-12-02 07:15 - 2021-12-02 08:12 - 000000000 ____D
C:\Users\jrmon\Desktop\Starlight
2021-12-02 07:12 - 2021-12-02 08:11 - 000000000 ____D
C:\Users\jrmon\Desktop\joey
2021-12-02 07:12 - 2021-12-02 07:55 - 000000000 ____D
C:\Users\jrmon\Desktop\cameera
2021-12-02 07:11 - 2021-12-02 07:11 - 000000000 ____D
C:\Users\jrmon\AppData\LocalLow\Temp
2021-12-02 07:04 - 2021-12-02 07:22 - 000000000 ____D
C:\Users\jrmon\Desktop\LibreOfficePortable
2021-12-02 07:04 - 2021-11-24 06:21 - 000000000 ____D
C:\Users\jrmon\Desktop\images
2021-12-02 06:22 - 2021-12-02 06:22 - 000223744 _____
C:\Windows\SysWOW64\TpmTool.exe
2021-12-02 06:22 - 2021-12-02 06:22 - 000151352 _____
C:\Windows\system32\nmscrub.exe
2021-12-02 06:22 - 2021-12-02 06:22 - 000060928 _____
C:\Windows\system32\runexehelper.exe
2021-12-02 06:22 - 2021-12-02 06:22 - 000011785 _____
C:\Windows\system32\DrtmAuthTxt.wim
2021-12-02 06:21 - 2021-12-02 06:21 - 000272384 _____
C:\Windows\system32\TpmTool.exe
2021-12-02 06:21 - 2021-12-02 06:21 - 000162816 _____
C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-12-02 06:18 - 2021-12-02 06:18 - 000000000 ___HD C:\$WinREAgent
2021-12-02 05:38 - 2021-12-05 01:35 - 000000000 __SHD
C:\Users\jrmon\IntelGraphicsProfiles
2021-12-02 05:38 - 2021-12-02 05:39 - 000000000 ____D
C:\Users\jrmon\AppData\Local\Intel
2021-12-02 05:34 - 2021-12-02 05:56 - 000000000 ____D C:\ProgramData\Intel
2021-12-02 05:34 - 2021-12-02 05:34 - 000000000 ____D
C:\Windows\system32\Tasks\Intel
2021-12-02 05:32 - 2021-12-02 06:39 - 000000000 ___SD C:\Windows\system32\AppV
2021-12-02 05:32 - 2021-12-02 06:39 - 000000000 ____D C:\Program Files\Windows
Defender Advanced Threat Protection
2021-12-02 05:32 - 2021-12-02 05:36 - 000000000 ____D C:\Windows\CSC
2021-12-02 05:32 - 2021-12-02 05:32 - 000000000 __SHD
C:\Windows\BitLockerDiscoveryVolumeContents
2021-12-02 05:32 - 2021-12-02 05:32 - 000000000 ____D C:\Windows\RemotePackages
2021-12-02 03:08 - 2021-12-02 03:08 - 000002323 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-02 03:08 - 2021-12-02 03:08 - 000002282 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-02 03:08 - 2021-12-02 03:08 - 000000000 ____D C:\Program Files\Google
2021-12-02 02:57 - 2021-12-05 14:02 - 000000000 ____D C:\Program Files
(x86)\Google
2021-12-02 02:57 - 2021-12-02 02:57 - 000003420 _____
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-02 02:57 - 2021-12-02 02:57 - 000003296 _____
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-02 02:52 - 2021-12-02 03:19 - 000000000 ____D
C:\Users\jrmon\AppData\Local\Google
2021-12-02 02:12 - 2021-12-02 02:12 - 000000000 ____D C:\Users\jrmon\.android
2021-12-02 02:10 - 2021-12-02 05:32 - 000000000 ____D
C:\Users\jrmon\AppData\Roaming\SideQuest
2021-12-02 02:10 - 2021-12-02 02:10 - 000002515 _____
C:\Users\jrmon\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\SideQuest.lnk
2021-12-02 02:10 - 2021-12-02 02:10 - 000002507 _____
C:\Users\jrmon\Desktop\SideQuest.lnk
2021-12-02 02:10 - 2021-12-02 02:10 - 000000000 ____D
C:\Users\jrmon\AppData\Local\sidequest-updater
2021-12-02 02:09 - 2021-12-02 02:09 - 000000000 ____D C:\Program Files\Easy
Context Menu
2021-12-02 01:51 - 2021-12-02 01:51 - 000000000 ____D C:\Windows\Firmware
2021-12-02 01:47 - 2021-12-02 01:49 - 000000000 ____D C:\Windows\system32\MRT
2021-12-02 01:29 - 2021-12-02 01:29 - 000000000 ____D C:\Program Files\cura
2021-12-02 01:28 - 2021-12-02 01:42 - 000000000 ____D
C:\Users\jrmon\Downloads\download
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\vlc
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\TranslucentTB
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\SideQuest
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\OculusClient
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\Oculus Developer Hub
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\Oculus
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\Notepad++
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\LibreOffice
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\cura
2021-12-02 01:27 - 2021-12-02 01:27 - 000000000 ____D C:\Program Files\GoPro
2021-12-02 01:26 - 2021-12-02 01:27 - 000000000 ____D
C:\Users\Default\AppData\Roaming\HideAway
2021-12-02 01:26 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\Default\AppData\Local\Ultimaker B.V
2021-12-02 01:26 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\Default\AppData\Local\SumatraPDF
2021-12-02 01:26 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\Default\AppData\Local\sidequest-updater
2021-12-02 01:26 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\Default\AppData\Local\oculus developer hub-updater
2021-12-02 01:26 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\Default\AppData\Local\Oculus
2021-12-02 01:26 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\Default\AppData\Local\HideAway
2021-12-02 01:26 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\Default\AppData\Local\GoPro
2021-12-02 01:26 - 2021-12-02 01:26 - 000000000 ____D
C:\Users\Default\AppData\Local\cura
2021-12-02 01:25 - 2021-12-05 08:29 - 000000000 ____D C:\Program Files
(x86)\Razer
2021-12-02 01:25 - 2021-12-02 01:25 - 000000000 ____D C:\ProgramData\Razer
2021-12-02 01:25 - 2021-10-28 23:14 - 000079840 _____ (Razer Inc)
C:\Windows\system32\RazerS3Coinstaller.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000030831 _____
C:\Windows\Professional.xml
2021-12-02 00:25 - 2021-12-02 00:25 - 000000000 ____D
C:\Users\jrmon\AppData\Local\Comms
2021-12-02 00:23 - 2021-12-02 00:33 - 000000000 ____D C:\ProgramData\HP
2021-12-02 00:23 - 2021-12-02 00:23 - 000000000 ____D
C:\Users\jrmon\AppData\Roaming\HP
2021-12-02 00:22 - 2021-12-04 23:47 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-02 00:22 - 2021-12-02 02:22 - 000000000 ____D C:\ProgramData\NVIDIA
Corporation
2021-12-02 00:22 - 2021-12-02 00:32 - 000023552 _____ (Khronos Group)
C:\Windows\SysWOW64\opencl.dll
2021-12-02 00:22 - 2021-12-02 00:22 - 000000000 ____D
C:\Windows\system32\Drivers\NVIDIA Corporation
2021-12-02 00:22 - 2021-12-02 00:22 - 000000000 ____D C:\Program Files\NVIDIA
Corporation
2021-12-02 00:22 - 2021-06-18 01:31 - 001855192 _____
C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-12-02 00:22 - 2021-06-18 01:31 - 001855192 _____
C:\Windows\system32\vulkaninfo.exe
2021-12-02 00:22 - 2021-06-18 01:31 - 001435864 _____
C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-12-02 00:22 - 2021-06-18 01:31 - 001435864 _____
C:\Windows\SysWOW64\vulkaninfo.exe
2021-12-02 00:22 - 2021-06-18 01:31 - 001094864 _____
C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-12-02 00:22 - 2021-06-18 01:31 - 001094864 _____
C:\Windows\system32\vulkan-1.dll
2021-12-02 00:22 - 2021-06-18 01:31 - 000948944 _____
C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-12-02 00:22 - 2021-06-18 01:31 - 000948944 _____
C:\Windows\SysWOW64\vulkan-1.dll
2021-12-02 00:22 - 2021-06-18 01:30 - 001453336 _____ (Khronos Group)
C:\Windows\system32\OpenCL.dll
2021-12-02 00:22 - 2021-06-18 01:28 - 000679200 _____
C:\Windows\system32\nvofapi64.dll
2021-12-02 00:22 - 2021-06-18 01:27 - 000612144 _____ (NVIDIA Corporation)
C:\Windows\system32\nvml.dll
2021-12-02 00:22 - 2021-06-18 01:27 - 000546080 _____
C:\Windows\SysWOW64\nvofapi.dll
2021-12-02 00:22 - 2021-06-18 01:26 - 039254816 _____ (NVIDIA Corporation)
C:\Windows\system32\Drivers\nvlddmkm.sys
2021-12-02 00:22 - 2021-06-18 01:26 - 002102576 _____ (NVIDIA Corporation)
C:\Windows\system32\NvFBC64.dll
2021-12-02 00:22 - 2021-06-18 01:26 - 001588016 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\NvFBC.dll
2021-12-02 00:22 - 2021-06-18 01:26 - 001511200 _____ (NVIDIA Corporation)
C:\Windows\system32\NvIFR64.dll
2021-12-02 00:22 - 2021-06-18 01:26 - 001163568 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\NvIFR.dll
2021-12-02 00:22 - 2021-06-18 01:26 - 000811824 _____ (NVIDIA Corporation)
C:\Windows\system32\nvEncodeAPI64.dll
2021-12-02 00:22 - 2021-06-18 01:26 - 000690480 _____ (NVIDIA Corporation)
C:\Windows\system32\nvidia-smi.exe
2021-12-02 00:22 - 2021-06-18 01:26 - 000671520 _____ (NVIDIA Corporation)
C:\Windows\system32\NvIFROpenGL.dll
2021-12-02 00:22 - 2021-06-18 01:26 - 000557360 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-12-02 00:22 - 2021-06-18 01:26 - 000145096 _____ (NVIDIA Corporation)
C:\Windows\system32\Drivers\nvhda64v.sys
2021-12-02 00:22 - 2021-06-18 01:26 - 000046288 _____ (NVIDIA Corporation)
C:\Windows\system32\Drivers\nvhdap64.dll
2021-12-02 00:22 - 2021-06-18 01:25 - 008306992 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcuvid.dll
2021-12-02 00:22 - 2021-06-18 01:25 - 007430432 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvcuvid.dll
2021-12-02 00:22 - 2021-06-18 01:25 - 004610320 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvcuda.dll
2021-12-02 00:22 - 2021-06-18 01:25 - 002730256 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcuda.dll
2021-12-02 00:22 - 2021-06-18 01:25 - 000655664 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-12-02 00:22 - 2021-06-18 01:25 - 000445216 _____ (NVIDIA Corporation)
C:\Windows\system32\nvdebugdump.exe
2021-12-02 00:22 - 2021-06-18 01:24 - 005637408 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcpl.dll
2021-12-02 00:22 - 2021-06-18 01:24 - 000848672 _____ (NVIDIA Corporation)
C:\Windows\system32\MCU.exe
2021-12-02 00:22 - 2021-06-18 01:23 - 007120920 _____ (NVIDIA Corporation)
C:\Windows\system32\nvapi64.dll
2021-12-02 00:22 - 2021-06-18 01:23 - 006076568 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvapi.dll
2021-12-02 00:22 - 2021-06-18 00:56 - 000084514 _____
C:\Windows\system32\nvinfo.pb
2021-12-02 00:20 - 2021-12-02 00:20 - 000000000 ___HD C:\OneDriveTemp
2021-12-02 00:13 - 2020-08-03 22:37 - 001241024 _____ (ELAN Microelectronics
Corp.) C:\Windows\system32\ETDCtrl.exe
2021-12-02 00:13 - 2020-08-03 22:37 - 000767424 _____ (ELAN Microelectronics
Corp.) C:\Windows\system32\Drivers\ETD.sys
2021-12-02 00:13 - 2020-08-03 22:37 - 000643520 _____ (ELAN Microelectronics
Corp.) C:\Windows\system32\ETDCmds.dll
2021-12-02 00:13 - 2020-08-03 22:37 - 000492480 _____ (ELAN Microelectronic
Corp.) C:\Windows\system32\ETDApix.dll
2021-12-02 00:13 - 2020-08-03 22:37 - 000470976 _____ (ELAN Microelectronics
Corp.) C:\Windows\system32\ETDFavorite.dll
2021-12-02 00:13 - 2020-08-03 22:37 - 000398784 _____ (ELAN Microelectronics
Corp.) C:\Windows\system32\ETDCtrlHelper.exe
2021-12-02 00:13 - 2020-08-03 22:37 - 000196032 _____ (ELAN Microelectronics
Corp.) C:\Windows\system32\ETDService.exe
2021-12-02 00:13 - 2020-08-03 22:37 - 000029632 _____ (ELAN Microelectronics
Corp.) C:\Windows\system32\Drivers\ETDHCF.sys
2021-12-02 00:11 - 2021-12-02 07:15 - 000000000 ____D
C:\Users\jrmon\AppData\Local\PlaceholderTileLogoFolder
2021-12-02 00:10 - 2021-12-05 02:35 - 000000000 ___RD C:\Users\jrmon\OneDrive
2021-12-02 00:10 - 2021-12-02 00:10 - 000000000 ____D C:\ProgramData\Microsoft
OneDrive
2021-12-02 00:09 - 2021-12-05 11:28 - 000000000 __RHD
C:\Users\Public\AccountPictures
2021-12-02 00:09 - 2021-12-04 08:30 - 000000000 ___RD C:\Users\jrmon\3D Objects
2021-12-02 00:09 - 2021-12-03 21:44 - 000000000 ____D
C:\Users\jrmon\AppData\Local\VirtualStore
2021-12-02 00:09 - 2021-12-02 07:01 - 000000000 ____D
C:\Users\jrmon\AppData\Local\D3DSCache
2021-12-02 00:09 - 2021-12-02 05:43 - 000000000 ____D
C:\Users\jrmon\AppData\Local\Packages
2021-12-02 00:09 - 2021-12-02 05:42 - 000000000 ____D C:\ProgramData\Packages
2021-12-02 00:09 - 2021-12-02 05:38 - 000000000 ____D
C:\Users\jrmon\AppData\Local\ConnectedDevicesPlatform
2021-12-02 00:09 - 2021-12-02 00:26 - 000000000 ____D
C:\Users\jrmon\AppData\Local\Publishers
2021-12-02 00:09 - 2021-12-02 00:09 - 000000000 ____D
C:\Users\jrmon\AppData\Roaming\Adobe
2021-12-02 00:09 - 2021-12-02 00:09 - 000000000 ____D
C:\Users\jrmon\AppData\LocalLow\Intel
2021-12-02 00:06 - 2021-12-05 02:28 - 000000000 ____D C:\Users\jrmon
2021-12-02 00:06 - 2021-12-02 00:06 - 000000020 ___SH C:\Users\jrmon\ntuser.ini
2021-12-01 23:43 - 2021-12-04 23:46 - 000000000 ____D C:\Intel
2021-12-01 23:43 - 2021-12-01 23:43 - 000000000 _____
C:\Windows\system32\GfxValDisplayLog.bin
2021-12-01 23:42 - 2020-12-28 21:11 - 026677080 _____ (Intel Corporation)
C:\Windows\system32\mfxplugin64_hw.dll
2021-12-01 23:42 - 2020-12-28 21:11 - 013520216 _____ (Intel Corporation)
C:\Windows\SysWOW64\mfxplugin32_hw.dll
2021-12-01 23:42 - 2020-12-28 21:11 - 000462680 _____
C:\Windows\system32\ze_loader.dll
2021-12-01 23:42 - 2020-12-28 21:11 - 000306032 _____
C:\Windows\system32\libmfxhw64.dll
2021-12-01 23:42 - 2020-12-28 21:11 - 000254560 _____
C:\Windows\SysWOW64\libmfxhw32.dll
2021-12-01 23:42 - 2020-12-28 21:11 - 000171504 _____ (Intel Corporation)
C:\Windows\system32\intel_gfx_api-x64.dll
2021-12-01 23:42 - 2020-12-28 21:11 - 000148824 _____
C:\Windows\system32\ze_validation_layer.dll
2021-12-01 23:42 - 2020-12-28 21:11 - 000146792 _____ (Intel Corporation)
C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2021-12-01 23:28 - 2020-08-03 22:37 - 000047040 _____ (ELAN Microelectronic
Corp.) C:\Windows\system32\Drivers\PTPFilter.sys
2021-12-01 23:27 - 2021-12-01 23:27 - 000000000 ____D C:\ProgramData\Realtek
2021-12-01 23:26 - 2021-12-05 05:05 - 000795742 _____
C:\Windows\system32\PerfStringBackup.INI
2021-12-01 23:25 - 2021-12-01 23:25 - 000000029 _____
C:\Windows\system32\Drivers\RtkR0Log.dat
2021-12-01 23:25 - 2020-10-22 01:24 - 005936224 _____ (Realtek Semiconductor
Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2021-12-01 23:25 - 2020-10-22 01:08 - 042834558 _____
C:\Windows\system32\Drivers\RTAIODAT.DAT
2021-12-01 23:25 - 2019-02-11 00:21 - 000014434 _____
C:\Windows\system32\Drivers\Gen3pKey.dat
2021-12-01 23:25 - 2018-10-24 23:27 - 000017232 _____
C:\Windows\system32\Drivers\RTSPKPT.dat
2021-12-01 23:25 - 2018-04-12 21:40 - 000001304 _____
C:\Windows\system32\Drivers\RTKAMPI.Dat
2021-12-01 23:20 - 2021-12-01 23:20 - 000000000 _SHDL C:\Documents and Settings
2021-12-01 23:19 - 2021-12-05 12:11 - 000002438 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-01 23:19 - 2021-12-05 12:11 - 000002276 _____
C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-01 23:19 - 2021-12-05 04:57 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-01 23:19 - 2021-12-05 04:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-12-01 23:19 - 2021-12-05 04:21 - 000257824 _____
C:\Windows\system32\FNTCACHE.DAT
2021-12-01 23:19 - 2021-12-04 05:36 - 000000000 ____D
C:\Windows\system32\SleepStudy
2021-12-01 23:19 - 2021-12-02 09:27 - 000003480 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-01 23:19 - 2021-12-02 09:27 - 000003356 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-12-01 23:19 - 2021-12-02 02:13 - 000000000 ____D
C:\Windows\system32\Drivers\wd
2021-12-01 23:19 - 2021-12-01 23:19 - 000000000 ____H
C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-12-01 23:19 - 2021-12-01 23:19 - 000000000 ____D C:\Windows\ServiceProfiles
2021-12-01 23:18 - 2021-12-03 06:00 - 000000000 ____D C:\Windows\Panther
2021-10-06 05:58 - 2021-10-06 05:58 - 000000000 ____D C:\ProgramData\ssh
2021-10-06 05:53 - 2021-12-04 08:42 - 000671744 _____
C:\Windows\system32\hgattest.dll
2021-10-06 05:53 - 2021-12-04 08:42 - 000164176 _____
C:\Windows\system32\cmdiag.exe
2021-10-06 05:53 - 2021-12-04 08:42 - 000115200 _____
C:\Windows\system32\cmimageworker.exe
2021-10-06 05:53 - 2021-12-02 00:32 - 000480256 _____
C:\Windows\system32\AssignedAccessCsp.dll
2021-10-06 05:53 - 2021-12-02 00:32 - 000203264 _____
C:\Windows\system32\uwfcfgmgmt.dll
2021-10-06 05:53 - 2021-12-02 00:32 - 000170496 _____
C:\Windows\system32\DeviceUpdateCenterCsp.dll
2021-10-06 05:53 - 2021-12-02 00:32 - 000158208 _____
C:\Windows\system32\uwfcsp.dll
2021-10-06 05:53 - 2021-12-02 00:32 - 000138056 _____
C:\Windows\system32\HvsiManagementApi.dll
2021-10-06 05:53 - 2021-12-02 00:32 - 000101704 _____
C:\Windows\SysWOW64\HvsiManagementApi.dll
2021-10-06 05:53 - 2021-12-02 00:32 - 000040960 _____
C:\Windows\system32\uwfservicingapi.dll
2021-10-06 05:53 - 2021-10-06 05:53 - 001687040 _____
C:\Windows\system32\libcrypto.dll
2021-10-06 05:53 - 2021-10-06 05:53 - 000581120 _____ (Microsoft Corporation)
C:\Windows\system32\PhotoScreensaver.scr
2021-10-06 05:53 - 2021-10-06 05:53 - 000499200 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-10-06 05:53 - 2021-10-06 05:53 - 000095744 _____
C:\Windows\system32\VirtualMonitorManager.dll
2021-10-06 05:53 - 2021-10-06 05:53 - 000053760 _____
C:\Windows\SysWOW64\BWContextHandler.dll
2021-10-06 05:52 - 2021-12-04 08:42 - 000374072 _____
C:\Windows\system32\vp9fs.dll
2021-10-06 05:52 - 2021-12-02 06:21 - 000014848 _____
C:\Windows\system32\hnsproxy.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 004898144 _____ (Microsoft Corporation)
C:\Windows\system32\rtmpltfm.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 003860832 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\rtmpltfm.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 002371072 _____
C:\Windows\system32\rdpnano.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 002111488 _____ (Digimarc)
C:\Windows\SysWOW64\DMRCDecoder.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 001864192 _____ (The ICU Project)
C:\Windows\SysWOW64\icu.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 001354080 _____ (Microsoft Corporation)
C:\Windows\system32\rtmpal.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 001333760 _____
C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 001164288 _____
C:\Windows\system32\MBR2GPT.EXE
2021-10-06 05:52 - 2021-10-06 05:52 - 001091936 _____ (Microsoft Corporation)
C:\Windows\system32\rtmcodecs.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 001032544 _____ (Microsoft Corporation)
C:\Windows\system32\ortcengine.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000980320 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\rtmpal.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000915296 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\rtmcodecs.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000732000 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\ortcengine.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000672768 _____
C:\Windows\system32\FsNVSDeviceSource.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000611960 _____
C:\Windows\SysWOW64\TextShaping.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000468440 _____
C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000330752 _____
C:\Windows\SysWOW64\ssdm.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000266240 _____
C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000240640 _____
C:\Windows\SysWOW64\CoreMas.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000235520 _____
C:\Windows\SysWOW64\HeatCore.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000067072 _____
C:\Windows\system32\BWContextHandler.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000056672 _____ (Microsoft Corporation)
C:\Windows\system32\rtmmvrortc.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000055376 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\rtmmvrortc.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000048640 _____ (Adobe Systems)
C:\Windows\system32\atmlib.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000047472 _____
C:\Windows\SysWOW64\umpdc.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000045880 _____
C:\Windows\system32\HvSocket.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000039936 _____ (Adobe Systems)
C:\Windows\SysWOW64\atmlib.dll
2021-10-06 05:52 - 2021-10-06 05:52 - 000010752 _____
C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2021-10-06 05:51 - 2021-10-06 05:51 - 004227116 _____
C:\Windows\system32\DefaultHrtfs.bin
2021-10-06 05:51 - 2021-10-06 05:51 - 002295296 _____ (Digimarc)
C:\Windows\system32\DMRCDecoder.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 002260992 _____
C:\Windows\system32\TextInputMethodFormatter.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 002260480 _____ (The ICU Project)
C:\Windows\system32\icu.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 002254336 _____
C:\Windows\system32\dwmscene.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000706536 _____
C:\Windows\system32\TextShaping.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000657464 _____
C:\Windows\system32\WindowManagementAPI.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000455168 _____
C:\Windows\system32\ssdm.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000363520 _____
C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000306688 _____
C:\Windows\system32\HeatCore.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000288768 _____
C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000287232 _____
C:\Windows\system32\CoreMas.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000231248 _____
C:\Windows\system32\containerdevicemanagement.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000197632 _____
C:\Windows\system32\IHDS.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000190976 _____
C:\Windows\system32\BthpanContextHandler.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000152064 _____
C:\Windows\system32\EoAExperiences.exe
2021-10-06 05:51 - 2021-10-06 05:51 - 000098304 _____
C:\Windows\system32\Drivers\cimfs.sys
2021-10-06 05:51 - 2021-10-06 05:51 - 000089088 _____
C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000074240 _____
C:\Windows\system32\rdsxvmaudio.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000073216 _____
C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000064552 _____
C:\Windows\system32\umpdc.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000029696 _____ (The ICU Project)
C:\Windows\system32\icuuc.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000025088 _____ (The ICU Project)
C:\Windows\system32\icuin.dll
2021-10-06 05:51 - 2021-10-06 05:51 - 000013312 _____
C:\Windows\system32\agentactivationruntimestarter.exe
2021-10-06 05:51 - 2021-10-06 05:51 - 000001370 _____
C:\Windows\system32\ThirdPartyNoticesBySHS.txt
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-05 14:51 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2021-12-05 14:34 - 2019-12-07 01:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2021-12-05 14:25 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2021-12-05 12:27 - 2019-12-07 01:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2021-12-05 05:05 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2021-12-05 04:57 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\ServiceState
2021-12-05 04:56 - 2019-12-07 01:03 - 000786432 _____
C:\Windows\system32\config\BBI
2021-12-05 04:48 - 2019-12-07 01:14 - 000000000 ____D
C:\Windows\LiveKernelReports
2021-12-05 04:39 - 2019-12-07 01:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-12-05 04:23 - 2019-12-07 01:14 - 000000000 ___RD
C:\Windows\ImmersiveControlPanel
2021-12-04 09:00 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\schemas
2021-12-04 08:42 - 2019-12-07 01:10 - 001579818 _____
C:\Windows\system32\WindowsVirtualization.V2.mof
2021-12-04 08:42 - 2019-12-07 01:10 - 001152064 _____
C:\Windows\system32\WindowsHyperVCluster.V2.mof
2021-12-04 08:42 - 2019-12-07 01:10 - 000835584 _____ (Microsoft Corporation)
C:\Windows\system32\vmconnect.exe
2021-12-04 08:42 - 2019-12-07 01:10 - 000182560 _____ (Microsoft Corporation)
C:\Windows\system32\vmsp.exe
2021-12-04 08:42 - 2019-12-07 01:10 - 000144967 _____
C:\Windows\system32\virtmgmt.msc
2021-12-04 08:42 - 2019-12-07 01:10 - 000137728 _____ (Microsoft Corporation)
C:\Windows\system32\HgsClientWmi.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000085512 _____ (Microsoft Corporation)
C:\Windows\system32\wcsetupagent.exe
2021-12-04 08:42 - 2019-12-07 01:10 - 000077624 _____ (Microsoft Corporation)
C:\Windows\system32\rtpm.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000073744 _____ (Microsoft Corporation)
C:\Windows\system32\vmmsprox.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000057856 _____
C:\Windows\system32\hgsclientplugin.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000056320 _____
C:\Windows\system32\vmstaging.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000044040 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\ramparser.sys
2021-12-04 08:42 - 2019-12-07 01:10 - 000043640 _____ (Microsoft Corporation)
C:\Windows\system32\vmplatformca.exe
2021-12-04 08:42 - 2019-12-07 01:10 - 000040960 _____
C:\Windows\SysWOW64\vmstaging.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000037888 _____ (Microsoft Corporation)
C:\Windows\system32\AttestationWmiProvider.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000035856 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\lunparser.sys
2021-12-04 08:42 - 2019-12-07 01:10 - 000016384 _____
C:\Windows\system32\hgclientserviceps.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000015360 _____ (Microsoft Corporation)
C:\Windows\system32\HostGuardianServiceClientResources.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000012088 _____ (Microsoft Corporation)
C:\Windows\system32\f1db7d81-95be-4911-935a-8ab71629112a_vmsvcext_sys.dll
2021-12-04 08:42 - 2019-12-07 01:10 - 000012088 _____ (Microsoft Corporation)
C:\Windows\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2021-12-04 08:42 - 2019-12-07 01:09 - 000123704 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\vmbkmclr.sys
2021-12-04 08:42 - 2019-12-07 01:09 - 000061240 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\pvhdparser.sys
2021-12-04 08:42 - 2019-12-07 01:09 - 000058888 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\l2bridge.sys
2021-12-04 08:42 - 2019-12-07 01:09 - 000049192 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\vhdparser.sys
2021-12-04 08:42 - 2019-12-07 01:09 - 000041784 _____ (Microsoft Corporation)
C:\Windows\system32\NvAgent.dll
2021-12-04 08:42 - 2019-12-07 01:09 - 000039440 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\passthruparser.sys
2021-12-04 08:42 - 2019-12-07 01:09 - 000037112 _____ (Microsoft Corporation)
C:\Windows\system32\sbresources.dll
2021-12-04 08:42 - 2019-12-07 01:09 - 000031544 _____ (Microsoft Corporation)
C:\Windows\system32\vmcomputeeventlog.dll
2021-12-04 08:42 - 2019-12-07 01:09 - 000012816 _____ (Microsoft Corporation)
C:\Windows\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2021-12-04 08:42 - 2019-12-07 01:09 - 000012600 _____ (Microsoft Corporation)
C:\Windows\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2021-12-04 08:42 - 2019-12-07 01:09 - 000012600 _____ (Microsoft Corporation)
C:\Windows\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2021-12-04 08:42 - 2019-12-07 01:09 - 000012304 _____ (Microsoft Corporation)
C:\Windows\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2021-12-04 08:42 - 2019-12-07 01:07 - 000044344 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\vkrnlintvsp.sys
2021-12-04 04:27 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common
Files\microsoft shared
2021-12-03 03:07 - 2021-03-23 22:06 - 000016344 _____ (Acronis International
GmbH) C:\Windows\system32\Drivers\ngelam.sys
2021-12-03 03:07 - 2019-12-07 01:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ___SD
C:\Windows\system32\DiagSvcs
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemResources
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\setup
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\oobe
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\Dism
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D
C:\Windows\ShellExperiences
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\Provisioning
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D
C:\Windows\PolicyDefinitions
2021-12-02 06:39 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\bcastdvr
2021-12-02 06:39 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\servicing
2021-12-02 06:21 - 2019-12-07 01:09 - 000006658 _____
C:\Windows\system32\VmChipset Third-Party Notices.txt
2021-12-02 05:32 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemApps
2021-12-02 05:32 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\security
2021-12-02 04:43 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\appcompat
2021-12-02 02:13 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows
Defender
2021-12-02 00:32 - 2019-12-07 01:10 - 000820736 _____ (Microsoft Corporation)
C:\Windows\system32\cscui.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000296960 _____ (Microsoft Corporation)
C:\Windows\system32\ddputils.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000287744 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.ManagedEventLogging.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000280064 _____ (Microsoft Corporation)
C:\Windows\system32\srm.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000279040 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\srm.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000224768 _____ (Microsoft Corporation)
C:\Windows\system32\PresentationSettings.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000223744 _____ (Microsoft Corporation)
C:\Windows\system32\AuditNativeSnapIn.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000223744 _____ (Microsoft Corporation)
C:\Windows\system32\appvetwsharedperformance.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000223744 _____ (Microsoft Corporation)
C:\Windows\system32\AppvClientEventLog.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000219136 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\AuditNativeSnapIn.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000214016 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.CmUtil.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000172544 _____ (Microsoft Corporation)
C:\Windows\system32\Drivers\smbdirect.sys
2021-12-02 00:32 - 2019-12-07 01:10 - 000161280 _____ (Microsoft Corporation)
C:\Windows\system32\fveprompt.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000147439 _____
C:\Windows\SysWOW64\gpedit.msc
2021-12-02 00:32 - 2019-12-07 01:10 - 000147439 _____
C:\Windows\system32\gpedit.msc
2021-12-02 00:32 - 2019-12-07 01:10 - 000138240 _____ (Microsoft Corporation)
C:\Windows\system32\ddptrace.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000137736 _____ (Microsoft Corporation)
C:\Windows\system32\iotstartup.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000134144 _____ (Microsoft Corporation)
C:\Windows\system32\BdeHdCfg.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000120458 _____
C:\Windows\system32\secpol.msc
2021-12-02 00:32 - 2019-12-07 01:10 - 000113152 _____ (Microsoft Corporation)
C:\Windows\system32\baaupdate.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000105984 _____ (Microsoft Corporation)
C:\Windows\system32\BdeHdCfgLib.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000095744 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\auditpolmsg.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000095744 _____ (Microsoft Corporation)
C:\Windows\system32\auditpolmsg.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000093696 _____ (Microsoft Corporation)
C:\Windows\system32\EnterpriseAppVMgmtCSP.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000090624 _____ (Microsoft Corporation)
C:\Windows\system32\PackageInspector.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000090112 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\srmlib.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000090112 _____ (Microsoft Corporation)
C:\Windows\system32\srmlib.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000087040 _____ (Microsoft Corporation)
C:\Windows\system32\srmtrace.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000083456 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.SyncController.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000070656 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.Common.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000066560 _____ (Microsoft Corporation)
C:\Windows\system32\ddp_ps.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000066048 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\srmtrace.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000058880 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.ModernAppCore.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000055808 _____ (Microsoft Corporation)
C:\Windows\system32\UevAppMonitor.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000054272 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.CabUtil.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000047104 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.EventLogMessages.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000043566 _____
C:\Windows\SysWOW64\rsop.msc
2021-12-02 00:32 - 2019-12-07 01:10 - 000043566 _____
C:\Windows\system32\rsop.msc
2021-12-02 00:32 - 2019-12-07 01:10 - 000041472 _____ (Microsoft Corporation)
C:\Windows\system32\UevAgentPolicyGenerator.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000040960 _____ (Microsoft Corporation)
C:\Windows\system32\SrpUxNativeSnapIn.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000032256 _____ (Microsoft Corporation)
C:\Windows\system32\srm_ps.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000031232 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000030720 _____ (Microsoft Corporation)
C:\Windows\system32\qwinsta.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000027648 _____ (Microsoft Corporation)
C:\Windows\system32\qprocess.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000027136 _____ (Microsoft Corporation)
C:\Windows\system32\msg.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000025600 _____ (Microsoft Corporation)
C:\Windows\system32\quser.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000025600 _____ (Microsoft Corporation)
C:\Windows\system32\chgport.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000025088 _____ (Microsoft Corporation)
C:\Windows\system32\tskill.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000025088 _____ (Microsoft Corporation)
C:\Windows\system32\qappsrv.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000024576 _____ (Microsoft Corporation)
C:\Windows\system32\tscon.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000024064 _____ (Microsoft Corporation)
C:\Windows\system32\tsdiscon.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000023552 _____ (Microsoft Corporation)
C:\Windows\system32\rwinsta.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000023552 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.Management.WmiAccess.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000023552 _____ (Microsoft Corporation)
C:\Windows\system32\logoff.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000023552 _____ (Microsoft Corporation)
C:\Windows\system32\chglogon.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000022528 _____ (Microsoft Corporation)
C:\Windows\system32\chgusr.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000022016 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.Management.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000020992 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.ModernAppData.WinRT.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000019968 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\NcaApi.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000019456 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.SyncCommon.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000018944 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.Common.WinRT.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000017920 _____ (Microsoft Corporation)
C:\Windows\system32\reset.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000017920 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.LocalSyncProvider.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000017920 _____ (Microsoft Corporation)
C:\Windows\system32\change.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000017408 _____ (Microsoft Corporation)
C:\Windows\system32\query.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000016896 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\srm_ps.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000014336 _____ (Microsoft Corporation)
C:\Windows\system32\RemoteAppLifetimeManagerProxyStub.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000014336 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.ModernSync.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000013824 _____ (Microsoft Corporation)
C:\Windows\system32\UevTemplateBaselineGenerator.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000011776 _____ (Microsoft Corporation)
C:\Windows\system32\UevTemplateConfigItemGenerator.exe
2021-12-02 00:32 - 2019-12-07 01:10 - 000011776 _____ (Microsoft Corporation)
C:\Windows\system32\BdeSysprep.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000011264 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.SmbSyncProvider.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000010240 _____ (Microsoft Corporation)
C:\Windows\system32\assignedaccessproviderevents.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000008192 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.MonitorSyncProvider.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000007680 _____ (Microsoft Corporation)
C:\Windows\system32\Microsoft.Uev.SyncConditions.dll
2021-12-02 00:32 - 2019-12-07 01:10 - 000006144 _____ (Microsoft Corporation)
C:\Windows\system32\Windows.Management.SecureAssessment.Diagnostics.dll
2021-12-01 23:27 - 2019-12-07 01:14 - 000000000 ____D
C:\Windows\system32\Drivers\DriverData
2021-12-01 23:21 - 2019-12-07 01:50 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-12-01 23:21 - 2019-12-07 01:14 - 000000000 ____D
C:\Windows\system32\WinBioDatabase
2021-12-01 23:21 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\spool
2021-12-01 23:20 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-12-01 23:19 - 2019-12-07 01:03 - 000032768 _____
C:\Windows\system32\config\ELAM
2021-12-01 23:18 - 2019-12-07 01:14 - 000028672 _____
C:\Windows\system32\config\BCD-Template
==================== SigCheckExt =========================
2021-12-04 06:46 - 2021-12-04 06:47 - 014626798 _____
C:\Users\jrmon\Downloads\dh-win-v1.24.exe
2021-12-05 14:41 - 2021-12-05 14:41 - 002311680 _____ (Farbar)
C:\Users\jrmon\Downloads\FRST64.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{7ac930f4-533f-11ec-83fb-fb2c0c698313}
{7ac930f6-533f-11ec-83fb-fb2c0c698313}
{7ac930f5-533f-11ec-83fb-fb2c0c698313}
{7ac930f2-533f-11ec-83fb-fb2c0c698313}
timeout 0
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {7ac930f7-533f-11ec-83fb-fb2c0c698313}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {7ac930f2-533f-11ec-83fb-fb2c0c698313}
description Internal Hard Drive - Samsung SSD 860 EVO 1TB
Firmware Application (101fffff)
-------------------------------
identifier {7ac930f3-533f-11ec-83fb-fb2c0c698313}
description USB Hard Drive (UEFI) - SanDisk (SanDisk)
Firmware Application (101fffff)
-------------------------------
identifier {7ac930f4-533f-11ec-83fb-fb2c0c698313}
description EFI USB Device
Firmware Application (101fffff)
-------------------------------
identifier {7ac930f5-533f-11ec-83fb-fb2c0c698313}
description USB Hard Drive - Seagate Expansion SW
Firmware Application (101fffff)
-------------------------------
identifier {7ac930f6-533f-11ec-83fb-fb2c0c698313}
description Internal Hard Disk or Solid State Disk
Windows Boot Loader
-------------------
identifier {23aa43cc-f05f-4498-8650-5735310bf4cb}
device
ramdisk=[C:]\DiskGenius_WinPE\boot.wim,{40777b46-6a8c-48ca-aa16-ed8ce305a747}
path \Windows\system32\winload.efi
description DiskGenius - Boot
osdevice
ramdisk=[C:]\DiskGenius_WinPE\boot.wim,{40777b46-6a8c-48ca-aa16-ed8ce305a747}
systemroot \Windows
nx OptIn
detecthal Yes
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {7ac930f9-533f-11ec-83fb-fb2c0c698313}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {7ac930f7-533f-11ec-83fb-fb2c0c698313}
nx OptIn
bootmenupolicy Standard
hypervisorlaunchtype Auto
Windows Boot Loader
-------------------
identifier {7ac930f9-533f-11ec-83fb-fb2c0c698313}
device
ramdisk=[\Device\HarddiskVolume7]\Recovery\WindowsRE\Winre.wim,{7ac930fa-533f-11ec-83fb-fb2c0c698313}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice
ramdisk=[\Device\HarddiskVolume7]\Recovery\WindowsRE\Winre.wim,{7ac930fa-533f-11ec-83fb-fb2c0c698313}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {7ac930f7-533f-11ec-83fb-fb2c0c698313}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {7ac930f9-533f-11ec-83fb-fb2c0c698313}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {40777b46-6a8c-48ca-aa16-ed8ce305a747}
description DiskGenius - Boot
ramdisksdidevice partition=C:
ramdisksdipath \DiskGenius_WinPE\boot.sdi
Device options
--------------
identifier {7ac930fa-533f-11ec-83fb-fb2c0c698313}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume7
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2021
Ran by jrmon (05-12-2021 14:53:17)
Running from C:\Users\jrmon\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1387 (X64) (2021-12-02 07:20:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4279344840-4050428063-4090944218-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-4279344840-4050428063-4090944218-503 - Limited -
Disabled)
bleepit (S-1-5-21-4279344840-4050428063-4090944218-1002 - Administrator -
Enabled) => C:\Users\bleepit
Guest (S-1-5-21-4279344840-4050428063-4090944218-501 - Limited - Disabled)
jrmon (S-1-5-21-4279344840-4050428063-4090944218-1001 - Administrator - Enabled)
=> C:\Users\jrmon
WDAGUtilityAccount (S-1-5-21-4279344840-4050428063-4090944218-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
Acronis Drivers (HKLM\...\{7C36ADC0-5219-4D31-90D1-4211321481EF}) (Version:
25.8.39216 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{F0A1A9E1-CD4B-4504-836F-1946F5815ECB})
(Version: 25.8.39216 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{F0A1A9E1-CD4B-4504-836F-1946F5815ECB}Visible)
(Version: 25.8.39216 - Acronis)
DiskGenius V5.4.2 (HKLM\...\{2661F2FA-56A7-415D-8196-C4CB3D3ACFFE}_is1)
(Version: - Eassos Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
(HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
NVIDIA Graphics Driver 462.80
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version:
462.80 - NVIDIA Corporation)
OpenOffice 4.1.11 (HKLM-x32\...\{D2F124FC-5373-4A4A-8C5A-61052A3D34CA})
(Version: 4.111.9808 - Apache Software Foundation)
Oracle VM VirtualBox 6.0.24 (HKLM\...\{9EC88BBB-BAFD-4666-BFB1-5F737A76C055})
(Version: 6.0.24 - Oracle Corporation)
SideQuest 0.10.25
(HKU\S-1-5-21-4279344840-4050428063-4090944218-1001\...\4924ec51-3e48-5cb7-b145-2119467094c7)
(Version: 0.10.25 - Shane Harris)
Packages:
=========
B&O Audio Control -> C:\Program
Files\WindowsApps\AD2F1837.BOAudioControl_1.15.226.0_x64__v10z8vjag6ke6
[2021-12-05] (HP Inc.)
Cortana -> C:\Program
Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe
[2021-12-05] (Microsoft Corporation)
Disney+ -> C:\Program
Files\WindowsApps\Disney.37853FC22B2CE_1.21.6.0_x64__6rarf9sa4v8jt [2021-12-02]
(Disney)
Intel® Graphics Command Center -> C:\Program
Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt
[2021-12-05] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program
Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1020.0_x64__8j3eq9eme6ctt
[2021-12-05] (INTEL CORP)
Mail and Calendar -> C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe
[2021-12-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe
[2021-12-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program
Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe
[2021-12-05] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program
Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe
[2021-12-05] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program
Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj
[2021-12-05] (NVIDIA Corp.)
Skype -> C:\Program
Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2021-12-05]
(Skype)
Spotify Music -> C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0
[2021-12-02] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ AcronisDrive] ->
{5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files
(x86)\Acronis\TrueImageHome\tishell64_25_8_39216.dll [2021-03-23] (Acronis
International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] ->
{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files
(x86)\Acronis\TrueImageHome\tishell64_25_8_39216.dll [2021-03-23] (Acronis
International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] ->
{00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files
(x86)\Acronis\TrueImageHome\tishell64_25_8_39216.dll [2021-03-23] (Acronis
International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] ->
{71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files
(x86)\Acronis\TrueImageHome\tishell64_25_8_39216.dll [2021-03-23] (Acronis
International GmbH -> )
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] ->
{A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} =>
C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll
[2021-10-12] (Intel Corporation -> )
ContextMenuHandlers3: [OptaneContextMenu] ->
{AD7EBB13-617D-3270-8FA8-46583499C4FB} =>
C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll
[2021-10-12] (Intel Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] ->
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} =>
C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\nvshext.dll
[2021-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry.
The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4279344840-4050428063-4090944218-1001\Software\Microsoft\Internet
Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____
C:\Windows\system32\drivers\etc\hosts
2021-12-04 23:51 - 2021-12-05 11:10 - 000000444 _____
C:\Windows\system32\drivers\etc\hosts.ics
172.22.80.1 DESKTOP-74A964F.mshome.net # 2026 12 5 4 19 10 3 894
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4279344840-4050428063-4090944218-1001\Control
Panel\Desktop\\Wallpaper ->
c:\users\jrmon\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\03499.jpg
HKU\S-1-5-21-4279344840-4050428063-4090944218-1002\Control
Panel\Desktop\\Wallpaper ->
C:\Users\bleepit\AppData\Local\Microsoft\Windows\Themes\The
Solar\DesktopBackground\01_gettyimages-830948410_super_resized.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf
(enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver ->
oracle_VBoxNetLwf (enabled)
vEthernet (VirtualBox Host): VirtualBox NDIS6 Bridged Networking Driver ->
oracle_VBoxNetLwf (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf
(enabled)
vEthernet (Wi-Fi): VirtualBox NDIS6 Bridged Networking Driver ->
oracle_VBoxNetLwf (enabled)
vEthernet (Default Switch): VirtualBox NDIS6 Bridged Networking Driver ->
oracle_VBoxNetLwf (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: aakore => 2
MSCONFIG\Services: AcronisActiveProtectionService => 2
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPAppHelperCap => 2
MSCONFIG\Services: HPDiagsCap => 2
MSCONFIG\Services: HPNetworkCap => 2
MSCONFIG\Services: HPOmenCap => 2
MSCONFIG\Services: HPSysInfoCap => 2
MSCONFIG\Services: HpTouchpointAnalyticsService => 2
MSCONFIG\Services: iaStorAfsService => 3
MSCONFIG\Services: igccservice => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® TPM Provisioning Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: mmsminisrv => 2
MSCONFIG\Services: mobile_backup_server => 3
MSCONFIG\Services: mobile_backup_status_server => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: RtkAudioUniversalService => 2
MSCONFIG\Services: RtkBtManServ => 2
MSCONFIG\Services: SECOMNService => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: Tib Mounter Service => 3
MSCONFIG\Services: VBoxSDS => 3
MSCONFIG\Services: XTU3SERVICE => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKU\S-1-5-21-4279344840-4050428063-4090944218-1001\...\StartupApproved\Run: =>
"OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{2E9ECD81-B3D5-466B-993D-052B2841EEBD}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{93C8691C-3050-4600-B38C-3E38F77F68C3}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{98746500-0850-4106-9DD8-85F45E2362C1}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{34C0A4B5-8E11-49FD-9EEF-C971B396D843}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{AC020E04-823E-4840-8F82-530BB0F8A03E}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{1D24D773-2A24-4675-A167-AB851CC74265}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{C9EBB267-3B21-4536-9DB3-AC10C1AC532C}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{77BA8949-AC91-4B0A-AC3A-097DEF9CAAB0}] => (Allow) C:\Program
Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd)
FirewallRules: [{E9CBE344-71EB-4294-809A-03AFE896337C}] => (Allow) C:\Program
Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{751FD755-4A92-44C6-8598-8162D52B6125}] => (Allow) C:\Program
Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis
International GmbH -> )
FirewallRules: [{42499D61-726B-4F05-9F77-EA586624933A}] => (Allow) C:\Program
Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis
International GmbH -> Acronis International GmbH)
FirewallRules: [{579AD23E-8566-463A-A334-6FB127ED82B6}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{A3EE731D-4F48-448A-A32A-93F9E01D6CFE}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International
GmbH -> )
FirewallRules: [{8F177197-DA74-43C5-B0D5-D78497E93E60}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH
-> )
FirewallRules: [{37BF13DF-1A43-4CD5-B15D-18D54807CF54}] => (Allow) C:\Program
Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis
International GmbH -> )
FirewallRules: [{03514880-769D-4562-8BF5-EE968F6FA113}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH
-> )
FirewallRules: [{AE6C8D4E-28F0-4990-BB55-175031DFFC2A}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH
-> )
FirewallRules: [{2D7C4424-AC7E-4BF3-8F31-73705D7B05B1}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH
-> )
FirewallRules: [{2744DEEE-711B-4FD2-AA6B-5E39B37EA381}] => (Allow) C:\Program
Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
(Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{D635039A-B845-49EA-AB7B-9C9F0A422C24}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis
International GmbH -> )
FirewallRules: [{F7F0BD86-79E2-458E-9031-2E711DC9BCE1}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH ->
)
FirewallRules: [{33045CC3-9485-46FF-A93C-03CA84B9F289}] => (Allow) C:\Program
Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International
GmbH -> )
FirewallRules: [{055460FB-D7AC-463A-9030-A2CEC5D4A649}] => (Allow) C:\Program
Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International
GmbH -> )
FirewallRules: [{439C52D8-55C7-46D9-840E-CEC51CE00278}] => (Allow) C:\Program
Files (x86)\Acronis\Agent\bin\bckp_amgr.exe (Acronis International GmbH ->
Acronis International GmbH)
FirewallRules: [{BDF0D797-8806-4315-8491-9C0B192C48CA}] => (Allow) C:\Program
Files (x86)\Acronis\Agent\bin\task-manager.exe (Acronis International GmbH ->
Acronis International GmbH)
FirewallRules: [{B9BE0714-99A5-4787-8594-7B8950C6FAA8}] => (Allow) C:\Program
Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> )
FirewallRules: [{BCE9B6EB-C16D-4061-B556-0048663BB39B}] => (Allow) C:\Program
Files (x86)\Acronis\Agent\aakore.exe (Acronis International GmbH -> Acronis
International GmbH)
FirewallRules: [{30638DC8-D6EC-4170-883D-8B777959B506}] => (Allow) C:\Program
Files\Acronis\CyberProtect\cyber-protect-service.exe (Acronis International GmbH
-> Acronis International GmbH)
==================== Restore Points =========================
03-12-2021 08:06:12 Windows Update
04-12-2021 08:41:45 Windows Modules Installer
05-12-2021 14:20:07 Removed Microsoft Update Health Tools
==================== Faulty Device Manager Devices ============
Name: Realtek Gaming GbE Family Controller
Description: Realtek Gaming GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/05/2021 02:53:52 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5200,R,98) SRUJet: An attempt to open the file
"C:\Windows\system32\SRU\SRU.chk" for read / write access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail
with error -1032 (0xfffffbf8).
Error: (12/05/2021 02:51:42 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5200,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Windows\system32\SRU\SRU.log.
Error: (12/05/2021 02:51:42 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5200,R,98) SRUJet: An attempt to open the file
"C:\Windows\system32\SRU\SRU.log" for read / write access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail
with error -1032 (0xfffffbf8).
Error: (12/05/2021 02:51:32 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5200,R,98) SRUJet: An attempt to open the file
"C:\Windows\system32\SRU\SRU.chk" for read / write access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail
with error -1032 (0xfffffbf8).
Error: (12/05/2021 02:49:22 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5200,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Windows\system32\SRU\SRU.log.
Error: (12/05/2021 02:49:22 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5200,R,98) SRUJet: An attempt to open the file
"C:\Windows\system32\SRU\SRU.log" for read / write access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail
with error -1032 (0xfffffbf8).
Error: (12/05/2021 02:49:12 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (5200,R,98) SRUJet: An attempt to open the file
"C:\Windows\system32\SRU\SRU.chk" for read / write access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail
with error -1032 (0xfffffbf8).
Error: (12/05/2021 02:47:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5200,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Windows\system32\SRU\SRU.log.
System errors:
=============
Error: (12/05/2021 02:52:57 PM) (Source: Microsoft-Windows-Eventlog) (EventID:
23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=5) while
initializing logging resources for channel
Microsoft-Windows-Resource-Exhaustion-Resolver/Operational.
Error: (12/05/2021 02:46:16 PM) (Source: DCOM) (EventID: 10010) (User:
DESKTOP-74A964F)
Description: The server
Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXf8r3d8cn5hd71h9jyzah6ak9f3shj2d2.mca
did not register with DCOM within the required timeout.
Error: (12/05/2021 02:46:02 PM) (Source: DCOM) (EventID: 10010) (User:
DESKTOP-74A964F)
Description: The server
MicrosoftWindows.Client.CBS_120.2212.3920.0_x64__cw5n1h2txyewy!InputApp did not
register with DCOM within the required timeout.
Error: (12/05/2021 02:45:46 PM) (Source: DCOM) (EventID: 10010) (User:
DESKTOP-74A964F)
Description: The server
Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXf8r3d8cn5hd71h9jyzah6ak9f3shj2d2.mca
did not register with DCOM within the required timeout.
Error: (12/05/2021 02:45:46 PM) (Source: DCOM) (EventID: 10010) (User:
DESKTOP-74A964F)
Description: The server
Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI
did not register with DCOM within the required timeout.
Error: (12/05/2021 02:45:46 PM) (Source: DCOM) (EventID: 10010) (User:
DESKTOP-74A964F)
Description: The server
Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App
did not register with DCOM within the required timeout.
Error: (12/05/2021 02:45:20 PM) (Source: DCOM) (EventID: 10010) (User:
DESKTOP-74A964F)
Description: The server
Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca
did not register with DCOM within the required timeout.
Error: (12/05/2021 02:41:40 PM) (Source: DCOM) (EventID: 10010) (User:
DESKTOP-74A964F)
Description: The server
Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXf8r3d8cn5hd71h9jyzah6ak9f3shj2d2.mca
did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2021-12-03 02:35:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-12-02 23:52:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2021-12-05 04:57:45
Description:
Windows is unable to verify the image integrity of the file
\Device\HarddiskVolume5\ProgramData\Acronis\NGMP\1.0.0.1350\ngelam.x64.sys
because file hash could not be found on the system. A recent hardware or
software change might have installed a file that is signed incorrectly or
damaged, or that might be malicious software from an unknown source.
Date: 2021-12-05 04:57:45
Description:
Windows is unable to verify the image integrity of the file
\Device\HarddiskVolume5\Windows\ELAMBKUP\ngelam.sys because file hash could not
be found on the system. A recent hardware or software change might have
installed a file that is signed incorrectly or damaged, or that might be
malicious software from an unknown source.
Date: 2021-12-05 04:57:45
Description:
Windows is unable to verify the image integrity of the file
\Device\HarddiskVolume5\Windows\System32\drivers\ngelam.sys because file hash
could not be found on the system. A recent hardware or software change might
have installed a file that is signed incorrectly or damaged, or that might be
malicious software from an unknown source.
Date: 2021-12-05 04:57:37
Description:
Code Integrity determined that a process (System) attempted to load
\Device\HarddiskVolume5\Windows\System32\drivers\amsdk.sys that is not
compatible with hypervisor enforcement. Failure bitmap 0x8. Status 0xC000004E.
Date: 2021-12-05 04:21:39
Description:
Windows is unable to verify the image integrity of the file
\Device\HarddiskVolume4\ProgramData\Acronis\NGMP\1.0.0.1350\ngelam.x64.sys
because file hash could not be found on the system. A recent hardware or
software change might have installed a file that is signed incorrectly or
damaged, or that might be malicious software from an unknown source.
Date: 2021-12-05 04:21:39
Description:
Windows is unable to verify the image integrity of the file
\Device\HarddiskVolume4\Windows\ELAMBKUP\ngelam.sys because file hash could not
be found on the system. A recent hardware or software change might have
installed a file that is signed incorrectly or damaged, or that might be
malicious software from an unknown source.
Date: 2021-12-05 04:21:39
Description:
Windows is unable to verify the image integrity of the file
\Device\HarddiskVolume4\Windows\System32\drivers\ngelam.sys because file hash
could not be found on the system. A recent hardware or software change might
have installed a file that is signed incorrectly or damaged, or that might be
malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Insyde F.50 08/18/2021
Motherboard: HP 85FC
Processor: Intel® Core™ i5-9300H CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 32609.06 MB
Available physical RAM: 23982.89 MB
Total Virtual: 37473.06 MB
Available Virtual: 26564.33 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:680.34 GB) (Free:209.29 GB) NTFS
Drive d: (Expansion) (Fixed) (Total:7451.84 GB) (Free:7122.97 GB) NTFS
Drive h: () (Fixed) (Total:250.56 GB) (Free:249.3 GB) NTFS
\\?\Volume{3feaa3b5-43f1-4bef-a4d2-9e78732fe0c1}\ () (Fixed) (Total:0.5 GB)
(Free:0.08 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed)
(Total:8 GB) (Free:7.51 GB) NTFS
\\?\Volume{f47787c7-ffc9-499b-aa85-5e267bab3ed6}\ () (Fixed) (Total:0.09 GB)
(Free:0.07 GB) FAT32
\\?\Volume{928e2d8f-d710-4b1f-a014-33b9d6de6ebb}\ (EFI) (Fixed) (Total:0.19 GB)
(Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C409A8A5)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V142603 Read More
Read More Read More Read More Read More Read More Telecom operators targeted in
recent espionagehacking campaign 1/1 Skip Ad Continue watching after the ad
Visit Advertiser website GO TO PAGE
--------------------------------------------------------------------------------
#2 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 48,584 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:04:45 AM
Posted 09 December 2021 - 10:40 AM
Greetings FDSEARCHANDRESCUE and to BleepingComputer's
Virus/Trojan/Spyware/Malware Removal forum.
My name is Oh My! and I am here to help you! Now that we are "friends" please
call me Gary.
If you would allow me to call you by your first name I would prefer to do that.
===================================================
Ground Rules:
* First, please keep in mind most of us at BleepingComputer volunteer our
assistance for your benefit in your time of need. Please try to match our
commitment to you with your patience toward us.
* It is important to not run any tools or take any steps other than those I
will provide for you.
* Please perform all steps in the order they are listed. If things are not
clear or you experience problems be sure to stop and let me know.
* Please copy and paste all logs into your post unless otherwise requested.
* When your computer is clean I will let you know, provide instructions to
remove tools and reports, and offer you information about how you can combat
future infections.
* If you do not reply to your topic after 5 days I will assume it has been
abandoned and I will close it.
===================================================
Now that I am assisting you, you can expect that I will be very responsive to
your situation. If you are able, I would request you check this thread at least
once per day so that we can try to resolve your issues effectively and
efficiently. If you are going to be delayed please be considerate and let me
know.
Quote
> C:\Users\bleepit
Can you tell me if you created a User Profile containing a vulgarity (censored
by the Forum) on December 5th? You may have but it appears odd.
Please run a new FRST scan and copy/paste the reports in your reply.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." The story
* Back to top
--------------------------------------------------------------------------------
#3 FDSEARCHANDRESCUE
FDSEARCHANDRESCUE
* Topic Starter
*
* Members
* 76 posts
* OFFLINE
Posted 09 December 2021 - 07:26 PM
hi Gary I'm joey.
ok yes i did create that after doing some trouble shooting with Microsoft the
last thing was to create a new profile. i pulled the drive and set it aside
until someone was able to help i know you guys are busy. so I am going to pop it
in another machine and run first.
Edited by FDSEARCHANDRESCUE, 09 December 2021 - 07:28 PM.
* Back to top
--------------------------------------------------------------------------------
#4 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 48,584 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:04:45 AM
Posted 09 December 2021 - 07:53 PM
Please put the drive back into:
HP HP Pavilion Gaming Laptop 15-dk0xxx
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." The story
* Back to top
--------------------------------------------------------------------------------
#5 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 48,584 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:04:45 AM
Posted 12 December 2021 - 09:23 AM
Greetings,
===================================================
Do You Still Need Help?
It has been 3 days since my last post.
* Do you still need help with this?
* If you have not replied within 48 hours I will assume you have abandoned the
Topic and it will be closed.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." The story
* Back to top
--------------------------------------------------------------------------------
#6 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 48,584 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:04:45 AM
Posted Yesterday, 09:35 AM
Due to the lack of feedback, this topic is now closed.
In the event you still have problems, please send me or any Moderator a Private
Message and ask them to reopen this topic within the next 5 days.
Please include a link to your topic in the Private Message. Thank you.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." The story
* Back to top
--------------------------------------------------------------------------------
#7 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 48,584 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:04:45 AM
Posted Yesterday, 05:54 PM
This topic has been re-opened at the request of the person who originally
posted.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." The story
* Back to top
--------------------------------------------------------------------------------
#8 FDSEARCHANDRESCUE
FDSEARCHANDRESCUE
* Topic Starter
*
* Members
* 76 posts
* OFFLINE
Posted Yesterday, 06:46 PM
https://photos.app.goo.gl/oWEGy3Asdg6zEFgm9
ok so i was not able to boot from the drive it keep crashing. i did a mbr
repair threw bootrec, diskguinus and used a rescue boot disk i made for this
drive and system upon install. nothing i can test the disk and access it but
not boot from it anymore as the internal hard disk or a usb device. but the
good news is that while doing al this it spread to my new hard drive YAY!!
first is the oWEGy3Asdg6zEFgm9from this drive.
can we fix this file limit it says that i am only aloud to upload 201 bytes what
can you do with that ? the frst is 81,920 bytes. i dont know ?
guess ill paste
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by Joey (14-12-2021 15:39:29)
Running from C:\Users\Joey\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1288 (X64) (2021-12-07 08:07:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2758094690-2439988773-3979467050-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-2758094690-2439988773-3979467050-503 - Limited -
Disabled)
Guest (S-1-5-21-2758094690-2439988773-3979467050-501 - Limited - Disabled)
JoeDi (S-1-5-21-2758094690-2439988773-3979467050-1002 - Limited - Disabled)
Joey (S-1-5-21-2758094690-2439988773-3979467050-1001 - Administrator - Enabled)
=> C:\Users\Joey
jrmon (S-1-5-21-2758094690-2439988773-3979467050-1003 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2758094690-2439988773-3979467050-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.4.100.1026 - BlueStack
Systems, Inc.)
Cloudflare WARP (HKLM\...\{D55A061C-EB73-4FC2-BFBD-A6AF494A94D5}) (Version:
21.11.155.0 - Cloudflare, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.53 - Microsoft
Corporation)
Microsoft Office Professional Edition 2003
(HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
(HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 -
Microsoft Corporation)
NVIDIA Graphics Driver 462.80
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version:
462.80 - NVIDIA Corporation)
Ultimaker Cura 4.12.1 (HKLM-x32\...\Ultimaker Cura 4.12.1) (Version: 4.12.1 -
Ultimaker B.V.)
Packages:
=========
B&O Audio Control -> C:\Program
Files\WindowsApps\AD2F1837.BOAudioControl_1.15.226.0_x64__v10z8vjag6ke6
[2021-12-07] (HP Inc.)
Intel® Graphics Command Center -> C:\Program
Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt
[2021-12-07] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program
Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1021.0_x64__8j3eq9eme6ctt
[2021-12-07] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe
[2021-12-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe
[2021-12-08] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program
Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj
[2021-12-07] (NVIDIA Corp.)
Photos Add-on -> C:\Program
Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe
[2021-12-14] (Microsoft Corporation)
Python 3.9 -> C:\Program
Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.2544.0_x64__qbz5n2kfra8p0
[2021-12-14] (Python Software Foundation)
Ultra Office -> C:\Program
Files\WindowsApps\D5BE6627.UltraOffice_1.0.11.0_x86__9pm2v9747qaaa [2021-12-14]
(CompuClever Systems Inc.)
Windbg Preview -> C:\Program
Files\WindowsApps\Microsoft.WinDbg_1.2111.9001.0_neutral__8wekyb3d8bbwe
[2021-12-14] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-2758094690-2439988773-3979467050-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32
->
C:\Users\Joey\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll
=> No File
CustomCLSID:
HKU\S-1-5-21-2758094690-2439988773-3979467050-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32
->
C:\Users\Joey\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll
=> No File
CustomCLSID:
HKU\S-1-5-21-2758094690-2439988773-3979467050-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32
->
C:\Users\Joey\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll
=> No File
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] ->
{A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} =>
C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll
[2021-10-12] (Intel Corporation -> )
ContextMenuHandlers3: [OptaneContextMenu] ->
{AD7EBB13-617D-3270-8FA8-46583499C4FB} =>
C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll
[2021-10-12] (Intel Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] ->
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} =>
C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\nvshext.dll
[2021-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-12-14 15:07 - 2021-12-14 15:07 - 000009728 _____ () [File not signed]
C:\Users\Joey\AppData\Local\Temp\nscCEB4.tmp\nsDialogs.dll
2021-12-14 15:07 - 2021-12-14 15:07 - 000012288 _____ () [File not signed]
C:\Users\Joey\AppData\Local\Temp\nscCEB4.tmp\System.dll
2021-12-14 15:07 - 2021-12-14 15:07 - 000002560 _____ () [File not signed]
C:\Users\Joey\AppData\Local\Temp\nscCEB4.tmp\w7tbp.dll
2002-01-05 08:03 - 2002-01-05 08:03 - 000176128 _____ (Microsoft Corporation)
[File not signed] C:\Program Files (x86)\Common Files\Microsoft
Shared\VS7DEBUG\MSDBG2.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2758094690-2439988773-3979467050-1001\Software\Microsoft\Internet
Explorer\Main,Start Page = about:blank
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files
(x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
[2000-04-19] (Microsoft Corporation) [File not signed]
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 _____
C:\Windows\system32\drivers\etc\hosts
2021-12-11 09:35 - 2021-12-14 10:13 - 000000444 _____
C:\Windows\system32\drivers\etc\hosts.ics
172.27.208.1 DESKTOP-KESVKF2.mshome.net # 2026 12 0 13 18 13 45 37
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2758094690-2439988773-3979467050-1001\Control
Panel\Desktop\\Wallpaper ->
C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Cloudflare WARP.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{91934992-13EA-4A3B-86E7-9ADA61A486BA}C:\program
files\ultimaker cura 4.12.1\cura.exe] => (Allow) C:\program files\ultimaker cura
4.12.1\cura.exe (Ultimaker B.V.) [File not signed]
FirewallRules: [UDP Query User{F9823E9D-C28C-4889-8B76-5344E711428F}C:\program
files\ultimaker cura 4.12.1\cura.exe] => (Allow) C:\program files\ultimaker cura
4.12.1\cura.exe (Ultimaker B.V.) [File not signed]
FirewallRules: [{07E3D108-A7AA-4B61-AE9A-F95F4F55827E}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8B5B6CCB-2BEE-4FFF-B93A-C1DE6D2C6D66}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E6A34B7-711C-4AB9-9FD6-08A2DC6AB139}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EB4EE066-9C92-48F8-85FA-16776BFD87D1}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50BCFEAA-D61D-4232-8B97-173C0E9D93F0}] => (Allow) C:\Program
Files\Cloudflare\Cloudflare WARP\warp-svc.exe (Cloudflare, Inc. -> )
FirewallRules: [{C5D5FCD0-6269-42A4-8D9E-98F515CD0EE3}] => (Allow) C:\Program
Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{97A6FBB1-2D4D-4AE8-9AD2-E596B7DB7E53}] => (Allow) C:\Program
Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems)
FirewallRules: [{98F089C5-2ACA-4ADC-A9A5-83054979FD13}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.WinDbg_1.2111.9001.0_neutral__8wekyb3d8bbwe\x86\EngHost.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1AD10466-5B35-466C-AD9E-5D424D3A7D34}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.WinDbg_1.2111.9001.0_neutral__8wekyb3d8bbwe\x86\EngHost.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF93E620-C882-4A23-A63F-670970DCD926}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.WinDbg_1.2111.9001.0_neutral__8wekyb3d8bbwe\amd64\EngHost.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8BDCE24-B80E-4D8D-99DE-BFA214C60DD0}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.WinDbg_1.2111.9001.0_neutral__8wekyb3d8bbwe\amd64\EngHost.exe
(Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
09-12-2021 11:57:48 Installed Cloudflare WARP
11-12-2021 07:35:34 Windows Modules Installer
14-12-2021 04:19:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
==================== Faulty Device Manager Devices ============
Name: Realtek RTL8822BE 802.11ac PCIe Adapter
Description: Realtek RTL8822BE 802.11ac PCIe Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/14/2021 03:38:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error
DeviceIoControl(\\?\Volume{addb37f6-b433-4216-9be0-0b38e8911e64} -
0000000000000250,0x0053c008,00000242FF806350,0,00000242FF807380,4096,[0]). hr =
0x80070005, Access is denied.
.
Operation:
Processing EndPrepareSnapshots
Context:
Execution Context: System Provider
Error: (12/14/2021 03:38:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error
DeviceIoControl(\\?\Volume{addb37f6-b433-4216-9be0-0b38e8911e64} -
0000000000000254,0x0053c038,00000242FF80A540,0,00000242FF80B570,4096,[0]). hr =
0x80070005, Access is denied.
.
Operation:
Processing EndPrepareSnapshots
Context:
Volume Name: \\?\Volume{addb37f6-b433-4216-9be0-0b38e8911e64}\
Execution Context: System Provider
Error: (12/14/2021 03:38:13 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error
DeviceIoControl(\\?\Volume{addb37f6-b433-4216-9be0-0b38e8911e64} -
00000000000001F4,0x0053c038,00000242FF80A540,0,00000242FF80B570,4096,[0]). hr =
0x80070005, Access is denied.
.
Operation:
Removing auto-release shadow copies
Loading provider
Context:
Volume Name: \\?\Volume{addb37f6-b433-4216-9be0-0b38e8911e64}\
Execution Context: System Provider
Error: (12/14/2021 03:27:16 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error
DeviceIoControl(\\?\Volume{addb37f6-b433-4216-9be0-0b38e8911e64} -
000000000000025C,0x0053c038,00000269EB00A540,0,00000269EB00B570,4096,[0]). hr =
0x80070005, Access is denied.
.
Operation:
Removing auto-release shadow copies
Loading provider
Context:
Volume Name: \\?\Volume{addb37f6-b433-4216-9be0-0b38e8911e64}\
Execution Context: System Provider
Error: (12/14/2021 02:40:24 PM) (Source: Microsoft-Windows-Defrag) (EventID:
264) (User: )
Description: The storage optimizer couldn't complete retrim on PortableBaseLayer
(C:\ProgramData\Microsoft\Windows\Containers\BaseImages\712635ba-8e24-4d10-8fb9-e9de5e553dd3\BaseLayer)
because: The file move failed. (0x89000016)
Error: (12/14/2021 02:40:24 PM) (Source: Microsoft-Windows-Defrag) (EventID:
264) (User: )
Description: The storage optimizer couldn't complete retrim on
CCCOMA_X64FRE_EN-US_DV9 (D:) because: The operation requested is not supported
by the hardware backing the volume. (0x8900002A)
Error: (12/12/2021 12:43:43 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error
DeviceIoControl(\\?\Volume{addb37f6-b433-4216-9be0-0b38e8911e64} -
0000000000000234,0x0053c008,00000239C5C06350,0,00000239C5C07380,4096,[0]). hr =
0x80070005, Access is denied.
.
Operation:
Processing EndPrepareSnapshots
Context:
Execution Context: System Provider
Error: (12/11/2021 09:30:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
System errors:
=============
Error: (12/14/2021 03:29:48 PM) (Source: Service Control Manager) (EventID:
7030) (User: )
Description: The Machine Debug Manager service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.
Error: (12/11/2021 09:30:51 AM) (Source: Service Control Manager) (EventID:
7000) (User: )
Description: The VMSP service failed to start due to the following error:
Insufficient system resources exist to complete the requested service.
Error: (12/11/2021 09:30:50 AM) (Source: Service Control Manager) (EventID:
7001) (User: )
Description: The hns service depends on the VfpExt service which failed to start
because of the following error:
A device attached to the system is not functioning.
Error: (12/11/2021 04:34:54 AM) (Source: Service Control Manager) (EventID:
7031) (User: )
Description: The HP Analytics service service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error: (12/11/2021 04:34:30 AM) (Source: Service Control Manager) (EventID:
7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.
Error: (12/11/2021 04:34:04 AM) (Source: Service Control Manager) (EventID:
7031) (User: )
Description: The HP Analytics service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.
Error: (12/11/2021 12:13:55 AM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The Sound Research SECOMN Service service terminated unexpectedly.
It has done this 1 time(s).
Error: (12/11/2021 12:13:11 AM) (Source: Service Control Manager) (EventID:
7031) (User: )
Description: The Realtek Audio Universal Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 0 milliseconds: Restart the service.
Windows Defender:
================
Date: 2021-12-14 15:38:18
Description:
Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making
changes to memory.
Detection time: 2021-12-14T23:38:18.257Z
Path: \Device\HarddiskVolume1
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.355.247.0
Engine Version: 1.1.18800.4
Product Version: 4.18.2110.6
Date: 2021-12-14 15:27:21
Description:
Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making
changes to memory.
Detection time: 2021-12-14T23:27:21.299Z
Path: \Device\HarddiskVolume1
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.355.247.0
Engine Version: 1.1.18800.4
Product Version: 4.18.2110.6
Date: 2021-12-14 11:40:50
Description:
C:\Program
Files\WindowsApps\D5BE6627.UltraOffice_1.0.11.0_x86__9pm2v9747qaaa\program\soffice.bin
has been blocked from modifying %userprofile%\Documents by Controlled Folder
Access.
Detection time: 2021-12-14T19:40:50.794Z
Path: %userprofile%\Documents
Process Name: C:\Program
Files\WindowsApps\D5BE6627.UltraOffice_1.0.11.0_x86__9pm2v9747qaaa\program\soffice.bin
Security intelligence Version: 1.355.247.0
Engine Version: 1.1.18800.4
Product Version: 4.18.2110.6
Date: 2021-12-14 11:40:42
Description:
C:\Program
Files\WindowsApps\D5BE6627.UltraOffice_1.0.11.0_x86__9pm2v9747qaaa\program\soffice.bin
has been blocked from modifying %userprofile%\Documents by Controlled Folder
Access.
Detection time: 2021-12-14T19:40:42.701Z
Path: %userprofile%\Documents
Process Name: C:\Program
Files\WindowsApps\D5BE6627.UltraOffice_1.0.11.0_x86__9pm2v9747qaaa\program\soffice.bin
Security intelligence Version: 1.355.247.0
Engine Version: 1.1.18800.4
Product Version: 4.18.2110.6
Date: 2021-12-14 08:46:33
Description:
Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making
changes to memory.
Detection time: 2021-12-14T16:46:33.346Z
Path: \Device\CdRom0
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: 1.355.236.0
Engine Version: 1.1.18800.4
Product Version: 4.18.2110.6
==================== Memory info ===========================
BIOS: Insyde F.50 08/18/2021
Motherboard: HP 85FC
Processor: Intel® Core™ i5-9300H CPU @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 32609.18 MB
Available physical RAM: 23230 MB
Total Virtual: 37473.18 MB
Available Virtual: 25983.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.86 GB) (Free:171.64 GB) NTFS
Drive e: (NEW) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS
\\?\Volume{1a492c3c-0647-48d1-849a-f31d3b1785ef}\ () (Fixed) (Total:0.5 GB)
(Free:0.08 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed)
(Total:8 GB) (Free:7.52 GB) NTFS
\\?\Volume{f2f9de24-b938-4fcb-89f5-818a4d817a5c}\ () (Fixed) (Total:0.09 GB)
(Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 66C18C18)
Partition: GPT.
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
* Back to top
--------------------------------------------------------------------------------
#9 FDSEARCHANDRESCUE
FDSEARCHANDRESCUE
* Topic Starter
*
* Members
* 76 posts
* OFFLINE
Posted Yesterday, 06:47 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
Ran by Joey (administrator) on DESKTOP-KESVKF2 (HP HP Pavilion Gaming Laptop
15-dk0xxx) (14-12-2021 15:38:03)
Running from C:\Users\Joey\Downloads
Loaded Profiles: Joey
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1288 (X64) Language:
English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(Cloudflare, Inc. -> ) C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
C:\Windows\System32\ETDService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
<24>
(HP Inc. -> HP Inc.)
C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.)
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.)
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\BridgeCommunication.exe
(HP Inc. -> HP Inc.)
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\DiagsCap.exe
(HP Inc. -> HP Inc.)
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\NetworkCap.exe
(HP Inc. -> HP Inc.)
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\SysInfoCap.exe
(HP Inc. -> HP Inc.)
C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_57d17b764309f47c\x64\OmenCap\OmenCap.exe
(Intel Corporation -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel Corporation -> Intel® Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxEM.exe
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a9a2dde7124f013f\OneApp.IGCC.WinService.exe
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d60a3faa7932ec00\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d60a3faa7932ec00\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation)
C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_86dc7f4c001ddecd\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common
Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common
Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files
(x86)\Microsoft\Edge\Application\msedge.exe <18>
(Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.WindowsStore_22111.1401.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation)
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor
Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation)
C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\Display.NvContainer\NVDisplay.Container.exe
<2>
(Rare Ideas LLC -> PortableApps.com)
C:\Users\Joey\Downloads\LibreOfficePortable_7.2.2_MultilingualStandard.paf.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor)
C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe
(Sound Research Corporation -> Sound Research, Corp.)
C:\Windows\System32\SECOMN64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll
[3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher ->
Logitech)
HKLM\...\Run: [RtkAudUService] =>
C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe
[1201448 2020-10-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-2758094690-2439988773-3979467050-1001\...\MountPoints2:
{85b9ba4d-5734-11ec-b9bc-b3466831f866} - "E:\SETUP.EXE" /AUTORUN
HKU\S-1-5-21-2758094690-2439988773-3979467050-1001\Control
Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [154624
2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program
Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-13]
(Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components:
[{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudflare
WARP.lnk [2021-12-09]
ShortcutTarget: Cloudflare WARP.lnk -> C:\Program Files\Cloudflare\Cloudflare
WARP\Cloudflare WARP.exe (Cloudflare, Inc. -> Cloudflare)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {010D69E9-28AB-4063-BF2C-80035AC05D4C} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe
[901056 2021-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {144E117E-E42E-4BB3-AD86-201166F2E808} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-08] (Google LLC -> Google
LLC)
Task: {81923D48-6D79-4479-B646-7CDC6EB99F77} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exe
[901056 2021-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A6FAF667-A2E6-466D-94BC-099037850793} -
System32\Tasks\BlueStacksHelper_nxt => C:\Program
Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-12-02] (Bluestack
Systems, Inc -> BlueStack Systems, Inc.)
Task: {ADF50696-18D5-44B7-9F9C-1BBAAFB1F79B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-12-07] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {C166B2B6-69A4-4367-8024-5BCD3B9C649F} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-08] (Google LLC -> Google
LLC)
Task: {E001C053-2516-496F-BA22-37CC43F8CA3C} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-12-07] (Microsoft
Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{6e813159-5816-4cff-bc8c-d37be8c14bfb}: [DhcpNameServer]
1.1.1.1 1.0.0.1
Tcpip\..\Interfaces\{6e8ddb6b-09d2-4ca2-b1a7-d75acbc95162}: [DhcpNameServer]
1.1.1.1 1.0.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Joey\AppData\Local\Microsoft\Edge\User Data\Default
[2021-12-14]
Edge HomePage: Default -> hxxp://google.com/
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultSuggestURL: Default ->
hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Google Translate) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-12-07]
Edge Extension: (Honey) - C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-12-07]
Edge Extension: (Print This Frame!) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\bamldpmhndfcingobhmkholjnkioglob [2021-12-07]
Edge Extension: (Nimbus Screenshot & Screen Video Recorder) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2021-12-07]
Edge Extension: (DuckDuckGo) - C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2021-12-07]
Edge Extension: (Picture-in-Picture Everywhere) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2021-12-07]
Edge Extension: (Grammarly for Microsoft Edge) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2021-12-14]
Edge Extension: (MightyText - SMS from PC & Text from Computer) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2021-12-07]
Edge Extension: (Adobe Acrobat) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-07]
Edge Extension: (Open in PDF Viewer) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ehndikigeekodlnbohjndjjiikphickb [2021-12-07]
Edge Extension: (GoFullPage - Full Page Screen Capture) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-12-07]
Edge Extension: (Wayback Machine) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2021-12-07]
Edge Extension: (Office - Enable Copy and Paste) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2021-12-07]
Edge Extension: (HTML5 PDF Printing in Chrome) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ijijaapeochdlcbbagbccnggdljabank [2021-12-07]
Edge Extension: (Capital One Shopping: Add to Edge for Free) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2021-12-14]
Edge Extension: (Print Selection to PDF) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\leelcgmlfncnjldfomkmpefndongkijg [2021-12-07]
Edge Extension: (Buster: Captcha Solver for Humans) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\mpbjkejclgfgadiemmefgebjfooflfhl [2021-12-07]
Edge Extension: (AdBlock — best ad blocker) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-12-07]
Edge Extension: (Microsoft Rewards) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\nlbmdekgjkajiobkcbpolefohlelfhfe [2021-12-07]
Edge Extension: (Alto Unlock PDF by PDFfiller) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\obhnipnolfnallbhomgbkmfpnnjnpnce [2021-12-07]
Edge Extension: (ScriptSafe) - C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2021-12-07]
Edge Extension: (Print Edit WE) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\olnblpmehglpcallpnbgmikjblmkopia [2021-12-07]
Edge Extension: (Coupert - Automatic Coupon Finder & Cashback) -
C:\Users\Joey\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\pefhciejnkgdgoahgfeklebcbpmhnhhd [2021-12-14]
Chrome:
=======
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
[2021-12-14]
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default ->
"hxxps://www.google.com/","hxxp://isearch.avg.com/?cid={A2386DE4-FE46-4CD5-92B4-F38774BFD2E7}&mid=1d278627fef347d0a3b1d14acce4e9e6-5c71cbb8cdc649a56d368e1fe905acc554930569&lang=&ds=&pr=&d=2012-07-08%2007:37:13&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={A2386DE4-FE46-4CD5-92B4-F38774BFD2E7}&mid=1d278627fef347d0a3b1d14acce4e9e6-5c71cbb8cdc649a56d368e1fe905acc554930569&lang=&ds=&pr=&d=2012-07-08%2007:37:13&v=15.2.0.5&pid=avg&sg=0&sap=hp","hxxp://isearch.avg.com/?cid={A2386DE4-FE46-4CD5-92B4-F38774BFD2E7}&mid=1d278627fef347d0a3b1d14acce4e9e6-5c71cbb8cdc649a56d368e1fe905acc554930569&lang=&ds=&coid=&cmpid=&pr=&d=2012-07-08%2007:37:13&v=18.1.9.799&pid=avg&sg=0&sap=hp","hxxps://www.google.com/","hxxps://www.google.com/?trackid=sp-006","hxxps://www.google.com/","hxxps://www.google.com","hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={A5705990-393D-11E2-B345-50E549C22E60}","hxxps://mysearch.avg.com?cid={3B7BB920-7F17-491D-AD47-5D1FD282E10C}&mid=302759cf219e47d2a74c557dd16a3aaf-28d70fb03b44511fb8d5e95dffa10d73ebd768b7&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-06-11
19:09:57&v=3.1.0.7&pid=wtu&sg=&sap=hp","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default ->
hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Google Translate) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-12-08]
CHR Extension: (Slides) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-08]
CHR Extension: (Dark Theme for Google Chrome) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2021-12-08]
CHR Extension: (Docs) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-08]
CHR Extension: (Google Drive) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-08]
CHR Extension: (DuckDuckGo) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-12-08]
CHR Extension: (YouTube) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-08]
CHR Extension: (Honey) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-12-08]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2021-12-08]
CHR Extension: (De-Mainstream YouTube™) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dkcdmdpcapjlaoioeenamjdanpeehjan [2021-12-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-08]
CHR Extension: (Microsoft Rewards) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2021-12-08]
CHR Extension: (Sheets) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-08]
CHR Extension: (Word Online) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2021-12-08]
CHR Extension: (Qualys BrowserCheck for Windows) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\foklmnihmhdobgonljkdamiiohnobkff [2021-12-08]
CHR Extension: (Wayback Machine) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2021-12-08]
CHR Extension: (Google Docs Offline) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-08]
CHR Extension: (AdBlock — best ad blocker) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-12-13]
CHR Extension: (Office - Enable Copy and Paste) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2021-12-08]
CHR Extension: (RetailMeNot Deal Finder™️) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jjfblogammkiefalfpafidabbnamoknm [2021-12-08]
CHR Extension: (Grammarly for Chrome) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-12-08]
CHR Extension: (Google Play) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2021-12-08]
CHR Extension: (Who stole my pictures?) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mcdbnfhkikiofkkicppioekloflmaibd [2021-12-08]
CHR Extension: (PowerPoint Online) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2021-12-08]
CHR Extension: (Coupert - Automatic Coupon Finder & Cashback) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2021-12-08]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-12-08]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-08]
CHR Extension: (Xodo PDF Viewer & Editor) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\okimpmfnmbjbaciaeaikdiecpobfomfh [2021-12-08]
CHR Extension: (EXE/DLL PE Viewer and Editor) -
C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pamiaaolplcjdpjbejdkmlpgnfjgohff [2021-12-08]
CHR Extension: (Gmail) - C:\Users\Joey\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-08]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 CloudflareWARP; C:\Program Files\Cloudflare\Cloudflare WARP\\warp-svc.exe
[14127032 2021-11-16] (Cloudflare, Inc. -> )
R2 HPAppHelperCap;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\AppHelperCap.exe
[755704 2021-09-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\DiagsCap.exe
[754184 2021-09-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\NetworkCap.exe
[751104 2021-09-24] (HP Inc. -> HP Inc.)
R2 HPOmenCap;
C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_57d17b764309f47c\x64\OmenCap\OmenCap.exe
[690160 2021-09-28] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_fac814d252ae9e85\x64\SysInfoCap.exe
[754688 2021-09-24] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService;
C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\TouchpointAnalyticsClientService.exe
[494688 2021-09-24] (HP Inc. -> HP Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [5414976 2021-12-07] (Microsoft Windows Publisher ->
Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-12-07] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-12-07] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem;
C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\Display.NvContainer\NVDisplay.Container.exe
-s NVDisplay.ContainerLocalSystem -f
%ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d
C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\Display.NvContainer\plugins\LocalSystem
-r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R3 AmPeStorU; C:\Windows\system32\drivers\AmPeStorU.sys [243744 2020-08-27]
(Alcorlink Corp. -> )
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320744
2021-12-02] (Bluestack Systems, Inc -> Bluestack System Inc.)
R3 HPCustomCapDriver;
C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys
[25592 2021-09-16] (HP Inc. -> HP Inc.)
R3 HPOmenCustomCapDriver;
C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys
[33464 2018-12-19] (HP Inc. -> HP Inc.)
R3 MpKsl47b456d7; C:\ProgramData\Microsoft\Windows Defender\Definition
Updates\{5A966585-9B77-44E4-9289-8B8D6BE83F44}\MpKslDrv.sys [134376 2021-12-14]
(Microsoft Windows -> Microsoft Corporation)
R3 ViGEmBus;
C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_e84845c70c38fbe7\x64\ViGEmBus.sys
[74648 2018-08-01] (HP Inc. -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-12-07]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [435424 2021-12-07]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-12-07]
(Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64;
C:\Windows\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP
Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
* Back to top
--------------------------------------------------------------------------------
#10 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 48,584 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:04:45 AM
Posted Yesterday, 07:43 PM
You need to put the original hard drive in even though you can't boot. That is
the only drive we will be working on in this topic. Let me know when it is back
in the computer and I will provide more instructions.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." The story
* Back to top
--------------------------------------------------------------------------------
#11 FDSEARCHANDRESCUE
FDSEARCHANDRESCUE
* Topic Starter
*
* Members
* 76 posts
* OFFLINE
Posted Yesterday, 08:24 PM
ok its in
* Back to top
--------------------------------------------------------------------------------
#12 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 48,584 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:04:45 AM
Posted Yesterday, 10:30 PM
Please do this.
===================================================
Farbar Recovery Scan Tool Scan Booting From Media Creation Tool
--------------------
* If necessary, create a Windows 10 installation media following the Download
Tool Now - Using the tool to create installation media (USB flash drive, DVD,
or ISO file) to install Windows 10 on a different PC (click to show more or
less information) instructions.
* Download Farbar Recover Scan Tool for 64 bit systems and save it to the Media
Creation Tool USB device
* Insert the USB containing the Windows Media Creation Tool and FRST into the
compromised computer
* Start the computer and repeatedly tap the F9 key (may be a different key)
repeatedly, about once every second, until the Boot Device Options screen
appears. If you are unable to complete this stop and let me know
* Scroll down to the USB device and hit Enter
* Select Repair your computer
* Once you are in the System Recovery Options menu you will get the following
options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
* Select Command Prompt
* In the command window type in Notepad and press Enter
* Under File menu select Open
* Select Computer and find your flash drive letter
* Double click on the USB device
* Under Files of type: click the down arrow then select All files
* Right click on the FRST64 and select Run as administrator
* Click Yes to the disclaimer that may appear
* Click the Scan button
* When completed a FRST.txt document will be created on the flash drive
* Copy and paste the contents of the report in your reply
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste
the information rather than send an attachment.
* FRST.txt
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." The story
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
1 USER(S) ARE READING THIS TOPIC
0 members, 1 guests, 0 anonymous users
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2021 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy