Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Sent by BC Mod to this forum - incompat Graphics driver won't allow MemIntegrity


  • Please log in to reply
22 replies to this topic

#1 Delusionz

Delusionz

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 10 April 2024 - 04:56 PM

...... and many other mentionable errors/problems on a clean install (x 2) for Windows 10 Pro. 

 

BC Moderator sent me here for additional help with cleanup of the device. See previous posts at this forum:

 

igdkmd64.sys (times 2) incompatible drivers prevent Memory Integrity from ON - Page 2 - Windows 10 Support (bleepingcomputer.com)

 

Here is my Speccy:

 

http://speccy.piriform.com/results/og1t4fWUROPlCYhI3uAbyrT

 

Here is the updated MTB.txt

 

MiniToolBox by Farbar  Version: 13-05-2022

Ran by nc2un (administrator) on 10-04-2024 at 16:46:41

Running from "C:\Users\nc2un\Downloads"

Microsoft Windows 10 Pro  (X64)

Model: OptiPlex 9020 Manufacturer: Dell Inc.

Boot Mode: Normal

***************************************************************************

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (04/10/2024 04:44:59 PM) (Source: Windows Search Service) (EventID: 1019) (User: )

Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2886619696-1302744882-3861898303-1001}/">.

 

Error: (04/10/2024 04:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x0cb7f68b

Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89

Exception code: 0xc0000409

Fault offset: 0x000000000007286e

Faulting process id: 0xa38

Faulting application start time: 0x01da8b8db6e214f0

Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: c70a4500-97d6-449f-90c3-3b1fe288000b

Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

 

Error: (04/10/2024 10:46:39 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HPPrintScanDoctorExt.exe, version: 6.0.0.0, time stamp: 0x65d87539

Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800

Exception code: 0xc0000409

Fault offset: 0x000000000007e72c

Faulting process id: 0x2688

Faulting application start time: 0x01da8b5e45717f88

Faulting application path: C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6\DesktopExtension\HPPrintScanDoctorExt.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: 491a1d14-7617-4175-8a87-887ec483b08f

Faulting package full name: AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6

Faulting package-relative application ID: AD2F1837.HPPrinterControl

 

Error: (04/10/2024 10:46:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HPPrintScanDoctorExt.exe, version: 6.0.0.0, time stamp: 0x65d87539

Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800

Exception code: 0xc0000005

Fault offset: 0x00000000000a0af0

Faulting process id: 0x2688

Faulting application start time: 0x01da8b5e45717f88

Faulting application path: C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6\DesktopExtension\HPPrintScanDoctorExt.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: f920fdb3-fa81-45f0-a108-ba77aea025f4

Faulting package full name: AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6

Faulting package-relative application ID: AD2F1837.HPPrinterControl

 

Error: (04/09/2024 11:54:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddWin32ServiceFiles: Unable to back up image of service Bonjour Service since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

.

 

Error: (04/09/2024 11:54:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddWin32ServiceFiles: Unable to back up image of service Bonjour Service since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified.

.

 

Error: (04/08/2024 04:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TCUI-App.exe, version: 19.87.2403.13001, time stamp: 0x65f1d80d

Faulting module name: KERNELBASE.dll, version: 10.0.19041.3996, time stamp: 0xb756c9ff

Exception code: 0xc000027b

Fault offset: 0x000000000012d952

Faulting process id: 0x13a4

Faulting application start time: 0x01da89fb3c6d3f49

Faulting application path: C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\TCUI-App.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: 3dcec1cb-3a43-4807-a93e-bae49fd2f11c

Faulting package full name: Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.GamingServices

 

Error: (04/08/2024 02:14:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamtray.exe, version: 4.0.0.1750, time stamp: 0x65d75d57

Faulting module name: Qt5Core.dll, version: 5.15.8.0, time stamp: 0x620c5b61

Exception code: 0xc0000005

Fault offset: 0x0000000000245d71

Faulting process id: 0x23e4

Faulting application start time: 0x01da87d90aca4632

Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll

Report Id: ea69e192-41f5-4bea-8085-5f602846ac1c

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/06/2024 03:22:40 AM) (Source: MsiInstaller) (EventID: 11920) (User: BLUEZ9020)

Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.

 

Error: (04/06/2024 03:21:51 AM) (Source: MsiInstaller) (EventID: 11920) (User: BLUEZ9020)

Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.

 

 

System errors:

=============

Error: (04/09/2024 04:48:18 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: Event-ID 10010

 

Error: (04/09/2024 04:40:39 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: Event-ID 10010

 

Error: (04/09/2024 03:53:36 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: Event-ID 10010

 

Error: (04/09/2024 03:51:07 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: Event-ID 10010

 

Error: (04/09/2024 11:48:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/08/2024 06:42:18 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: Event-ID 10010

 

Error: (04/08/2024 04:25:24 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: Event-ID 10010

 

Error: (04/08/2024 03:55:31 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: Event-ID 10010

 

Error: (04/06/2024 07:06:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NBLGGGZM6WM-ROBLOXCORPORATION.ROBLOX.

 

Error: (04/06/2024 09:59:18 AM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: Event-ID 10010

 

 

Windows Defender:

================

Date: 2024-04-09 10:59:58

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-08 14:20:31

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-07 12:43:16

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-06 08:31:42

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-05 11:49:41

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/DisplayDriverUninstaller&threatid=312040&enterprise=0

Name: PUABundler:Win32/DisplayDriverUninstaller

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\nc2un\Downloads\DDU-v17.0.6.6.zip; webfile:_C:\Users\nc2un\Downloads\DDU-v17.0.6.6.zip|https://download.bleepingcomputer.com/dl/34f2593a0bead9d6c93944035b8365dc/66101eb9/windows/utilities/driver-utilities/d/display-driver-uninstaller/DDU-v17.0.6.6.zip|pid:2624,ProcessStart:133568061128103712

Detection Origin: Internet

Detection Type: FastPath

Detection Source: Downloads and attachments

Process Name: C:\Windows\explorer.exe

Security intelligence Version: AV: 1.409.55.0, AS: 1.409.55.0, NIS: 1.409.55.0

Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4



CodeIntegrity Errors:

====================

Date: 2024-04-10 16:34:08

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

 

Date: 2024-04-10 16:29:12

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

 

=========================== Installed Programs ============================

 

EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.166.0.5679 - Electronic Arts) Hidden

EA app (HKLM-x32\...\{df861f89-e998-47ba-bfff-9354af4d3751}) (Version: 13.166.0.5679 - Electronic Arts)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.106 - Google LLC)

HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 8.00 - Martin Malik, REALiX s.r.o.)

Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)

Malwarebytes version 4.6.11.320 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.11.320 - Malwarebytes)

Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.243.1.1 - Overwolf Ltd.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)

Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.105.345.1020 - Electronic Arts Inc.)

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)

 

Packages:

=========

HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2024-04-03] (Microsoft Corporation)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-04-10] (HP Inc.)

Microsoft Copilot -> C:\Program Files\WindowsApps\microsoft.windows.ai.copilot.provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-31] (ms-resource:PublisherDisplayName)

Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21001.0_x64__8wekyb3d8bbwe [2024-04-03] (Microsoft Corporation) [Startup Task]

Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.403.300_x64__8wekyb3d8bbwe [2024-04-10] (Microsoft Corporation)

Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.153.0_x64__pwbj9vvecjh7j [2024-03-29] (Amazon Development Centre (London) Ltd)

WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\microsoft.windowsappruntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)

WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\microsoft.windowsappruntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)

WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)

WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)

WindowsAppRuntime.1.4 -> C:\Program Files\WindowsApps\microsoft.windowsappruntime.1.4_4000.1136.2333.0_x64__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)

WindowsAppRuntime.1.4 -> C:\Program Files\WindowsApps\microsoft.windowsappruntime.1.4_4000.1136.2333.0_x86__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)

 

========================= Devices: ================================

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0C02\1

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0C02\2

 

Name: Officejet Pro 8600 [CEF74F]

Description: Officejet Pro 8600 [CEF74F]

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service: 

Device ID: SWD\IPP\1C852A4D-B800-1F08-ABCD-A0D3C1CEF74F

 

Name: Microsoft Print to PDF

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service: 

Device ID: SWD\PRINTENUM\{295F4838-E302-442A-937C-E50E60529F1F}

 

Name: Intel® 8 Series/C220 Series USB EHCI #1 - 8C26

Description: Intel® 8 Series/C220 Series USB EHCI #1 - 8C26

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Intel

Service: usbehci

Device ID: PCI\VEN_8086&DEV_8C26&SUBSYS_05A41028&REV_04\3&11583659&0&E8

 

Name: Root Print Queue

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service: 

Device ID: SWD\PRINTENUM\PRINTQUEUES

 

Name: HP 2009 Series Wide LCD Monitor

Description: HP 2009 Series Wide LCD Monitor

Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: monitor

Device ID: DISPLAY\HWP2827\4&2CBCB734&0&UID65793

 

Name: Numeric data processor

Description: Numeric data processor

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0C04\4&1E4CCCD9&0

 

Name: PLDS DVD+-RW DS-8ABSH

Description: CD-ROM Drive

Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard CD-ROM drives)

Service: cdrom

Device ID: SCSI\CDROM&VEN_PLDS&PROD_DVD+-RW_DS-8ABSH\4&38668A08&0&000100

 

Name: Generic USB Hub

Description: Generic USB Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Generic USB Hub)

Service: usbhub

Device ID: USB\VID_8087&PID_8008\5&2F9E4607&0&1

 

Name: Volume Manager

Description: Volume Manager

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: volmgr

Device ID: ROOT\VOLMGR\0000

 

Name: HPA6F249 (HP Officejet Pro 8600)

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: HP

Service: 

Device ID: SWD\DAFWSDPROVIDER\URN:UUID:1C852A4D-B800-1F08-ABCD-A0D3C1CEF74F/HTTP://WWW.HP.COM/SCHEMAS/IMAGING/CON/LEDM/DISCOVERYTREE/2007/07/01

 

Name: Wi-Fi

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service: 

Device ID: SWD\RADIO\{12702B3B-5FF4-4A6C-8B39-488572BD8591}

 

Name: Fax

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service: 

Device ID: SWD\PRINTENUM\{FDC13B97-7C4E-43A9-8901-16AC15C4670E}

 

Name: WAN Miniport (PPPOE)

Description: WAN Miniport (PPPOE)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: RasPppoe

Device ID: SWD\MSRRAS\MS_PPPOEMINIPORT

 

Name: Microsoft Basic Display Driver

Description: Microsoft Basic Display Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard display types)

Service: BasicDisplay

Device ID: ROOT\BASICDISPLAY\0000

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{99C24B5C-EDA8-11EE-84AC-806E6F6E6963}#0000000000100000

 

Name: ACPI Thermal Zone

Description: ACPI Thermal Zone

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\THERMALZONE\TZ00

 

Name: ACPI Thermal Zone

Description: ACPI Thermal Zone

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\THERMALZONE\TZ01

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Device ID: USB\VID_1EA7&PID_0064\5&2191CFCA&0&8

 

Name: Microsoft RRAS Root Enumerator

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service: 

Device ID: SWD\MSRRAS\{5E259276-BC7E-40E3-B93B-8F89B5F3ABC0}

 

Name: Microsoft Windows Management Interface for ACPI

Description: Microsoft Windows Management Interface for ACPI

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: WmiAcpi

Device ID: ACPI\PNP0C14\0

 

Name: Legacy device

Description: Legacy device

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: 

Device ID: ACPI\INT0800\4&1E4CCCD9&0

 

Name: WAN Miniport (PPTP)

Description: WAN Miniport (PPTP)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: PptpMiniport

Device ID: SWD\MSRRAS\MS_PPTPMINIPORT

 

Name: OneNote for Windows 10

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service: 

Device ID: SWD\PRINTENUM\{082CA2FC-F4C0-4DE7-ABC8-70EC1E63BD62}

 

Name: Microsoft Hyper-V Virtualization Infrastructure Driver

Description: Microsoft Hyper-V Virtualization Infrastructure Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: Vid

Device ID: ROOT\VID\0000

 

Name: HID-compliant vendor-defined device

Description: HID-compliant vendor-defined device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: 

Device ID: HID\VID_1EA7&PID_0064&COL01\6&16BD2A5A&0&0000

 

Name: High precision event timer

Description: High precision event timer

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0103\0

 

Name: OneNote for Windows 10

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service: 

Device ID: SWD\PRINTENUM\{511573F4-A1F6-4A86-BC4B-CFBC35C598F6}

 

Name: WAN Miniport (IKEv2)

Description: WAN Miniport (IKEv2)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: RasAgileVpn

Device ID: SWD\MSRRAS\MS_AGILEVPNMINIPORT

 

Name: Composite Bus Enumerator

Description: Composite Bus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: CompositeBus

Device ID: ROOT\COMPOSITEBUS\0000

 

Name: Microsoft Virtual Drive Enumerator

Description: Microsoft Virtual Drive Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vdrvroot

Device ID: ROOT\VDRVROOT\0000

 

Name: HPA6F249 (HP Officejet Pro 8600)

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: HP

Service: 

Device ID: SWD\DAFWSDPROVIDER\URN:UUID:1C852A4D-B800-1F08-ABCD-A0D3C1CEF74F

 

Name: Microsoft Storage Spaces Controller

Description: Microsoft Storage Spaces Controller

Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: spaceport

Device ID: ROOT\SPACEPORT\0000

 

Name: High Definition Audio Controller

Description: High Definition Audio Controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: HDAudBus

Device ID: PCI\VEN_8086&DEV_8C20&SUBSYS_05A41028&REV_04\3&11583659&0&D8

 

Name: HP Officejet Pro 8600 Class Driver

Description: HP Officejet Pro 8600 Class Driver

Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Device ID: SWD\PRINTENUM\WSD-0E1E51B7-7DA1-414F-BDA6-C63D09972C18

 

Name: Intel® Active Management Technology - SOL (COM3)

Description: Intel® Active Management Technology - SOL

Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: Serial

Device ID: PCI\VEN_8086&DEV_8C3D&SUBSYS_05A41028&REV_04\3&11583659&0&B3

 

Name: Communications Port (COM1)

Description: Communications Port

Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard port types)

Service: Serial

Device ID: ACPI\PNP0501\1

 

Name: Microsoft Kernel Debug Network Adapter

Description: Microsoft Kernel Debug Network Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: kdnic

Device ID: ROOT\KDNIC\0000

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT5

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT6

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT7

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT8

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT9

 

Name: System timer

Description: System timer

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0100\4&1E4CCCD9&0

 

Name: Intel® USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)

Description: USB xHCI Compliant Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Generic USB xHCI Host Controller

Service: USBXHCI

Device ID: PCI\VEN_8086&DEV_8C31&SUBSYS_05A41028&REV_04\3&11583659&0&A0

 

Name: Intel® Q87 LPC Controller - 8C4E

Description: Intel® Q87 LPC Controller - 8C4E

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: INTEL

Service: msisadrv

Device ID: PCI\VEN_8086&DEV_8C4E&SUBSYS_05A41028&REV_04\3&11583659&0&F8

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{99C24B5C-EDA8-11EE-84AC-806E6F6E6963}#0000000007500000

 

Name: Intel® HD Graphics 4600

Description: Intel® HD Graphics 4600

Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel Corporation

Service: igfx

Device ID: PCI\VEN_8086&DEV_0412&SUBSYS_05A41028&REV_06\3&11583659&0&10

 

Name: DBUtilDrv2 Device

Description: DBUtilDrv2 Device

Class Guid: {e0def58b-33e8-4ff0-a75d-f20e1f68e5d7}

Manufacturer: Dell Technologies

Service: DBUtilDrv2

Device ID: ROOT\DELLUTILS\0000

 

Name: Intel® Management Engine Interface 

Description: Intel® Management Engine Interface 

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: MEIx64

Device ID: PCI\VEN_8086&DEV_8C3A&SUBSYS_05A41028&REV_04\3&11583659&0&B0

 

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: PCI\VEN_8086&DEV_0C00&SUBSYS_05A41028&REV_06\3&11583659&0&00

 

Name: UMBus Root Bus Enumerator

Description: UMBus Root Bus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: umbus

Device ID: ROOT\UMBUS\0000

 

Name: HID-compliant mouse

Description: HID-compliant mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: mouhid

Device ID: HID\VID_1EA7&PID_0064&COL02\6&16BD2A5A&0&0001

 

Name: Intel Chipset SATA RAID Controller

Description: Intel Chipset SATA RAID Controller

Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel Corporation

Service: iaStorAVC

Device ID: PCI\VEN_8086&DEV_2822&SUBSYS_05A41028&REV_04\3&11583659&0&FA

 

Name: Microsoft Radio Device Enumeration Bus

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service: 

Device ID: SWD\RADIO\{3DB5895D-CC28-44B3-AD3D-6F01A782B8D2}

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT10

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT11

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT12

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT13

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT14

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT15

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT16

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT17

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT18

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT19

 

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service: 

Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT20

 

Name: Intel® Ethernet Connection I217-LM

Description: Intel® Ethernet Connection I217-LM

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: e1dexpress

Device ID: PCI\VEN_8086&DEV_153A&SUBSYS_05A41028&REV_04\3&11583659&0&C8

 

Name: Microsoft Device Association Root Enumerator

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service: 

Device ID: SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}

 

Name: ACPI x64-based PC

Description: ACPI x64-based PC

Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard computers)

Service: \Driver\ACPI_HAL

Device ID: ROOT\ACPI_HAL\0000

 

Name: WAN Miniport (Network Monitor)

Description: WAN Miniport (Network Monitor)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisWan

Device ID: SWD\MSRRAS\MS_NDISWANBH

 

Name: WAN Miniport (IP)

Description: WAN Miniport (IP)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisWan

Device ID: SWD\MSRRAS\MS_NDISWANIP

 

Name: PCI Express Root Complex

Description: PCI Express Root Complex

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Device ID: ACPI\PNP0A08\0

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{99C24B5C-EDA8-11EE-84AC-806E6F6E6963}#0000000006500000

 

Name: SAMSUNG MZ7LN256HCHP-000L7

Description: Disk drive

Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard disk drives)

Service: disk

Device ID: SCSI\DISK&VEN_SAMSUNG&PROD_MZ7LN256HCHP-000\4&38668A08&0&000000

 

Name: Realtek High Definition Audio

Description: Realtek High Definition Audio

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek

Service: IntcAzAudAddService

Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0280&SUBSYS_102805A4&REV_1000\4&A201051&0&0001

 

Name: Intel® 8 Series/C220 Series SMBus Controller - 8C22

Description: Intel® 8 Series/C220 Series SMBus Controller - 8C22

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: INTEL

Service: 

Device ID: PCI\VEN_8086&DEV_8C22&SUBSYS_05A41028&REV_04\3&11583659&0&FB

 

Name: HPA6F249 (HP Officejet Pro 8600)

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: HP

Service: 

Device ID: SWD\PRINTENUM\{BB2E484C-F9C4-4712-A275-EC4511A734AC}

 

Name: Microsoft ACPI-Compliant System

Description: Microsoft ACPI-Compliant System

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: ACPI

Device ID: ACPI_HAL\PNP0C08\0

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Device ID: HTREE\ROOT\0

 

Name: Microsoft Basic Render Driver

Description: Microsoft Basic Render Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: BasicRender

Device ID: ROOT\BASICRENDER\0000

 

Name: Trusted Platform Module 1.2

Description: Trusted Platform Module 1.2

Class Guid: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}

Manufacturer: (Standard)

Service: TPM

Device ID: ACPI\PNP0C31\1

 

Name: WAN Miniport (SSTP)

Description: WAN Miniport (SSTP)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: RasSstp

Device ID: SWD\MSRRAS\MS_SSTPMINIPORT

 

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Device ID: USB\ROOT_HUB20\4&18851AC7&0

 

Name: Volume

Description: Volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volume

Device ID: STORAGE\VOLUME\{99C24B5C-EDA8-11EE-84AC-806E6F6E6963}#0000003B7C300000

 

Name: ACPI Fixed Feature Button

Description: ACPI Fixed Feature Button

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&0

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0C02\10

 

Name: HID Keyboard Device

Description: HID Keyboard Device

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard keyboards)

Service: kbdhid

Device ID: HID\VID_413C&PID_2003\6&394249AC&0&0000

 

Name: Microsoft Wi-Fi Direct Virtual Adapter

Description: Microsoft Wi-Fi Direct Virtual Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\6&5AC7249&0&11

 

Name: Microsoft Wi-Fi Direct Virtual Adapter #2

Description: Microsoft Wi-Fi Direct Virtual Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\6&5AC7249&0&12

 

Name: System CMOS/real time clock

Description: System CMOS/real time clock

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0B00\4&1E4CCCD9&0

 

Name: Xvdd SCSI Miniport

Description: Xvdd SCSI Miniport

Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}

Manufacturer: Xbox

Service: Xvdd

Device ID: SWD\XVDDENUM\XVDDROOTDEVICE_INSTANCE

 

Name: Microsoft GS Wavetable Synth

Description: Generic software device

Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}

Manufacturer: Microsoft

Service: 

Device ID: SWD\MMDEVAPI\MICROSOFTGSWAVETABLESYNTH

 

Name: ACPI Power Button

Description: ACPI Power Button

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0C0C\AA

 

Name: Programmable interrupt controller

Description: Programmable interrupt controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0000\4&1E4CCCD9&0

 

Name: Generic USB Hub

Description: Generic USB Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Generic USB Hub)

Service: usbhub

Device ID: USB\VID_8087&PID_8000\5&1E930CCD&0&1

 

Name: NDIS Virtual Network Adapter Enumerator

Description: NDIS Virtual Network Adapter Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisVirtualBus

Device ID: ROOT\NDISVIRTUALBUS\0000

 

Name: HPA6F249 (HP Officejet Pro 8600)

Description: WSD Print Device

Class Guid: {c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}

Manufacturer: HP

Service: WSDPrintDevice

Device ID: SWD\DAFWSDPROVIDER\URN:UUID:1C852A4D-B800-1F08-ABCD-A0D3C1CEF74F/HTTP://1C852A4D-B800-1F08-ABCD-A0D3C1CEF74F/PRINTSERVICE

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\INT3F0D\4&1E4CCCD9&0

 

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Device ID: USB\ROOT_HUB20\4&2F9E09DE&0

 

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0C02\111

 

Name: Speakers / Headphones (Realtek High Definition Audio)

Description: Audio Endpoint

Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}

Manufacturer: Microsoft

Service: 

Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{CB806AA4-327D-40BB-A335-70CBD6BFD65C}

 

Name: Direct memory access controller

Description: Direct memory access controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: 

Device ID: ACPI\PNP0200\4&1E4CCCD9&0

 

Name: Intel® 8 Series/C220 Series USB EHCI #2 - 8C2D

Description: Intel® 8 Series/C220 Series USB EHCI #2 - 8C2D

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Intel

Service: usbehci

Device ID: PCI\VEN_8086&DEV_8C2D&SUBSYS_05A41028&REV_04\3&11583659&0&D0

 

Name: Microsoft XPS Document Writer

Description: Local Print Queue

Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}

Manufacturer: Microsoft

Service: 

Device ID: SWD\PRINTENUM\{A167EF39-495B-47F5-B688-33CAA331941B}

 

Name: Intel® Core™ i5-4590 CPU @ 3.30GHz

Description: Intel Processor

Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}

Manufacturer: Intel

Service: intelppm

Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4590_CPU_@_3.30GHZ\_1

 

Name: Intel® Core™ i5-4590 CPU @ 3.30GHz

Description: Intel Processor

Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}

Manufacturer: Intel

Service: intelppm

Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4590_CPU_@_3.30GHZ\_2

 

Name: Intel® Core™ i5-4590 CPU @ 3.30GHz

Description: Intel Processor

Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}

Manufacturer: Intel

Service: intelppm

Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4590_CPU_@_3.30GHZ\_3

 

Name: Intel® Core™ i5-4590 CPU @ 3.30GHz

Description: Intel Processor

Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}

Manufacturer: Intel

Service: intelppm

Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4590_CPU_@_3.30GHZ\_4

 

Name: Microsoft System Management BIOS Driver

Description: Microsoft System Management BIOS Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: mssmbios

Device ID: ROOT\MSSMBIOS\0000

 

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Device ID: USB\VID_413C&PID_2003\5&2191CFCA&0&4

 

Name: Plug and Play Software Device Enumerator

Description: Plug and Play Software Device Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: swenum

Device ID: ROOT\SYSTEM\0000

 

Name: Realtek 8811CU Wireless LAN 802.11ac USB NIC

Description: Realtek 8811CU Wireless LAN 802.11ac USB NIC

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek Semiconductor Corp.

Service: RtlWlanu

Device ID: USB\VID_0BDA&PID_C811\123456

 

Name: USB Root Hub (USB 3.0)

Description: USB Root Hub (USB 3.0)

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB HUBs)

Service: USBHUB3

Device ID: USB\ROOT_HUB30\4&36E5125B&0&0

 

Name: Remote Desktop Device Redirector Bus

Description: Remote Desktop Device Redirector Bus

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: rdpbus

Device ID: ROOT\RDPBUS\0000

 

Name: WAN Miniport (IPv6)

Description: WAN Miniport (IPv6)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisWan

Device ID: SWD\MSRRAS\MS_NDISWANIPV6

 

Name: WAN Miniport (L2TP)

Description: WAN Miniport (L2TP)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: Rasl2tp

Device ID: SWD\MSRRAS\MS_L2TPMINIPORT

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 29%

Total physical RAM: 16292.2 MB

Available physical RAM: 11409.76 MB

Total Virtual: 17316.2 MB

Available Virtual: 12677.02 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:237.83 GB) (Free:89.27 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\BLUEZ9020

 

Administrator            DefaultAccount           Guest                    

Jade1                    keyer_z86jbid            nc2un                    

WDAGUtilityAccount       

 

 

**** End of log ****

 

===============================================================================================

 

And the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024

Ran by nc2un (administrator) on BLUEZ9020 (Dell Inc. OptiPlex 9020) (10-04-2024 16:48:10)

Running from C:\Users\nc2un\Desktop\FRST64 (1).exe

Loaded Profiles: nc2un

Platform: Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe

(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe

(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21001.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>

(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\Speccy\Speccy64.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1203856 2017-06-26] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1790472 2024-04-04] (Overwolf Ltd -> Overwolf Ltd.)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\...\Run: [MicrosoftEdgeAutoLaunch_C1B12DAC5AAC1C54BB94C8721EB7C639] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2735208 2024-04-02] (Electronic Arts, Inc. -> Electronic Arts)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1008\...\Run: [MicrosoftEdgeAutoLaunch_00A91C241DD5E35E00006D7BD28FE8EA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe [2024-04-04] (Google LLC -> Google LLC)

 

==================== Scheduled Tasks (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {F9AD9235-1D24-40D4-A961-258B4FCDBC01} - System32\Tasks\GoogleUpdateTaskMachineCore{008A7899-0CE7-495B-A689-8A98ABC335A1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-03-29] (Google LLC -> Google LLC)

Task: {0A3FAC08-2E69-4CCA-BFD5-E672EC501CEF} - System32\Tasks\GoogleUpdateTaskMachineUA{BC80E2C5-622E-4EE7-8620-EC3831DE40B0} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-03-29] (Google LLC -> Google LLC)

Task: {02906E85-B0FA-4ECD-83CF-D86E32A6B077} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel® Trust Services -> Intel® Corporation)

Task: {6E201403-5389-4C6F-B3C9-47B8B5DC9EB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {2CC3577D-8D37-427E-8D6F-38BA01C59E6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {2026938B-5C19-46A8-B704-028FEBAA2186} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {B55D1C64-8CC5-438A-BCFB-996062A41F48} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {76F1C9C6-180B-4431-98EF-250DAD115295} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2886619696-1302744882-3861898303-1008 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)

Task: {9B0273EA-E4F0-4D03-BC90-CBA460CEAFCD} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2886619696-1302744882-3861898303-1008 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)

Task: {EA15B987-3F19-4F4D-8B43-4444162D9E1A} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2644488 2024-04-04] (Overwolf Ltd -> Overwolf LTD) -> C:\Program Files (x86)\Overwolf\/RunningFrom Schedule

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)

Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.4.1

Tcpip\..\Interfaces\{12702b3b-5ff4-4a6c-8b39-488572bd8591}: [DhcpNameServer] 192.168.4.1

Tcpip\..\Interfaces\{8d55b88a-f43b-4265-975d-ab918fad7ec1}: [DhcpNameServer] 192.168.4.1

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-10]

Edge HomePage: Default -> hxxps://www.bing.com/?homepage

Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}

Edge DefaultSearchKeyword: Default -> duckduckgo.com

Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list

Edge Extension: (LastPass: Free Password Manager) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2024-04-03]

Edge Extension: (Microsoft Defender Browser Protection) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2024-03-29]

Edge Extension: (Malwarebytes Browser Guard) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-04-10]

Edge Extension: (DuckDuckGo) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-03-29]

Edge Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-29]

Edge Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2024-03-29]

Edge Extension: (Edge relevant text changes) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-29]

 

Chrome: 

=======

CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default [2024-04-10]

CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-04]

CHR Extension: (0) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-10]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12200040 2024-04-02] (Electronic Arts, Inc. -> Electronic Arts)

R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-04-10] (HP Inc. -> HP Inc.)

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-03-29] (Malwarebytes Inc. -> Malwarebytes)

S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2644488 2024-04-04] (Overwolf Ltd -> Overwolf LTD)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleKIS; C:\WINDOWS\System32\drivers\AppleKIS.sys [68032 2023-11-20] (Apple Inc. -> Apple Inc.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-11-20] (Apple Inc. -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-11-20] (Apple Inc. -> Apple Inc.)

S3 AppleRSM; C:\WINDOWS\System32\drivers\AppleRSM.sys [79704 2023-11-20] (Apple Inc. -> Apple Inc.)

R3 cpuz149; C:\Users\nc2un\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2024-04-10] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION

R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Dell)

S3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Dell)

S3 HWiNFO_191; C:\Users\nc2un\AppData\Local\Temp\HWiNFO64A_191.SYS [57936 2024-03-29] (Microsoft Windows Hardware Compatibility Publisher -> REALiX) <==== ATTENTION

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-03-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)

R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2024-04-10 16:47 - 2024-04-10 16:48 - 000013884 _____ C:\Users\nc2un\Desktop\FRST.txt

2024-04-10 16:47 - 2024-04-10 16:47 - 000032337 _____ C:\Users\nc2un\Desktop\Addition.txt

2024-04-10 16:30 - 2024-04-10 16:46 - 000041627 _____ C:\WINDOWS\SysWOW64\MTB.txt

2024-04-10 14:43 - 2024-04-10 14:44 - 002394112 _____ (Farbar) C:\Users\nc2un\Desktop\FRST64 (1).exe

2024-04-10 11:05 - 2024-04-10 11:05 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json

2024-04-10 11:04 - 2024-04-10 11:04 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json

2024-04-10 10:58 - 2024-04-10 10:58 - 000000000 ___HD C:\$WinREAgent

2024-04-10 10:47 - 2024-04-10 10:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

2024-04-10 10:46 - 2024-04-10 16:38 - 000000000 ____D C:\Users\nc2un\AppData\Local\CrashDumps

2024-04-10 08:01 - 2024-04-10 08:03 - 000084054 _____ C:\Users\keyer_z86jbid\Downloads\WEST TEXAS TRIBUNE.pdf

2024-04-10 07:03 - 2024-04-10 07:03 - 000044064 _____ C:\Users\keyer_z86jbid\Downloads\il_1140xN.5840910967_kv4o.avif

2024-04-10 07:01 - 2024-04-10 07:01 - 000045284 _____ C:\Users\keyer_z86jbid\Downloads\il_794xN.1998461350_h2wy.webp

2024-04-10 06:47 - 2024-04-10 06:47 - 000124380 _____ C:\Users\keyer_z86jbid\Downloads\R (1).jfif

2024-04-10 06:40 - 2024-04-10 06:40 - 000706022 _____ C:\Users\keyer_z86jbid\Downloads\R.jfif

2024-04-09 12:12 - 2024-04-09 12:12 - 000098093 _____ C:\Users\nc2un\Documents\Completely Clean Install of Windows 10 - MCT USB Method.pdf

2024-04-09 01:57 - 2024-04-09 01:57 - 000000672 _____ C:\Users\nc2un\Documents\CREDIT REPORT.txt

2024-04-09 01:53 - 2024-04-09 01:53 - 000000097 _____ C:\Users\nc2un\Desktop\Application for Assistance.url

2024-04-08 23:59 - 2024-04-08 23:59 - 001171863 _____ C:\Users\nc2un\Documents\DetailedBillSep2023

2024-04-08 16:25 - 2024-04-09 16:40 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\StardewValley

2024-04-08 16:25 - 2024-04-08 16:25 - 000000000 ____D C:\Users\Jade1\AppData\Local\GOG.com

2024-04-08 15:22 - 2024-04-08 15:22 - 000000199 _____ C:\Users\nc2un\Documents\apr Bills.txt

2024-04-08 14:14 - 2024-04-10 16:09 - 000000000 ____D C:\Users\Jade1\AppData\Local\CrashDumps

2024-04-08 13:48 - 2024-04-08 13:56 - 000015307 _____ C:\Users\nc2un\Downloads\MTB.txt

2024-04-08 13:47 - 2024-04-08 13:47 - 000956928 _____ (Farbar) C:\Users\nc2un\Downloads\MiniToolBox (1).exe

2024-04-06 07:58 - 2024-04-06 08:14 - 223437856 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Intel-HD-4000-and-5000-Series-Graphics-Driver_4KV26_WIN_20.19.15.5063_A08_03 (3).EXE

2024-04-06 03:25 - 2024-04-06 03:25 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Apple Inc

2024-04-06 03:24 - 2024-04-10 15:52 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Apple Computer

2024-04-06 03:24 - 2024-04-10 15:52 - 000000000 ____D C:\Users\nc2un\AppData\Local\Apple Computer

2024-04-06 03:22 - 2024-04-06 03:22 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Apple

2024-04-06 03:20 - 2024-04-06 03:20 - 134650184 _____ (Apple Inc.) C:\Users\keyer_z86jbid\Downloads\iTunes64Setup (2).exe

2024-04-06 03:17 - 2024-04-10 15:52 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Apple Computer

2024-04-06 03:17 - 2024-04-06 03:18 - 134650184 _____ (Apple Inc.) C:\Users\keyer_z86jbid\Downloads\iTunes64Setup (1).exe

2024-04-06 03:16 - 2024-04-06 03:16 - 000000000 ____D C:\Users\nc2un\AppData\Local\Apple

2024-04-06 03:16 - 2024-04-06 03:16 - 000000000 ____D C:\Program Files\Bonjour

2024-04-06 03:16 - 2024-04-06 03:16 - 000000000 ____D C:\Program Files (x86)\Bonjour

2024-04-06 03:15 - 2024-04-06 03:15 - 200998888 _____ (Apple Inc.) C:\Users\keyer_z86jbid\Downloads\iTunes64Setup.exe

2024-04-05 23:02 - 2024-04-05 23:02 - 000000000 ____D C:\Users\nc2un\AppData\Local\GlassWire

2024-04-05 11:41 - 2024-04-05 11:41 - 000000000 ____D C:\ProgramData\GlassWire

2024-04-05 11:14 - 2024-04-08 13:56 - 000000000 ____D C:\Users\nc2un\Documents\NC2U Logs Collections

2024-04-05 11:03 - 2024-04-05 11:37 - 000959488 _____ (Farbar) C:\Users\nc2un\Downloads\FSS.exe

2024-04-05 11:00 - 2024-04-05 11:01 - 306040584 _____ (Malwarebytes) C:\Users\nc2un\Downloads\MBSetup-076981.076981-5.1.1.106.exe

2024-04-05 10:59 - 2024-04-05 10:59 - 000956928 _____ (Farbar) C:\Users\nc2un\Downloads\MiniToolBox.exe

2024-04-05 10:56 - 2024-04-05 10:56 - 008791352 _____ (Malwarebytes) C:\Users\nc2un\Downloads\AdwCleaner.exe

2024-04-05 10:54 - 2024-04-05 10:54 - 040499088 _____ (SecureMix LLC) C:\Users\nc2un\Downloads\glasswire-setup-2.1.3167.exe

2024-04-05 10:37 - 2024-04-10 16:48 - 000000000 ____D C:\FRST

2024-04-05 10:36 - 2024-04-05 10:36 - 002393088 _____ (Farbar) C:\Users\nc2un\Downloads\FRST64.exe

2024-04-04 14:30 - 2024-04-04 14:30 - 183113960 _____ (Intel Corporation) C:\Users\nc2un\Downloads\win64_15407.4279.exe

2024-04-04 14:29 - 2024-04-04 14:29 - 000004066 _____ C:\Users\nc2un\Downloads\readme64.txt

2024-04-04 12:32 - 2024-04-04 12:33 - 000000000 ____D C:\Program Files\Speccy

2024-04-04 12:32 - 2024-04-04 12:32 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk

2024-04-04 12:31 - 2024-04-04 12:31 - 004421736 _____ (Piriform Software Ltd) C:\Users\nc2un\Downloads\spsetup132_pro (1).exe

2024-04-03 04:10 - 2024-04-03 04:10 - 000000189 _____ C:\Users\nc2un\Desktop\Dell OptiPlex 9020 Small Form Factor Owner's Manual - Dell US.url

2024-04-03 03:09 - 2024-04-03 03:09 - 000000000 ___RD C:\Users\nc2un\Documents\DellInc.DellSupportAssistforPCs_htrsf667h5kn2!App

2024-04-03 02:50 - 2024-04-03 02:50 - 000000000 ____D C:\Users\nc2un\AppData\Local\PeerDistRepub

2024-04-02 13:14 - 2024-04-02 13:14 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\OneDrive

2024-04-02 10:05 - 2024-04-02 10:05 - 000337875 _____ C:\Users\keyer_z86jbid\Downloads\Weekly-Pay-Stub-Template-TemplateLab.com_3.pdf

2024-04-02 10:03 - 2024-04-02 10:03 - 000337867 _____ C:\Users\keyer_z86jbid\Downloads\Weekly-Pay-Stub-Template-TemplateLab.com_2.pdf

2024-04-02 09:58 - 2024-04-02 09:58 - 000338127 _____ C:\Users\keyer_z86jbid\Downloads\Weekly-Pay-Stub-Template-TemplateLab.com_1.pdf

2024-04-02 09:41 - 2024-04-02 09:57 - 000338127 _____ C:\Users\keyer_z86jbid\Downloads\Weekly-Pay-Stub-Template-TemplateLab.com_.pdf

2024-04-02 09:40 - 2024-04-02 09:40 - 000522070 _____ C:\Users\keyer_z86jbid\Downloads\Waitress-Pay-Stub-Template-TemplateLab.com_.pdf

2024-04-02 07:56 - 2024-04-02 07:56 - 000084615 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_75627_formswift.com.jpeg

2024-04-02 07:56 - 2024-04-02 07:56 - 000060111 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_75656_formswift.com.jpeg

2024-04-02 07:50 - 2024-04-02 07:50 - 000087331 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_75015_formswift.com.jpeg

2024-04-02 07:47 - 2024-04-02 07:47 - 000143202 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_7473_formswift.com.jpeg

2024-04-02 07:47 - 2024-04-02 07:47 - 000087331 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_74743_formswift.com.jpeg

2024-04-02 07:46 - 2024-04-02 07:46 - 000143202 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_74654_formswift.com.jpeg

2024-04-02 07:33 - 2024-04-02 07:33 - 000142160 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_73330_formswift.com.jpeg

2024-04-02 07:33 - 2024-04-02 07:33 - 000060341 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_73355_formswift.com.jpeg

2024-04-02 07:06 - 2024-04-02 07:06 - 000070143 _____ C:\Users\keyer_z86jbid\Downloads\OIP.jfif

2024-04-02 07:01 - 2024-04-02 07:01 - 000220733 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_7121_formswift.com.jpeg

2024-04-02 07:00 - 2024-04-02 07:00 - 000220733 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_7033_formswift.com.jpeg

2024-04-01 13:54 - 2024-04-01 13:54 - 000000000 ____D C:\Users\Jade1\AppData\Local\Comms

2024-04-01 11:08 - 2024-04-01 11:08 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Backup

2024-03-31 16:46 - 2024-03-31 16:46 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Comms

2024-03-31 16:43 - 2024-03-31 16:43 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Spelling

2024-03-31 16:40 - 2024-03-31 16:40 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Origin

2024-03-31 16:40 - 2024-03-31 16:40 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Electronic Arts

2024-03-31 16:40 - 2024-03-31 16:40 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\EALaunchHelper

2024-03-31 16:40 - 2024-03-31 16:40 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\cache

2024-03-31 16:33 - 2024-04-09 14:13 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\PlaceholderTileLogoFolder

2024-03-31 16:32 - 2024-04-10 15:58 - 000003126 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2886619696-1302744882-3861898303-1008

2024-03-31 16:31 - 2024-04-10 15:58 - 000002922 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2886619696-1302744882-3861898303-1008

2024-03-31 16:31 - 2024-04-10 10:14 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Packages

2024-03-31 16:31 - 2024-04-07 19:57 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Malwarebytes

2024-03-31 16:31 - 2024-03-31 20:54 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\ConnectedDevicesPlatform

2024-03-31 16:31 - 2024-03-31 16:31 - 000000020 ___SH C:\Users\keyer_z86jbid\ntuser.ini

2024-03-31 16:31 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Network

2024-03-31 16:31 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\VirtualStore

2024-03-31 16:31 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Publishers

2024-03-31 16:31 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Google

2024-03-31 10:37 - 2024-03-31 10:37 - 005727416 _____ C:\Users\Jade1\Downloads\norton_private_browser_setup.exe

2024-03-31 09:24 - 2024-03-31 09:24 - 000000000 ____D C:\Users\Jade1\AppData\Local\EALaunchHelper

2024-03-30 20:33 - 2024-03-30 20:33 - 000019281 _____ C:\Users\Jade1\Downloads\[bobatrait] banana cas background.package

2024-03-30 18:52 - 2024-03-30 18:52 - 002140704 _____ (Overwolf Ltd.) C:\Users\Jade1\Downloads\CurseForge - Installer (2).exe

2024-03-30 18:48 - 2024-03-30 18:50 - 000185930 _____ C:\Users\Jade1\Downloads\EA DLC Unlocker v2.7z

2024-03-30 16:48 - 2024-03-30 16:48 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2024-03-30 16:46 - 2024-03-30 16:46 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2024-03-30 08:59 - 2024-03-30 08:59 - 000000000 ____D C:\Users\nc2un\AppData\Local\Backup

2024-03-30 08:58 - 2024-03-30 08:58 - 000000000 ____D C:\Users\Jade1\AppData\Local\Backup

2024-03-30 08:57 - 2024-04-05 13:19 - 000000000 ____D C:\Program Files (x86)\Overwolf

2024-03-30 08:57 - 2024-03-30 08:57 - 000004408 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task

2024-03-30 08:57 - 2024-03-30 08:57 - 000002321 _____ C:\Users\Jade1\Desktop\CurseForge.lnk

2024-03-30 08:57 - 2024-03-30 08:57 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2024-03-30 08:57 - 2024-03-30 08:57 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2024-03-30 08:57 - 2024-03-30 08:57 - 000000000 ____D C:\ProgramData\Overwolf

2024-03-30 08:56 - 2024-04-08 17:58 - 000000000 ____D C:\Users\Jade1\AppData\Local\Overwolf

2024-03-30 08:56 - 2024-04-03 01:04 - 000000000 ____D C:\Users\nc2un\AppData\Local\Overwolf

2024-03-30 08:56 - 2024-03-30 08:56 - 002140704 _____ (Overwolf Ltd.) C:\Users\Jade1\Downloads\CurseForge - Installer (1).exe

2024-03-30 08:50 - 2024-04-08 13:51 - 000000000 ____D C:\Users\Jade1\AppData\Local\Malwarebytes

2024-03-30 08:50 - 2024-03-30 08:50 - 000000000 ____D C:\Users\Jade1\AppData\Local\Google

2024-03-29 19:00 - 2024-04-06 03:19 - 000000000 ____D C:\WINDOWS\system32\appmgmt

2024-03-29 18:57 - 2024-03-29 18:57 - 000000000 _____ C:\WINDOWS\SysWOW64\wsmand.log.lock

2024-03-29 18:56 - 2024-03-29 18:56 - 000000000 ____D C:\Users\nc2un\AppData\Local\Google

2024-03-29 18:48 - 2024-03-29 18:48 - 000003738 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification

2024-03-29 18:48 - 2019-05-17 04:17 - 000002291 ____N C:\WINDOWS\system32\SetupBD.din

2024-03-29 18:47 - 2024-03-29 18:48 - 000000000 ____D C:\ProgramData\Intel

2024-03-29 18:47 - 2024-03-29 18:48 - 000000000 ____D C:\Program Files (x86)\Intel

2024-03-29 18:45 - 2024-03-29 18:45 - 000000000 _____ C:\WINDOWS\invcol.tmp

2024-03-29 18:35 - 2024-04-09 11:53 - 000000000 ____D C:\Program Files\Dell

2024-03-29 18:35 - 2024-04-05 11:45 - 000000000 ____D C:\ProgramData\Dell

2024-03-29 18:35 - 2024-04-05 11:45 - 000000000 ____D C:\Program Files (x86)\Dell

2024-03-29 18:35 - 2024-03-29 18:35 - 000000000 ____D C:\Program Files\dotnet

2024-03-29 17:37 - 2024-04-10 16:21 - 000000000 ____D C:\Users\nc2un\AppData\Local\Malwarebytes

2024-03-29 17:37 - 2024-03-29 17:37 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2024-03-29 17:37 - 2024-03-29 17:37 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2024-03-29 17:36 - 2024-04-10 16:47 - 000000000 ____D C:\Program Files (x86)\Google

2024-03-29 17:36 - 2024-04-04 19:47 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2024-03-29 17:36 - 2024-04-04 19:47 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2024-03-29 17:36 - 2024-03-29 18:48 - 000000000 ____D C:\Program Files\HWiNFO64

2024-03-29 17:36 - 2024-03-29 17:42 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{BC80E2C5-622E-4EE7-8620-EC3831DE40B0}

2024-03-29 17:36 - 2024-03-29 17:42 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{008A7899-0CE7-495B-A689-8A98ABC335A1}

2024-03-29 17:36 - 2024-03-29 17:36 - 000000000 ____D C:\ProgramData\Malwarebytes

2024-03-29 17:36 - 2024-03-29 17:36 - 000000000 ____D C:\Program Files\Malwarebytes

2024-03-29 17:36 - 2024-03-29 17:36 - 000000000 ____D C:\Program Files\Google

2024-03-29 09:57 - 2024-03-29 09:57 - 000000000 ____D C:\ProgramData\Origin

2024-03-29 09:51 - 2024-03-29 09:51 - 000000000 ____D C:\Users\Jade1\AppData\Local\PlaceholderTileLogoFolder

2024-03-29 09:50 - 2024-03-29 09:50 - 000000000 ____D C:\Users\Jade1\AppData\Local\OneDrive

2024-03-29 09:49 - 2024-03-29 10:00 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Spelling

2024-03-29 09:49 - 2024-03-29 09:49 - 000000000 ____D C:\Users\Jade1\AppData\Local\Origin

2024-03-29 09:49 - 2024-03-29 09:49 - 000000000 ____D C:\Users\Jade1\AppData\Local\Electronic Arts

2024-03-29 09:49 - 2024-03-29 09:49 - 000000000 ____D C:\Users\Jade1\AppData\Local\EADesktop

2024-03-29 09:49 - 2024-03-29 09:49 - 000000000 ____D C:\Users\Jade1\AppData\Local\cache

2024-03-29 09:48 - 2024-04-08 16:24 - 000000000 ____D C:\Users\Jade1\AppData\Local\Packages

2024-03-29 09:48 - 2024-03-30 08:50 - 000000000 ____D C:\Users\Jade1\AppData\Local\ConnectedDevicesPlatform

2024-03-29 09:48 - 2024-03-29 09:48 - 000000020 ___SH C:\Users\Jade1\ntuser.ini

2024-03-29 09:48 - 2024-03-29 09:48 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Network

2024-03-29 09:48 - 2024-03-29 09:48 - 000000000 ____D C:\Users\Jade1\AppData\Local\VirtualStore

2024-03-29 09:48 - 2024-03-29 09:48 - 000000000 ____D C:\Users\Jade1\AppData\Local\Publishers

2024-03-29 09:40 - 2024-03-29 09:40 - 000000000 ____D C:\ProgramData\PLUG

2024-03-29 09:18 - 2024-04-10 16:26 - 000000000 ____D C:\ProgramData\Apple Computer

2024-03-29 09:18 - 2024-04-10 10:38 - 000000000 ____D C:\ProgramData\Apple Inc

2024-03-29 09:18 - 2024-04-09 11:43 - 000000000 ____D C:\ProgramData\Apple

2024-03-29 09:16 - 2024-03-29 09:16 - 000000000 ____D C:\Program Files\RUXIM

2024-03-29 09:16 - 2024-03-29 09:16 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2024-03-29 09:15 - 2024-04-10 10:57 - 000000000 ____D C:\WINDOWS\system32\MRT

2024-03-29 09:03 - 2024-03-29 09:03 - 000000000 ____D C:\Users\nc2un\AppData\Local\EALaunchHelper

2024-03-29 08:59 - 2024-04-10 10:34 - 000000000 ____D C:\Users\nc2un\AppData\Local\ElevatedDiagnostics

2024-03-29 08:42 - 2024-03-29 08:42 - 000001377 _____ C:\Users\Public\Desktop\The Sims 4.lnk

2024-03-29 08:42 - 2024-03-29 08:42 - 000000000 ____D C:\ProgramData\Electronic Arts

2024-03-29 08:41 - 2024-03-29 08:41 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller

2024-03-29 08:41 - 2024-03-29 08:34 - 000447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll

2024-03-29 08:32 - 2024-04-09 11:53 - 000000000 ____D C:\ProgramData\Package Cache

2024-03-29 08:32 - 2024-04-02 13:26 - 000000000 ____D C:\ProgramData\EA Desktop

2024-03-29 08:32 - 2024-03-29 08:33 - 000000000 ____D C:\Users\nc2un\AppData\Local\Origin

2024-03-29 08:32 - 2024-03-29 08:33 - 000000000 ____D C:\Program Files\EA Games

2024-03-29 08:32 - 2024-03-29 08:32 - 000002138 _____ C:\Users\Public\Desktop\EA.lnk

2024-03-29 08:32 - 2024-03-29 08:32 - 000000000 ____D C:\Users\nc2un\AppData\Local\Electronic Arts

2024-03-29 08:32 - 2024-03-29 08:32 - 000000000 ____D C:\Users\nc2un\AppData\Local\EADesktop

2024-03-29 08:32 - 2024-03-29 08:32 - 000000000 ____D C:\Users\nc2un\AppData\Local\cache

2024-03-29 08:32 - 2024-03-29 08:32 - 000000000 ____D C:\Program Files\Electronic Arts

2024-03-29 08:31 - 2024-03-29 08:31 - 002458240 _____ (Electronic Arts) C:\Users\nc2un\Downloads\EAappInstaller.exe

2024-03-29 08:27 - 2024-03-29 08:27 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2024-03-29 08:27 - 2024-03-29 08:27 - 000000000 ____D C:\Users\nc2un\AppData\Local\VS Revo Group

2024-03-29 08:27 - 2024-03-29 08:27 - 000000000 ____D C:\ProgramData\VS Revo Group

2024-03-29 08:27 - 2024-03-29 08:27 - 000000000 ____D C:\Program Files\VS Revo Group

2024-03-29 08:10 - 2024-04-04 13:28 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\MMC

2024-03-29 07:48 - 2024-04-10 10:38 - 000000000 ____D C:\Users\nc2un\AppData\Local\D3DSCache

2024-03-29 06:44 - 2024-03-29 03:55 - 000000000 ____D C:\WINDOWS\Panther

2024-03-29 06:42 - 2024-03-29 06:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2024-03-29 06:42 - 2024-03-29 03:55 - 000000000 ____D C:\Windows.old

2024-03-29 06:41 - 2024-04-10 16:47 - 000000000 ____D C:\WINDOWS\SystemTemp

2024-03-29 06:41 - 2024-04-10 16:23 - 000000000 ____D C:\WINDOWS\InboxApps

2024-03-29 06:41 - 2024-03-29 06:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde

2024-03-29 06:41 - 2024-03-29 06:41 - 000000000 ____D C:\ProgramData\ssh

2024-03-29 06:30 - 2024-03-29 06:30 - 000008192 _____ C:\WINDOWS\system32\config\userdiff

2024-03-29 06:25 - 2024-03-29 06:25 - 000000000 ____D C:\Users\nc2un\AppData\Local\OneDrive

2024-03-29 06:14 - 2024-03-29 06:27 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Spelling

2024-03-29 06:12 - 2024-04-03 01:31 - 000000000 ____D C:\Users\nc2un\AppData\Local\Comms

2024-03-29 05:56 - 2024-04-08 23:21 - 000000000 ____D C:\Users\nc2un\AppData\Local\PlaceholderTileLogoFolder

2024-03-29 05:56 - 2024-03-29 05:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2024-03-29 05:55 - 2024-04-10 10:46 - 000000000 ____D C:\Users\nc2un\AppData\Local\Publishers

2024-03-29 05:55 - 2024-04-10 10:46 - 000000000 ____D C:\ProgramData\Packages

2024-03-29 05:54 - 2024-04-10 16:28 - 000000000 ____D C:\Users\nc2un\AppData\Local\Packages

2024-03-29 05:54 - 2024-04-03 01:09 - 000000000 ____D C:\Users\nc2un\AppData\Local\ConnectedDevicesPlatform

2024-03-29 05:54 - 2024-03-29 05:54 - 000000020 ___SH C:\Users\nc2un\ntuser.ini

2024-03-29 05:54 - 2024-03-29 05:54 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Network

2024-03-29 05:54 - 2024-03-29 05:54 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Adobe

2024-03-29 05:54 - 2024-03-29 05:54 - 000000000 ____D C:\Users\nc2un\AppData\Local\VirtualStore

2024-03-29 03:56 - 2024-04-10 16:29 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2024-03-29 03:51 - 2024-04-04 14:57 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{27F5E093-8A0C-4650-9BB2-AE86780AB3B1}

2024-03-29 03:51 - 2024-04-04 14:57 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{149F8DC8-3E66-43AD-9648-FD9C1DEE95FC}

2024-03-29 03:50 - 2024-04-10 16:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2024-03-29 03:50 - 2024-04-10 05:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2024-03-29 03:50 - 2024-03-29 03:50 - 000013922 _____ C:\Users\Jade1\Desktop\Removed Apps.html

2024-03-29 03:50 - 2024-03-29 03:50 - 000000000 ____D C:\Users\nc2un\Documents\FreshStart

2024-03-29 03:50 - 2024-03-29 03:50 - 000000000 ____D C:\Users\Jade1\Documents\FreshStart

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\SystemCertificates

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\IME

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Crypto

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\SystemCertificates

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Crypto

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\SystemCertificates

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Crypto

2024-03-29 03:48 - 2024-04-06 02:28 - 000002407 _____ C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2024-03-29 03:48 - 2024-04-03 03:45 - 000000000 ____D C:\Users\nc2un

2024-03-29 03:48 - 2024-04-02 12:49 - 000000000 ____D C:\Users\keyer_z86jbid

2024-03-29 03:48 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Windows

2024-03-29 03:48 - 2024-03-29 09:48 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Windows

2024-03-29 03:48 - 2024-03-29 09:48 - 000000000 ____D C:\Users\Jade1

2024-03-29 03:48 - 2024-03-29 05:54 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Windows

2024-03-29 03:46 - 2024-04-10 16:26 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2024-03-29 03:46 - 2024-03-29 18:48 - 000000000 ____D C:\Program Files\Intel

2024-03-29 03:46 - 2024-03-29 03:46 - 000561169 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat

2024-03-29 03:46 - 2024-03-29 03:46 - 000113697 _____ C:\WINDOWS\system32\Drivers\rtwavesvolpro.dat

2024-03-29 03:46 - 2024-03-29 03:46 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat

2024-03-29 03:46 - 2024-03-29 03:46 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat

2024-03-29 03:46 - 2024-03-29 03:46 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

2024-03-29 03:46 - 2024-03-29 03:46 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2024-03-29 03:46 - 2024-03-29 03:46 - 000000000 ____D C:\Program Files\Realtek

2024-03-29 03:46 - 2024-03-29 03:46 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin

2024-03-29 03:44 - 2024-04-10 16:23 - 000259496 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2024-03-29 03:44 - 2024-04-10 15:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2024-03-29 03:19 - 2024-03-29 03:50 - 000000000 ___HD C:\$SysReset

2024-03-29 00:44 - 2024-03-29 00:45 - 223437856 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Intel-HD-4000-and-5000-Series-Graphics-Driver_4KV26_WIN_20.19.15.5063_A08_03 (2).EXE

2024-03-29 00:17 - 2024-03-29 00:20 - 000000000 ____D C:\Users\nc2un\Documents\Outlook Files

2024-03-28 07:05 - 2024-03-28 07:05 - 000000000 ____D C:\Users\Public\Documents\Electronic Arts

2024-03-28 05:48 - 2024-03-28 05:48 - 000001400 _____ C:\Users\Jade1\Desktop - Shortcut.lnk

2024-03-28 02:58 - 2024-04-02 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA

2024-03-28 02:31 - 2024-03-28 02:31 - 002596472 _____ (Patch My PC, LLC) C:\Users\nc2un\Downloads\PatchMyPC.exe

2024-03-28 02:30 - 2024-03-29 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2024-03-28 02:30 - 2024-03-28 02:30 - 017726648 _____ (VS Revo Group ) C:\Users\nc2un\Downloads\RevoUninProSetup.exe

2024-03-28 01:52 - 2024-03-28 01:52 - 000142744 _____ C:\Users\nc2un\Downloads\vtuploader2.2.exe

2024-03-28 01:52 - 2024-03-28 01:52 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2

2024-03-28 01:00 - 2024-03-29 06:20 - 000000000 ____D C:\Users\nc2un\Documents\Tenant . Landlord

2024-03-27 16:44 - 2024-03-27 16:44 - 002140712 _____ (Overwolf Ltd.) C:\Users\Jade1\Downloads\CurseForge - Installer.exe

2024-03-27 16:29 - 2024-03-27 16:29 - 000002156 _____ C:\Users\Jade1\Desktop\EA.lnk

2024-03-27 15:32 - 2024-03-27 15:32 - 223437856 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Intel-HD-4000-and-5000-Series-Graphics-Driver_4KV26_WIN_20.19.15.5063_A08_03 (1).EXE

2024-03-27 11:05 - 2024-03-27 11:05 - 001362832 _____ () C:\Users\keyer_z86jbid\Downloads\free-pdf-creator.exe

2024-03-27 11:04 - 2024-03-27 11:04 - 047696672 _____ (Corel Corporation) C:\Users\keyer_z86jbid\Downloads\wzsus53 (2).exe

2024-03-27 11:04 - 2024-03-27 11:04 - 047696672 _____ (Corel Corporation) C:\Users\keyer_z86jbid\Downloads\wzsus53 (1).exe

2024-03-27 11:03 - 2024-03-27 11:03 - 047696672 _____ (Corel Corporation) C:\Users\keyer_z86jbid\Downloads\wzsus53.exe

2024-03-27 02:14 - 2024-03-27 02:14 - 000545857 _____ C:\Users\keyer_z86jbid\Downloads\Master your Mind - The Smart Read (2).epub

2024-03-27 02:04 - 2024-03-27 02:04 - 000545857 _____ C:\Users\keyer_z86jbid\Downloads\Master your Mind - The Smart Read (1).epub

2024-03-27 01:56 - 2024-03-27 01:56 - 000545857 _____ C:\Users\keyer_z86jbid\Downloads\Master your Mind - The Smart Read.epub

2024-03-26 23:54 - 2024-03-26 23:54 - 000060994 _____ C:\Users\keyer_z86jbid\Downloads\taxreturn (1).pdf

2024-03-26 23:47 - 2024-03-26 23:47 - 000139124 _____ C:\Users\keyer_z86jbid\Downloads\File_000.jpeg

2024-03-26 23:47 - 2024-03-26 23:47 - 000083554 _____ C:\Users\keyer_z86jbid\Downloads\2019TaxReturn (1).PDF

2024-03-26 23:45 - 2024-03-26 23:45 - 000109705 _____ C:\Users\keyer_z86jbid\Downloads\1.pdf

2024-03-26 11:59 - 2024-03-26 11:59 - 000771146 _____ C:\Users\keyer_z86jbid\Downloads\wellness-guidelines-adult-tx.pdf

2024-03-26 11:09 - 2024-03-26 11:09 - 000372740 _____ C:\Users\keyer_z86jbid\Downloads\bluecross id carx.pdf

2024-03-26 11:08 - 2024-03-26 11:08 - 000372740 _____ C:\Users\keyer_z86jbid\Downloads\ea5ddffe-5edf-4962-8f08-9a1be54a8986.pdf

2024-03-14 13:09 - 2024-03-14 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software

2024-03-14 13:09 - 2024-03-14 13:09 - 000000000 ____D C:\Temp

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2024-04-10 16:38 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2024-04-10 16:29 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF

2024-04-10 16:28 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps

2024-04-10 16:28 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2024-04-10 16:26 - 2024-02-11 01:05 - 000000000 __SHD C:\Users\nc2un\IntelGraphicsProfiles

2024-04-10 16:26 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2024-04-10 16:23 - 2024-02-11 02:57 - 000008192 ___SH C:\DumpStack.log.tmp

2024-04-10 16:23 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2024-04-10 16:23 - 2019-12-07 04:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI

2024-04-10 16:11 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

2024-04-10 11:07 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2024-04-10 10:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState

2024-04-10 10:39 - 2024-02-11 01:07 - 000000000 ___HD C:\OneDriveTemp

2024-04-10 06:19 - 2024-02-13 12:13 - 000000000 ___RD C:\Users\keyer_z86jbid\OneDrive

2024-04-10 05:14 - 2024-02-13 12:14 - 000000000 __SHD C:\Users\keyer_z86jbid\IntelGraphicsProfiles

2024-04-05 23:15 - 2024-02-12 20:52 - 000000000 __SHD C:\Users\Jade1\IntelGraphicsProfiles

2024-04-05 22:11 - 2024-02-11 02:57 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2024-04-05 22:11 - 2024-02-11 02:57 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2024-04-04 12:32 - 2024-02-13 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2024-04-03 03:08 - 2024-02-11 01:03 - 000000000 ___SD C:\Users\nc2un\AppData\Roaming\Microsoft\Protect

2024-04-03 02:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF

2024-04-03 01:09 - 2024-02-11 01:05 - 000000000 __RHD C:\Users\Public\AccountPictures

2024-04-01 19:51 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2024-03-31 16:31 - 2024-02-13 12:14 - 000000000 ___RD C:\Users\keyer_z86jbid\3D Objects

2024-03-30 08:53 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat

2024-03-29 17:37 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2024-03-29 17:36 - 2024-02-13 23:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64

2024-03-29 09:49 - 2024-02-12 20:52 - 000000000 ___RD C:\Users\Jade1\OneDrive

2024-03-29 09:48 - 2024-02-12 20:52 - 000000000 ___RD C:\Users\Jade1\3D Objects

2024-03-29 09:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2024-03-29 09:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2024-03-29 09:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE

2024-03-29 09:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX

2024-03-29 09:20 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing

2024-03-29 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV

2024-03-29 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT

2024-03-29 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE

2024-03-29 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX

2024-03-29 08:41 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2024-03-29 07:56 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender

2024-03-29 07:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2024-03-29 06:43 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template

2024-03-29 06:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2024-03-29 06:42 - 2024-02-11 05:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2024-03-29 06:41 - 2019-12-07 04:54 - 000000000 ___SD C:\WINDOWS\system32\AppV

2024-03-29 06:41 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2024-03-29 06:41 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2024-03-29 06:41 - 2019-12-07 04:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\F12

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemApps

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Keywords

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Com

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\IME

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\DiagTrack

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender

2024-03-29 06:40 - 2019-12-07 04:54 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll

2024-03-29 06:40 - 2019-12-07 04:54 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml

2024-03-29 06:40 - 2019-12-07 04:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2024-03-29 06:40 - 2019-12-07 04:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2024-03-29 05:56 - 2024-02-11 01:06 - 000000000 ___RD C:\Users\nc2un\OneDrive

2024-03-29 05:54 - 2024-02-11 01:05 - 000000000 ___RD C:\Users\nc2un\3D Objects

2024-03-29 03:56 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate

2024-03-29 03:55 - 2019-12-07 04:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2024-03-29 03:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool

2024-03-29 03:50 - 2024-02-28 18:10 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2024-03-28 06:02 - 2024-02-12 20:54 - 000000000 ___RD C:\Users\Jade1\Screenshots

2024-03-28 01:24 - 2024-02-12 08:37 - 000000000 ____D C:\Users\nc2un\Documents\LILAH SCHOOL

2024-03-27 14:06 - 2024-02-18 04:48 - 000000000 ____D C:\Tenorshare

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

 

 

 

and the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024

Ran by nc2un (10-04-2024 16:49:36)

Running from C:\Users\nc2un\Desktop

Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) (2024-03-29 08:55:47)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-2886619696-1302744882-3861898303-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2886619696-1302744882-3861898303-503 - Limited - Disabled)

Guest (S-1-5-21-2886619696-1302744882-3861898303-501 - Limited - Disabled)

Jade1 (S-1-5-21-2886619696-1302744882-3861898303-1002 - Limited - Enabled) => C:\Users\Jade1

keyer_z86jbid (S-1-5-21-2886619696-1302744882-3861898303-1008 - Limited - Enabled) => C:\Users\keyer_z86jbid

nc2un (S-1-5-21-2886619696-1302744882-3861898303-1001 - Administrator - Enabled) => C:\Users\nc2un

WDAGUtilityAccount (S-1-5-21-2886619696-1302744882-3861898303-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

CurseForge (HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.249.2.1 - Overwolf app)

EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.166.0.5679 - Electronic Arts) Hidden

EA app (HKLM-x32\...\{df861f89-e998-47ba-bfff-9354af4d3751}) (Version: 13.166.0.5679 - Electronic Arts)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.106 - Google LLC)

HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 8.00 - Martin Malik, REALiX s.r.o.)

Intel® Chipset Device Software (HKLM\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{212B25D1-7216-4140-B248-D24BA0F80029}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{81274252-3CCE-4ABF-91F0-811144288963}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{927853D5-9CCC-4ED8-9C64-113EB34E8728}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (HKLM\...\{F6AA7E43-41A4-4304-BA96-A495C5788231}) (Version: 1.45.447.1 - Intel Corporation) Hidden

Malwarebytes version 4.6.11.320 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.11.320 - Malwarebytes)

Microsoft .NET Host - 6.0.28 (x64) (HKLM\...\{CA84969C-64F9-4606-A998-E692A5DA9B9F}) (Version: 48.112.10439 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 6.0.28 (x64) (HKLM\...\{7C4254A1-17EE-4840-B9D3-7CA9B34C75CD}) (Version: 48.112.10439 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 6.0.28 (x64) (HKLM\...\{4BCC5DFD-5D10-4ACC-AAA9-8A1578A9F0C6}) (Version: 48.112.10439 - Microsoft Corporation) Hidden

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.65 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2886619696-1302744882-3861898303-1008\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)

Microsoft VC++ redistributables repacked. (HKLM\...\{93E32441-3402-439F-8EF7-8EC66D3B74CA}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft VC++ redistributables repacked. (HKLM-x32\...\{4ADC7996-3183-4E8D-8827-34E6558F5B83}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)

Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.28 (x64) (HKLM\...\{443A7BE8-E5BE-4514-BDAB-0A872E3E846B}) (Version: 48.112.10435 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.28 (x64) (HKLM-x32\...\{bd3c5800-9256-43b9-97a7-eb349fc38d78}) (Version: 6.0.28.33420 - Microsoft Corporation)

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.243.1.1 - Overwolf Ltd.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)

Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.105.345.1020 - Electronic Arts Inc.)

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)

 

Packages:

=========

 

HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2024-04-03] (Microsoft Corporation)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-04-10] (HP Inc.)

Microsoft Copilot -> C:\Program Files\WindowsApps\microsoft.windows.ai.copilot.provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-31] (Microsoft Corporation)

Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21001.0_x64__8wekyb3d8bbwe [2024-04-03] (Microsoft Corporation) [Startup Task]

Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.153.0_x64__pwbj9vvecjh7j [2024-03-29] (Amazon Development Centre (London) Ltd)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)

 

==================== Codecs (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2024-03-29] (Electronic Arts -> On2.com)

HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2024-03-29] (Electronic Arts -> On2.com)

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

==================== Alternate Data Streams (Whitelisted) ========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Jade1\Downloads\RecRoomSetup.exe:MBAM.Zone.Identifier [133]

AlternateDataStreams: C:\Users\nc2un\Downloads\hwi_772.exe:MBAM.Zone.Identifier [122]

AlternateDataStreams: C:\Users\nc2un\Downloads\spsetup132_pro.exe:MBAM.Zone.Identifier [360]

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg

HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jade1\Downloads\Screenshot_10-3-2024_183742_www.youtube.com.jpeg

HKU\S-1-5-21-2886619696-1302744882-3861898303-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\keyer_z86jbid\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Screenshot_20231203-001803.png

DNS Servers: 192.168.4.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKLM\...\StartupApproved\Run: => "RtHDVBg"

HKLM\...\StartupApproved\Run: => "RtHDVCpl"

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_186B36493624808C4C8AA94AFEF2776A"

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\StartupApproved\Run: => "EADM"

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\StartupApproved\Run: => "Overwolf"

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{C3F5A2F2-E052-4AEA-848A-D656D6DB236A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E470F2DD-62EA-45AE-B0C4-2BF791C1DB1A}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [{4298D075-82BE-4938-BFF4-5D8301195CA2}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [{53341709-1509-4C29-91BF-09D596168A91}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{1F198244-8C58-4509-9EE0-8945B68944AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{54360A56-E96C-4EEE-B23D-15EBBFAD9946}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{734C0CF3-AE37-47E4-A9CD-C7C80B546689}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{1FE73125-D7CC-4614-B16C-7E6D45D53A34}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe => No File

FirewallRules: [{D5B15308-E555-4161-93C8-ECF997F9757A}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe => No File

FirewallRules: [{7334DB5C-D2B7-476B-B63E-E90882F5A4B0}] => (Block) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe => No File

FirewallRules: [{17D4744E-4E8E-4E05-857A-6950A847A1A2}] => (Block) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe => No File

FirewallRules: [{632C7A9F-0BFF-4DB6-93CE-4ED4124AD51C}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{1FEA5E9A-E903-4AA1-B2AB-119131EA14DE}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{B34D0FB2-C727-4B83-B629-0E3A8D7F7D0C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{C7D21434-B9E3-4FA8-AA0D-8F94B75DBEC7}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{5CA3B1E6-23F5-4B24-A3BC-6F49E0DD0E34}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{0FD8DF03-B4B6-4208-AAED-7F2BDB2F3C23}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{F9B372AC-290F-4E49-8197-C4AA84B493D6}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{0BAE3476-FC4F-4999-BC08-D94FA6D03B59}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{4DB32C34-1605-4C9A-9F3B-C1551CF4CCBA}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{C3638A89-E213-4982-B757-148800FFF30D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{BDC039BD-A055-4086-A584-A9ED56EF8581}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{3C6CE58F-4772-4730-8595-B4ED2BCF4364}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{1C87F16A-18B7-4F58-AD7B-44745E68B367}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{E35CA5A0-03FA-4DF0-BE80-648A46194857}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{535DDC9F-65C7-46E2-A2BF-C81006CEF9CB}] => (Allow) c:\program files\itunes\itunes.exe => No File

FirewallRules: [{B51BDDE9-90D0-4649-B76E-CF70D0C3CDCC}] => (Allow) c:\program files\itunes\itunes.exe => No File

 

==================== Restore Points =========================

 

01-04-2024 15:36:39 Scheduled Checkpoint

03-04-2024 03:04:27 Dell Client Management Service

03-04-2024 03:15:36 Dell Client Management Service

05-04-2024 11:45:16 Dell SupportAssist OS Recovery Plugin for Dell Update

09-04-2024 11:48:53 Revo Uninstaller Pro's restore point - Apple Software Update

09-04-2024 11:54:18 Installed Apple Mobile Device Support

09-04-2024 11:54:38 Installed Apple Application Support (32-bit)

10-04-2024 10:57:59 Windows Modules Installer

10-04-2024 10:58:30 Windows Modules Installer

10-04-2024 10:59:40 Windows Modules Installer

10-04-2024 15:40:01 Revo Uninstaller Pro's restore point - iTunes

10-04-2024 15:43:08 Revo Uninstaller Pro's restore point - itunes

10-04-2024 15:47:34 Revo Uninstaller Pro's restore point - iTunes

10-04-2024 15:53:12 Revo Uninstaller Pro's restore point - Microsoft Pay

10-04-2024 16:20:12 Revo Uninstaller Pro's restore point - Patch My PC

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (04/10/2024 04:44:59 PM) (Source: Windows Search Service) (EventID: 1019) (User: )

Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2886619696-1302744882-3861898303-1001}/">.

 

Error: (04/10/2024 04:38:03 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x0cb7f68b

Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89

Exception code: 0xc0000409

Fault offset: 0x000000000007286e

Faulting process id: 0xa38

Faulting application start time: 0x01da8b8db6e214f0

Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Faulting module path: C:\WINDOWS\System32\ucrtbase.dll

Report Id: c70a4500-97d6-449f-90c3-3b1fe288000b

Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

 

Error: (04/10/2024 10:46:39 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HPPrintScanDoctorExt.exe, version: 6.0.0.0, time stamp: 0x65d87539

Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800

Exception code: 0xc0000409

Fault offset: 0x000000000007e72c

Faulting process id: 0x2688

Faulting application start time: 0x01da8b5e45717f88

Faulting application path: C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6\DesktopExtension\HPPrintScanDoctorExt.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: 491a1d14-7617-4175-8a87-887ec483b08f

Faulting package full name: AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6

Faulting package-relative application ID: AD2F1837.HPPrinterControl

 

Error: (04/10/2024 10:46:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HPPrintScanDoctorExt.exe, version: 6.0.0.0, time stamp: 0x65d87539

Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800

Exception code: 0xc0000005

Fault offset: 0x00000000000a0af0

Faulting process id: 0x2688

Faulting application start time: 0x01da8b5e45717f88

Faulting application path: C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6\DesktopExtension\HPPrintScanDoctorExt.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: f920fdb3-fa81-45f0-a108-ba77aea025f4

Faulting package full name: AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6

Faulting package-relative application ID: AD2F1837.HPPrinterControl

 

Error: (04/09/2024 11:54:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddWin32ServiceFiles: Unable to back up image of service Bonjour Service since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified..

 

Error: (04/09/2024 11:54:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddWin32ServiceFiles: Unable to back up image of service Bonjour Service since QueryServiceConfig API failed

 

System Error:

The system cannot find the file specified..

 

Error: (04/08/2024 04:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TCUI-App.exe, version: 19.87.2403.13001, time stamp: 0x65f1d80d

Faulting module name: KERNELBASE.dll, version: 10.0.19041.3996, time stamp: 0xb756c9ff

Exception code: 0xc000027b

Fault offset: 0x000000000012d952

Faulting process id: 0x13a4

Faulting application start time: 0x01da89fb3c6d3f49

Faulting application path: C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\TCUI-App.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: 3dcec1cb-3a43-4807-a93e-bae49fd2f11c

Faulting package full name: Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.GamingServices

 

Error: (04/08/2024 02:14:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamtray.exe, version: 4.0.0.1750, time stamp: 0x65d75d57

Faulting module name: Qt5Core.dll, version: 5.15.8.0, time stamp: 0x620c5b61

Exception code: 0xc0000005

Fault offset: 0x0000000000245d71

Faulting process id: 0x23e4

Faulting application start time: 0x01da87d90aca4632

Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll

Report Id: ea69e192-41f5-4bea-8085-5f602846ac1c

Faulting package full name: 

Faulting package-relative application ID:

 

 

System errors:

=============

Error: (04/10/2024 04:47:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error: 

Unable to access a key.

 

Error: (04/10/2024 04:47:33 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.

 

Error: (04/09/2024 04:48:18 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

 

Error: (04/09/2024 04:40:39 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

 

Error: (04/09/2024 03:53:36 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

 

Error: (04/09/2024 03:51:07 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

 

Error: (04/09/2024 11:48:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/08/2024 06:42:18 PM) (Source: DCOM) (EventID: 10010) (User: BLUEZ9020)

Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.

 

 

Windows Defender:

================

Date: 2024-04-09 10:59:58

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-08 14:20:31

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-07 12:43:16

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-06 08:31:42

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-05 11:49:41

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/DisplayDriverUninstaller&threatid=312040&enterprise=0

Name: PUABundler:Win32/DisplayDriverUninstaller

Severity: Low

Category: Potentially Unwanted Software

Path: file:_C:\Users\nc2un\Downloads\DDU-v17.0.6.6.zip; webfile:_C:\Users\nc2un\Downloads\DDU-v17.0.6.6.zip|https://download.bleepingcomputer.com/dl/34f2593a0bead9d6c93944035b8365dc/66101eb9/windows/utilities/driver-utilities/d/display-driver-uninstaller/DDU-v17.0.6.6.zip|pid:2624,ProcessStart:133568061128103712

Detection Origin: Internet

Detection Type: FastPath

Detection Source: Downloads and attachments

Process Name: C:\Windows\explorer.exe

Security intelligence Version: AV: 1.409.55.0, AS: 1.409.55.0, NIS: 1.409.55.0

Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4



CodeIntegrity:

===============

Date: 2024-04-10 16:49:09

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

Date: 2024-04-10 16:34:08

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

 

 

==================== Memory info =========================== 

 

BIOS: Dell Inc. A25 05/30/2019

Motherboard: Dell Inc. 00V62H

Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz

Percentage of memory in use: 35%

Total physical RAM: 16292.2 MB

Available physical RAM: 10542.87 MB

Total Virtual: 17316.2 MB

Available Virtual: 11707.14 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:237.83 GB) (Free:89.2 GB) (Model: SAMSUNG MZ7LN256HCHP-000L7) NTFS

 

\\?\Volume{b77585c5-ac9e-4172-85bb-190e3816186a}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS

\\?\Volume{7a8f27dd-982f-4a43-b065-f55d8986eb69}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: C6B8F3BE)

 

Partition: GPT.

 

==================== End of Addition.txt =======================

 

 

 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  •  Avatar image
  • Bots
  • 13,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 15 April 2024 - 05:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/796390 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Delusionz

Delusionz
  • Topic Starter

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 16 April 2024 - 06:28 PM




#4 Delusionz

Delusionz
  • Topic Starter

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 16 April 2024 - 06:47 PM

Original Windows CD is not available.

 

The Problems: 

    #1 was that the machine came to me as used, but with a new install of Windows 10 Pro, and 

it was functioning in a Legacy BIOS with no ability to switch to UEFI & Secure Boot. Switching

to UEFI and Secure Boot would not find a Drive to boot.

 

The solution was to switch BIOS into UEFI mode and upgrade with a Clean Insdtall of Windows 10 Pro 

from a bootable USB. Problem solved. (My problem was that I wanted all the security measures I 

could manage for an aging system.

'

All seemed well for a little while but the system slowed over time and my grandchild started playing

Sims 4 on my device when her laptop finally expired. She was not able to play the game on this device

though. The graphics were glitchy and she was heartbroken lol. I did some searching for a solution

and updated drivers at Dell. Windows used the same driver for the newer version though so it didn't help.

I then found another solution inside the game itself and she plays happily now.

 

When I updated drivers at Dell, I downloaded their Dell Support Assist app --- I should have known better. 

They are great for updating drivers or Diagnostics, but just putting the single app on your device leads to 

them inserting Dell This and Dell That onto your machine, and it seems that started another decline in performance

and speed.

 

I started noticing that the Ethernet was losing its connection... more and more frequently and now I am starting to

see more and more DNS and DHCP events in Event Viewer, as well as some events related to X-box related items (Broadcast DVR

and GameBar related events.

 

Problems with Windows Update, and with Defender being stopped before the scan is complete.

 

MDM error with something to do with Family Safety.

 

Its just getting thicker and thicker with errors that seem important.

 

Other problems: 

 

Intel® Ethernet Connection I217-LM

 Network link is disconnected.

 

LMS Event 2102 

Intel® ME Wireless LAN update unsuccessful, error 8193

 

Device Management Event 454

MDM ConfigurationManager: Command failure status. Configuraton 

Source ID: ({55962836-0AD9-4602-A80E-C493C32AD976}), 

Enrollment Type: (FamilySafety), CSP Name: (AppLocker), Command Type: (Clear: first phase of Delete), Result: (./Vendor/MSFT/AppLocker/FamilySafety/FamilySafetyGroup).

 

User Profile Service Event 1512

Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. 

 DETAIL - Access is denied.

 

Kernel Event Tracing Event 2

Session "Microsoft.Windows.WindowsUpdate.RUXIMLog" failed to start with the following error: 0xC0000035

 

Here is my Speccy: 

 

http://speccy.piriform.com/results/RdBO2vfLFb6iDebanRN2zXY

 

Here are FRST logs: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.04.2024

Ran by nc2un (administrator) on BLUEZ9020 (Dell Inc. OptiPlex 9020) (16-04-2024 18:32:35)

Running from C:\Users\nc2un\Desktop\FRST64.exe

Loaded Profiles: nc2un

Platform: Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(C:\Program Files (x86)\GlassWire\GWCtlSrv.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe

(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <3>

(explorer.exe ->) (A. & M. Neuber Software -> Neuber Software - www.neuber.com) C:\Program Files (x86)\Security Task Manager\SpyProtector.exe

(explorer.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19>

(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <3>

(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\Speccy\Speccy64.exe

(services.exe ->) (GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1203856 2017-06-26] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1790472 2024-04-04] (Overwolf Ltd -> Overwolf Ltd.)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [11675528 2024-01-25] (GlassWire -> SecureMix LLC)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\Run: [Spy Protector] => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [145280 2018-10-19] (A. & M. Neuber Software -> Neuber Software - www.neuber.com)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\...\Run: [MicrosoftEdgeAutoLaunch_C1B12DAC5AAC1C54BB94C8721EB7C639] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063800 2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2735720 2024-04-10] (Electronic Arts, Inc. -> Electronic Arts)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --profile-directory=Default --restore-last-session --restart [4063800 2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-2886619696-1302744882-3861898303-1008\...\Run: [MicrosoftEdgeAutoLaunch_00A91C241DD5E35E00006D7BD28FE8EA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063800 2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe [2024-04-15] (Google LLC -> Google LLC)

 

==================== Scheduled Tasks (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {F9AD9235-1D24-40D4-A961-258B4FCDBC01} - System32\Tasks\GoogleUpdateTaskMachineCore{008A7899-0CE7-495B-A689-8A98ABC335A1} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"  /c (No File)

Task: {0A3FAC08-2E69-4CCA-BFD5-E672EC501CEF} - System32\Tasks\GoogleUpdateTaskMachineUA{BC80E2C5-622E-4EE7-8620-EC3831DE40B0} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"  /ua /installsource scheduler (No File)

Task: {02906E85-B0FA-4ECD-83CF-D86E32A6B077} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel® Trust Services -> Intel® Corporation)

Task: {C2EF1D55-3A8C-4D99-844F-6063E3D69F6A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {4AC38595-F794-4C59-BD64-5ED158DAC416} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)

Task: {25E40994-D9CA-4F4C-BCDD-762D8530B63C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Task: {49CA13D8-2F3E-4D9D-984D-3CF2DE73EF35} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Task: {661AB698-E8F7-4D91-B649-596A9420B3C8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168488 2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Task: {6E201403-5389-4C6F-B3C9-47B8B5DC9EB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {2CC3577D-8D37-427E-8D6F-38BA01C59E6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {2026938B-5C19-46A8-B704-028FEBAA2186} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {B55D1C64-8CC5-438A-BCFB-996062A41F48} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {EA15B987-3F19-4F4D-8B43-4444162D9E1A} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2644488 2024-04-04] (Overwolf Ltd -> Overwolf LTD) -> C:\Program Files (x86)\Overwolf\/RunningFrom Schedule

Task: {B4C92E57-37E7-462A-A33C-A180DCDC4DFC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.4.1

Tcpip\..\Interfaces\{12702b3b-5ff4-4a6c-8b39-488572bd8591}: [DhcpNameServer] 192.168.4.1

Tcpip\..\Interfaces\{dd67b7a9-6981-42fb-96de-48e510f9cb12}: [DhcpNameServer] 192.168.4.1

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-16]

Edge HomePage: Default -> hxxps://www.bing.com/?homepage

Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}

Edge DefaultSearchKeyword: Default -> duckduckgo.com

Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list

Edge Extension: (LastPass: Free Password Manager) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2024-04-15]

Edge Extension: (Microsoft Defender Browser Protection) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2024-03-29]

Edge Extension: (Malwarebytes Browser Guard) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-04-10]

Edge Extension: (DuckDuckGo) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-03-29]

Edge Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-29]

Edge Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2024-03-29]

Edge Extension: (Edge relevant text changes) - C:\Users\nc2un\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-29]

 

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

 

Chrome: 

=======

CHR Profile: C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default [2024-04-13]

CHR Extension: (Google Docs Offline) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-04]

CHR Extension: (0) - C:\Users\nc2un\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-04-12]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221280 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)

S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12229224 2024-04-10] (Electronic Arts, Inc. -> Electronic Arts)

R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8408968 2024-01-25] (GlassWire -> SecureMix LLC)

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-03-29] (Malwarebytes Inc. -> Malwarebytes)

S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2644488 2024-04-04] (Overwolf Ltd -> Overwolf LTD)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleKIS; C:\WINDOWS\System32\drivers\AppleKIS.sys [68032 2023-11-20] (Apple Inc. -> Apple Inc.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-11-20] (Apple Inc. -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-11-20] (Apple Inc. -> Apple Inc.)

S3 AppleRSM; C:\WINDOWS\System32\drivers\AppleRSM.sys [79704 2023-11-20] (Apple Inc. -> Apple Inc.)

R3 cpuz149; C:\Users\nc2un\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2024-04-16] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION

R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Dell)

S3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Dell)

R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2024-01-25] (GlassWire -> SecureMix LLC)

S3 HWiNFO_191; C:\Users\nc2un\AppData\Local\Temp\HWiNFO64A_191.SYS [57936 2024-03-29] (Microsoft Windows Hardware Compatibility Publisher -> REALiX) <==== ATTENTION

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-03-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)

R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2024-04-16 18:32 - 2024-04-16 18:33 - 000016643 _____ C:\Users\nc2un\Desktop\FRST.txt

2024-04-16 09:02 - 2024-04-16 09:02 - 000000000 ____D C:\Users\nc2un\Desktop\OptiPlex

2024-04-16 06:40 - 2024-04-16 09:01 - 000000000 ____D C:\Users\nc2un\Desktop\Further Reads

2024-04-16 06:40 - 2024-04-16 06:40 - 000000000 ____D C:\Users\nc2un\Desktop\FRST-OlderVersion

2024-04-16 06:38 - 2024-04-16 06:39 - 000000000 ____D C:\Users\nc2un\Desktop\Older FRST logs

2024-04-16 01:03 - 2024-04-16 01:03 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\QuickStyles

2024-04-16 00:51 - 2024-04-16 00:51 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Proof

2024-04-16 00:49 - 2024-04-16 01:54 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Word

2024-04-16 00:45 - 2024-04-16 00:45 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\PowerPoint

2024-04-15 18:54 - 2024-04-15 18:54 - 000000000 ____D C:\Users\Jade1\Apple

2024-04-15 06:09 - 2024-04-15 06:09 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

2024-04-14 12:15 - 2024-04-14 12:15 - 000000000 ____D C:\EADesktopDev

2024-04-14 09:25 - 2024-04-14 09:25 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\InputMethod

2024-04-14 02:10 - 2024-04-14 02:10 - 000001073 _____ C:\Users\nc2un\Desktop\FSS.exe - Shortcut.lnk

2024-04-14 02:09 - 2024-04-14 02:09 - 000000000 ____D C:\Users\nc2un\Downloads\FSS

2024-04-14 02:08 - 2024-04-14 02:08 - 000514938 _____ C:\Users\nc2un\Downloads\FSS.zip

2024-04-14 02:08 - 2024-04-14 02:08 - 000000930 _____ C:\Users\nc2un\Desktop\MiniToolBox - Shortcut.lnk

2024-04-14 02:08 - 2024-04-14 02:08 - 000000744 _____ C:\Users\nc2un\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSS.lnk

2024-04-14 02:04 - 2024-04-14 02:07 - 000002725 _____ C:\Users\nc2un\Downloads\FSS.txt

2024-04-14 02:03 - 2024-04-14 02:03 - 000002236 _____ C:\Users\nc2un\Desktop\Tweaking.com - Windows Repair.lnk

2024-04-14 02:02 - 2024-04-14 02:02 - 000003770 _____ C:\WINDOWS\system32\Tasks\Tweaking.com - Windows Repair Tray Icon

2024-04-14 02:02 - 2024-04-14 02:02 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2024-04-14 02:01 - 2024-04-14 02:03 - 000380467 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt

2024-04-14 01:57 - 2024-04-14 01:57 - 000011594 _____ C:\Users\nc2un\Downloads\MTB.txt

2024-04-14 01:56 - 2024-04-14 01:56 - 058118520 _____ (Tweaking.com) C:\Users\nc2un\Downloads\tweaking.com_windows_repair_aio_setup.exe

2024-04-14 01:56 - 2024-04-14 01:56 - 000956928 _____ (Farbar) C:\Users\nc2un\Downloads\MiniToolBox (1).exe

2024-04-14 01:05 - 2024-04-14 01:05 - 000001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk

2024-04-14 01:05 - 2024-04-14 01:05 - 000001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk

2024-04-14 01:05 - 2024-04-14 01:05 - 000001208 _____ C:\Users\Public\Desktop\Security Task Manager.lnk

2024-04-14 00:28 - 2024-04-14 00:40 - 000000000 ____D C:\Program Files (x86)\VirusTotalUploader2

2024-04-14 00:28 - 2024-04-14 00:28 - 000002148 _____ C:\Users\nc2un\Desktop\VirusTotal Uploader 2.2.lnk

2024-04-14 00:19 - 2024-04-14 00:19 - 000001140 _____ C:\Users\nc2un\Desktop\Revo Uninstaller Pro.lnk

2024-04-13 22:41 - 2024-04-13 23:23 - 000000000 ____D C:\Users\nc2un\Downloads\fulleventlogview-x64

2024-04-13 00:23 - 2024-04-13 00:23 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\HTML Help

2024-04-13 00:22 - 2024-04-13 00:22 - 000000000 ____D C:\Program Files (x86)\Tweaking.com

2024-04-12 23:10 - 2024-04-16 08:21 - 000000000 ____D C:\ProgramData\SecTaskMan

2024-04-12 23:10 - 2024-04-14 01:05 - 000000000 ____D C:\Program Files (x86)\Security Task Manager

2024-04-12 14:22 - 2024-04-13 23:23 - 000000000 ____D C:\drvrtmp

2024-04-12 14:21 - 2024-04-12 14:21 - 032179632 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Intel-PCIe-Ethernet-Network-Driver_VP20T_WIN_24.1.0.0_A13_04 (1).EXE

2024-04-12 14:07 - 2024-04-12 14:07 - 000001441 _____ C:\Users\nc2un\Desktop\HWiNFO64.EXE - Shortcut.lnk

2024-04-12 14:01 - 2024-04-12 14:01 - 000000000 ____D C:\Users\nc2un\Downloads\MiniToolBox

2024-04-12 14:00 - 2024-04-12 14:00 - 000514302 _____ C:\Users\nc2un\Downloads\MiniToolBox.zip

2024-04-12 13:59 - 2024-04-12 13:59 - 000000994 _____ C:\Users\nc2un\Desktop\AdwCleaner.exe - Shortcut.lnk

2024-04-12 13:49 - 2024-04-12 13:49 - 000000000 ____D C:\Users\nc2un\AppData\Local\mbam

2024-04-12 09:22 - 2024-04-12 09:22 - 034368941 _____ C:\Users\Jade1\Downloads\RuffTimes.zip

2024-04-12 05:46 - 2024-04-12 05:46 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

2024-04-12 05:35 - 2024-04-12 05:35 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\UProof

2024-04-12 04:40 - 2024-04-12 07:05 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Publisher Building Blocks

2024-04-12 04:39 - 2024-04-16 01:54 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Office

2024-04-12 04:39 - 2024-04-16 00:57 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Publisher

2024-04-12 04:39 - 2024-04-12 04:39 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\AddIns

2024-04-12 04:22 - 2024-04-13 23:23 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive

2024-04-12 04:18 - 2024-04-12 04:18 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk

2024-04-12 04:18 - 2024-04-12 04:18 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk

2024-04-12 04:18 - 2024-04-12 04:18 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk

2024-04-12 04:18 - 2024-04-12 04:18 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk

2024-04-12 04:18 - 2024-04-12 04:18 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk

2024-04-12 04:18 - 2024-04-12 04:18 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk

2024-04-12 04:18 - 2024-04-12 04:18 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk

2024-04-12 04:16 - 2024-04-13 23:08 - 000000000 ____D C:\Program Files\Microsoft Office

2024-04-12 04:16 - 2024-04-12 04:16 - 000000000 ____D C:\Program Files\Microsoft Office 15

2024-04-11 23:23 - 2024-04-11 23:23 - 000114325 _____ C:\Users\nc2un\Downloads\fulleventlogview-x64.zip

2024-04-10 21:54 - 2024-04-10 21:54 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\VS Revo Group

2024-04-10 21:51 - 2024-04-10 21:51 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Apple Computer

2024-04-10 21:49 - 2024-04-10 21:49 - 200998888 _____ (Apple Inc.) C:\Users\keyer_z86jbid\Downloads\iTunes64Setup (3).exe

2024-04-10 21:48 - 2024-04-10 21:48 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\glasswire

2024-04-10 19:19 - 2024-04-10 19:19 - 000000000 ____D C:\Users\Jade1\AppData\Local\glasswire

2024-04-10 18:41 - 2024-04-13 23:23 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Find.Same.Images.OK

2024-04-10 18:41 - 2024-04-10 18:41 - 000001822 _____ C:\Users\nc2un\Desktop\Find.Same.Images.OK.lnk

2024-04-10 18:41 - 2024-04-10 18:41 - 000001822 _____ C:\Users\nc2un\AppData\Roaming\Microsoft\Windows\Start Menu\Find.Same.Images.OK.lnk

2024-04-10 18:41 - 2024-04-10 18:41 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Find.Same.Images.OK

2024-04-10 18:41 - 2024-04-10 18:41 - 000000000 ____D C:\Program Files\Find.Same.Images.OK

2024-04-10 18:35 - 2024-04-10 18:35 - 000000054 _____ C:\Users\nc2un\Desktop\SoftwareOK.url

2024-04-10 18:01 - 2024-04-10 18:02 - 000000000 ____D C:\AdwCleaner

2024-04-10 17:14 - 2024-04-10 17:14 - 000001974 _____ C:\Users\Public\Desktop\GlassWire.lnk

2024-04-10 17:14 - 2024-04-10 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire

2024-04-10 17:14 - 2024-04-10 17:14 - 000000000 ____D C:\Program Files (x86)\GlassWire

2024-04-10 17:14 - 2024-01-25 06:23 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys

2024-04-10 17:14 - 2024-01-25 06:23 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat

2024-04-10 16:59 - 2024-04-10 16:59 - 083989264 _____ (SecureMix LLC) C:\Users\nc2un\Downloads\GlassWireSetup.exe

2024-04-10 16:30 - 2024-04-10 16:46 - 000041627 _____ C:\WINDOWS\SysWOW64\MTB.txt

2024-04-10 14:43 - 2024-04-16 06:40 - 002394112 _____ (Farbar) C:\Users\nc2un\Desktop\FRST64.exe

2024-04-10 11:05 - 2024-04-10 11:05 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json

2024-04-10 11:04 - 2024-04-10 11:04 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json

2024-04-10 10:58 - 2024-04-10 10:58 - 000000000 ___HD C:\$WinREAgent

2024-04-10 10:47 - 2024-04-16 08:17 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

2024-04-10 10:46 - 2024-04-10 18:03 - 000000000 ____D C:\Users\nc2un\AppData\Local\CrashDumps

2024-04-10 08:01 - 2024-04-10 08:03 - 000084054 _____ C:\Users\keyer_z86jbid\Downloads\WEST TEXAS TRIBUNE.pdf

2024-04-10 07:03 - 2024-04-10 07:03 - 000044064 _____ C:\Users\keyer_z86jbid\Downloads\il_1140xN.5840910967_kv4o.avif

2024-04-10 07:01 - 2024-04-10 07:01 - 000045284 _____ C:\Users\keyer_z86jbid\Downloads\il_794xN.1998461350_h2wy.webp

2024-04-10 06:47 - 2024-04-10 06:47 - 000124380 _____ C:\Users\keyer_z86jbid\Downloads\R (1).jfif

2024-04-10 06:40 - 2024-04-10 06:40 - 000706022 _____ C:\Users\keyer_z86jbid\Downloads\R.jfif

2024-04-09 12:12 - 2024-04-09 12:12 - 000098093 _____ C:\Users\nc2un\Documents\Completely Clean Install of Windows 10 - MCT USB Method.pdf

2024-04-09 01:57 - 2024-04-09 01:57 - 000000672 _____ C:\Users\nc2un\Documents\CREDIT REPORT.txt

2024-04-09 01:53 - 2024-04-09 01:53 - 000000097 _____ C:\Users\nc2un\Desktop\Application for Assistance.url

2024-04-08 23:59 - 2024-04-08 23:59 - 001171863 _____ C:\Users\nc2un\Documents\DetailedBillSep2023

2024-04-08 16:25 - 2024-04-13 08:50 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\StardewValley

2024-04-08 16:25 - 2024-04-08 16:25 - 000000000 ____D C:\Users\Jade1\AppData\Local\GOG.com

2024-04-08 15:22 - 2024-04-08 15:22 - 000000199 _____ C:\Users\nc2un\Documents\apr Bills.txt

2024-04-08 14:14 - 2024-04-10 20:25 - 000000000 ____D C:\Users\Jade1\AppData\Local\CrashDumps

2024-04-08 13:48 - 2024-04-08 13:56 - 000015307 _____ C:\Users\nc2un\Documents\MTB.txt

2024-04-06 07:58 - 2024-04-06 08:14 - 223437856 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Intel-HD-4000-and-5000-Series-Graphics-Driver_4KV26_WIN_20.19.15.5063_A08_03 (3).EXE

2024-04-06 03:25 - 2024-04-06 03:25 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Apple Inc

2024-04-06 03:24 - 2024-04-10 21:53 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Apple Computer

2024-04-06 03:24 - 2024-04-10 21:53 - 000000000 ____D C:\Users\nc2un\AppData\Local\Apple Computer

2024-04-06 03:22 - 2024-04-06 03:22 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Apple

2024-04-06 03:20 - 2024-04-06 03:20 - 134650184 _____ (Apple Inc.) C:\Users\keyer_z86jbid\Downloads\iTunes64Setup (2).exe

2024-04-06 03:17 - 2024-04-10 22:16 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Apple Computer

2024-04-06 03:17 - 2024-04-06 03:18 - 134650184 _____ (Apple Inc.) C:\Users\keyer_z86jbid\Downloads\iTunes64Setup (1).exe

2024-04-06 03:16 - 2024-04-06 03:16 - 000000000 ____D C:\Users\nc2un\AppData\Local\Apple

2024-04-06 03:15 - 2024-04-06 03:15 - 200998888 _____ (Apple Inc.) C:\Users\keyer_z86jbid\Downloads\iTunes64Setup.exe

2024-04-05 23:02 - 2024-04-10 17:14 - 000000000 ____D C:\Users\nc2un\AppData\Local\GlassWire

2024-04-05 11:41 - 2024-04-10 17:14 - 000000000 ____D C:\ProgramData\GlassWire

2024-04-05 11:37 - 2024-04-05 11:37 - 000959488 _____ (Farbar) C:\Users\nc2un\Downloads\FSS.exe

2024-04-05 11:14 - 2024-04-08 13:56 - 000000000 ____D C:\Users\nc2un\Documents\NC2U Logs Collections

2024-04-05 11:00 - 2024-04-05 11:01 - 306040584 _____ (Malwarebytes) C:\Users\nc2un\Downloads\MBSetup-076981.076981-5.1.1.106.exe

2024-04-05 10:59 - 2024-04-05 10:59 - 000956928 _____ (Farbar) C:\Users\nc2un\Downloads\MiniToolBox.exe

2024-04-05 10:56 - 2024-04-05 10:56 - 008791352 _____ (Malwarebytes) C:\Users\nc2un\Downloads\AdwCleaner.exe

2024-04-05 10:54 - 2024-04-05 10:54 - 040499088 _____ (SecureMix LLC) C:\Users\nc2un\Downloads\glasswire-setup-2.1.3167.exe

2024-04-05 10:37 - 2024-04-16 18:32 - 000000000 ____D C:\FRST

2024-04-05 10:36 - 2024-04-05 10:36 - 002393088 _____ (Farbar) C:\Users\nc2un\Downloads\FRST64.exe

2024-04-04 14:30 - 2024-04-04 14:30 - 183113960 _____ (Intel Corporation) C:\Users\nc2un\Downloads\win64_15407.4279.exe

2024-04-04 14:29 - 2024-04-04 14:29 - 000004066 _____ C:\Users\nc2un\Downloads\readme64.txt

2024-04-04 12:32 - 2024-04-04 12:33 - 000000000 ____D C:\Program Files\Speccy

2024-04-04 12:32 - 2024-04-04 12:32 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk

2024-04-04 12:31 - 2024-04-04 12:31 - 004421736 _____ (Piriform Software Ltd) C:\Users\nc2un\Downloads\spsetup132_pro (1).exe

2024-04-03 03:09 - 2024-04-03 03:09 - 000000000 ___RD C:\Users\nc2un\Documents\DellInc.DellSupportAssistforPCs_htrsf667h5kn2!App

2024-04-03 02:50 - 2024-04-03 02:50 - 000000000 ____D C:\Users\nc2un\AppData\Local\PeerDistRepub

2024-04-02 13:14 - 2024-04-02 13:14 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\OneDrive

2024-04-02 10:05 - 2024-04-02 10:05 - 000337875 _____ C:\Users\keyer_z86jbid\Downloads\Weekly-Pay-Stub-Template-TemplateLab.com_3.pdf

2024-04-02 10:03 - 2024-04-02 10:03 - 000337867 _____ C:\Users\keyer_z86jbid\Downloads\Weekly-Pay-Stub-Template-TemplateLab.com_2.pdf

2024-04-02 09:58 - 2024-04-02 09:58 - 000338127 _____ C:\Users\keyer_z86jbid\Downloads\Weekly-Pay-Stub-Template-TemplateLab.com_1.pdf

2024-04-02 09:41 - 2024-04-02 09:57 - 000338127 _____ C:\Users\keyer_z86jbid\Downloads\Weekly-Pay-Stub-Template-TemplateLab.com_.pdf

2024-04-02 09:40 - 2024-04-02 09:40 - 000522070 _____ C:\Users\keyer_z86jbid\Downloads\Waitress-Pay-Stub-Template-TemplateLab.com_.pdf

2024-04-02 07:56 - 2024-04-02 07:56 - 000084615 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_75627_formswift.com.jpeg

2024-04-02 07:56 - 2024-04-02 07:56 - 000060111 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_75656_formswift.com.jpeg

2024-04-02 07:50 - 2024-04-02 07:50 - 000087331 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_75015_formswift.com.jpeg

2024-04-02 07:47 - 2024-04-02 07:47 - 000143202 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_7473_formswift.com.jpeg

2024-04-02 07:47 - 2024-04-02 07:47 - 000087331 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_74743_formswift.com.jpeg

2024-04-02 07:46 - 2024-04-02 07:46 - 000143202 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_74654_formswift.com.jpeg

2024-04-02 07:33 - 2024-04-02 07:33 - 000142160 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_73330_formswift.com.jpeg

2024-04-02 07:33 - 2024-04-02 07:33 - 000060341 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_73355_formswift.com.jpeg

2024-04-02 07:06 - 2024-04-02 07:06 - 000070143 _____ C:\Users\keyer_z86jbid\Downloads\OIP.jfif

2024-04-02 07:01 - 2024-04-02 07:01 - 000220733 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_7121_formswift.com.jpeg

2024-04-02 07:00 - 2024-04-02 07:00 - 000220733 _____ C:\Users\keyer_z86jbid\Downloads\Screenshot_2-4-2024_7033_formswift.com.jpeg

2024-04-01 13:54 - 2024-04-01 13:54 - 000000000 ____D C:\Users\Jade1\AppData\Local\Comms

2024-04-01 11:08 - 2024-04-01 11:08 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Backup

2024-03-31 16:46 - 2024-03-31 16:46 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Comms

2024-03-31 16:43 - 2024-03-31 16:43 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Spelling

2024-03-31 16:40 - 2024-03-31 16:40 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Origin

2024-03-31 16:40 - 2024-03-31 16:40 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Electronic Arts

2024-03-31 16:40 - 2024-03-31 16:40 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\EALaunchHelper

2024-03-31 16:40 - 2024-03-31 16:40 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\cache

2024-03-31 16:33 - 2024-04-09 14:13 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\PlaceholderTileLogoFolder

2024-03-31 16:31 - 2024-04-15 06:10 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Packages

2024-03-31 16:31 - 2024-04-12 05:37 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\ConnectedDevicesPlatform

2024-03-31 16:31 - 2024-04-10 21:57 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Publishers

2024-03-31 16:31 - 2024-04-07 19:57 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Malwarebytes

2024-03-31 16:31 - 2024-03-31 16:31 - 000000020 ___SH C:\Users\keyer_z86jbid\ntuser.ini

2024-03-31 16:31 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Network

2024-03-31 16:31 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\VirtualStore

2024-03-31 16:31 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Local\Google

2024-03-31 10:37 - 2024-03-31 10:37 - 005727416 _____ C:\Users\Jade1\Downloads\norton_private_browser_setup.exe

2024-03-31 09:24 - 2024-03-31 09:24 - 000000000 ____D C:\Users\Jade1\AppData\Local\EALaunchHelper

2024-03-30 20:33 - 2024-03-30 20:33 - 000019281 _____ C:\Users\Jade1\Downloads\[bobatrait] banana cas background.package

2024-03-30 18:52 - 2024-03-30 18:52 - 002140704 _____ (Overwolf Ltd.) C:\Users\Jade1\Downloads\CurseForge - Installer (2).exe

2024-03-30 18:48 - 2024-03-30 18:50 - 000185930 _____ C:\Users\Jade1\Downloads\EA DLC Unlocker v2.7z

2024-03-30 16:48 - 2024-03-30 16:48 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2024-03-30 16:46 - 2024-03-30 16:46 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2024-03-30 08:59 - 2024-03-30 08:59 - 000000000 ____D C:\Users\nc2un\AppData\Local\Backup

2024-03-30 08:58 - 2024-03-30 08:58 - 000000000 ____D C:\Users\Jade1\AppData\Local\Backup

2024-03-30 08:57 - 2024-04-05 13:19 - 000000000 ____D C:\Program Files (x86)\Overwolf

2024-03-30 08:57 - 2024-03-30 08:57 - 000004408 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task

2024-03-30 08:57 - 2024-03-30 08:57 - 000002321 _____ C:\Users\Jade1\Desktop\CurseForge.lnk

2024-03-30 08:57 - 2024-03-30 08:57 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2024-03-30 08:57 - 2024-03-30 08:57 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2024-03-30 08:57 - 2024-03-30 08:57 - 000000000 ____D C:\ProgramData\Overwolf

2024-03-30 08:56 - 2024-04-11 15:57 - 000000000 ____D C:\Users\Jade1\AppData\Local\Overwolf

2024-03-30 08:56 - 2024-04-03 01:04 - 000000000 ____D C:\Users\nc2un\AppData\Local\Overwolf

2024-03-30 08:56 - 2024-03-30 08:56 - 002140704 _____ (Overwolf Ltd.) C:\Users\Jade1\Downloads\CurseForge - Installer (1).exe

2024-03-30 08:50 - 2024-04-08 13:51 - 000000000 ____D C:\Users\Jade1\AppData\Local\Malwarebytes

2024-03-30 08:50 - 2024-03-30 08:50 - 000000000 ____D C:\Users\Jade1\AppData\Local\Google

2024-03-29 19:00 - 2024-04-06 03:19 - 000000000 ____D C:\WINDOWS\system32\appmgmt

2024-03-29 18:57 - 2024-03-29 18:57 - 000000000 _____ C:\WINDOWS\SysWOW64\wsmand.log.lock

2024-03-29 18:56 - 2024-03-29 18:56 - 000000000 ____D C:\Users\nc2un\AppData\Local\Google

2024-03-29 18:48 - 2024-03-29 18:48 - 000003738 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification

2024-03-29 18:48 - 2019-05-17 04:17 - 000002291 _____ C:\WINDOWS\system32\SetupBD.din

2024-03-29 18:47 - 2024-03-29 18:48 - 000000000 ____D C:\ProgramData\Intel

2024-03-29 18:47 - 2024-03-29 18:48 - 000000000 ____D C:\Program Files (x86)\Intel

2024-03-29 18:45 - 2024-03-29 18:45 - 000000000 _____ C:\WINDOWS\invcol.tmp

2024-03-29 18:35 - 2024-04-12 14:22 - 000000000 ____D C:\ProgramData\Dell

2024-03-29 18:35 - 2024-04-09 11:53 - 000000000 ____D C:\Program Files\Dell

2024-03-29 18:35 - 2024-04-05 11:45 - 000000000 ____D C:\Program Files (x86)\Dell

2024-03-29 18:35 - 2024-03-29 18:35 - 000000000 ____D C:\Program Files\dotnet

2024-03-29 17:37 - 2024-04-14 00:03 - 000000000 ____D C:\Users\nc2un\AppData\Local\Malwarebytes

2024-03-29 17:37 - 2024-03-29 17:37 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2024-03-29 17:37 - 2024-03-29 17:37 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2024-03-29 17:36 - 2024-04-16 07:47 - 000000000 ____D C:\Program Files (x86)\Google

2024-03-29 17:36 - 2024-04-15 18:47 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2024-03-29 17:36 - 2024-04-15 18:47 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2024-03-29 17:36 - 2024-03-29 18:48 - 000000000 ____D C:\Program Files\HWiNFO64

2024-03-29 17:36 - 2024-03-29 17:42 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{BC80E2C5-622E-4EE7-8620-EC3831DE40B0}

2024-03-29 17:36 - 2024-03-29 17:42 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{008A7899-0CE7-495B-A689-8A98ABC335A1}

2024-03-29 17:36 - 2024-03-29 17:36 - 000000000 ____D C:\ProgramData\Malwarebytes

2024-03-29 17:36 - 2024-03-29 17:36 - 000000000 ____D C:\Program Files\Malwarebytes

2024-03-29 17:36 - 2024-03-29 17:36 - 000000000 ____D C:\Program Files\Google

2024-03-29 09:57 - 2024-03-29 09:57 - 000000000 ____D C:\ProgramData\Origin

2024-03-29 09:51 - 2024-03-29 09:51 - 000000000 ____D C:\Users\Jade1\AppData\Local\PlaceholderTileLogoFolder

2024-03-29 09:50 - 2024-03-29 09:50 - 000000000 ____D C:\Users\Jade1\AppData\Local\OneDrive

2024-03-29 09:49 - 2024-03-29 10:00 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Spelling

2024-03-29 09:49 - 2024-03-29 09:49 - 000000000 ____D C:\Users\Jade1\AppData\Local\Origin

2024-03-29 09:49 - 2024-03-29 09:49 - 000000000 ____D C:\Users\Jade1\AppData\Local\Electronic Arts

2024-03-29 09:49 - 2024-03-29 09:49 - 000000000 ____D C:\Users\Jade1\AppData\Local\EADesktop

2024-03-29 09:49 - 2024-03-29 09:49 - 000000000 ____D C:\Users\Jade1\AppData\Local\cache

2024-03-29 09:48 - 2024-04-15 18:35 - 000000000 ____D C:\Users\Jade1\AppData\Local\Publishers

2024-03-29 09:48 - 2024-04-15 18:35 - 000000000 ____D C:\Users\Jade1\AppData\Local\Packages

2024-03-29 09:48 - 2024-03-30 08:50 - 000000000 ____D C:\Users\Jade1\AppData\Local\ConnectedDevicesPlatform

2024-03-29 09:48 - 2024-03-29 09:48 - 000000020 ___SH C:\Users\Jade1\ntuser.ini

2024-03-29 09:48 - 2024-03-29 09:48 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Network

2024-03-29 09:48 - 2024-03-29 09:48 - 000000000 ____D C:\Users\Jade1\AppData\Local\VirtualStore

2024-03-29 09:40 - 2024-03-29 09:40 - 000000000 ____D C:\ProgramData\PLUG

2024-03-29 09:18 - 2024-04-10 16:26 - 000000000 ____D C:\ProgramData\Apple Computer

2024-03-29 09:18 - 2024-04-10 10:38 - 000000000 ____D C:\ProgramData\Apple Inc

2024-03-29 09:18 - 2024-04-09 11:43 - 000000000 ____D C:\ProgramData\Apple

2024-03-29 09:16 - 2024-04-13 23:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2024-03-29 09:16 - 2024-03-29 09:16 - 000000000 ____D C:\Program Files\RUXIM

2024-03-29 09:15 - 2024-04-10 10:57 - 000000000 ____D C:\WINDOWS\system32\MRT

2024-03-29 09:03 - 2024-03-29 09:03 - 000000000 ____D C:\Users\nc2un\AppData\Local\EALaunchHelper

2024-03-29 08:59 - 2024-04-13 22:29 - 000000000 ____D C:\Users\nc2un\AppData\Local\ElevatedDiagnostics

2024-03-29 08:42 - 2024-03-29 08:42 - 000001377 _____ C:\Users\Public\Desktop\The Sims 4.lnk

2024-03-29 08:42 - 2024-03-29 08:42 - 000000000 ____D C:\ProgramData\Electronic Arts

2024-03-29 08:41 - 2024-03-29 08:41 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller

2024-03-29 08:41 - 2024-03-29 08:34 - 000447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll

2024-03-29 08:32 - 2024-04-13 23:23 - 000000000 ____D C:\ProgramData\EA Desktop

2024-03-29 08:32 - 2024-04-09 11:53 - 000000000 ____D C:\ProgramData\Package Cache

2024-03-29 08:32 - 2024-03-29 08:33 - 000000000 ____D C:\Users\nc2un\AppData\Local\Origin

2024-03-29 08:32 - 2024-03-29 08:33 - 000000000 ____D C:\Program Files\EA Games

2024-03-29 08:32 - 2024-03-29 08:32 - 000002138 _____ C:\Users\Public\Desktop\EA.lnk

2024-03-29 08:32 - 2024-03-29 08:32 - 000000000 ____D C:\Users\nc2un\AppData\Local\Electronic Arts

2024-03-29 08:32 - 2024-03-29 08:32 - 000000000 ____D C:\Users\nc2un\AppData\Local\EADesktop

2024-03-29 08:32 - 2024-03-29 08:32 - 000000000 ____D C:\Users\nc2un\AppData\Local\cache

2024-03-29 08:32 - 2024-03-29 08:32 - 000000000 ____D C:\Program Files\Electronic Arts

2024-03-29 08:31 - 2024-03-29 08:31 - 002458240 _____ (Electronic Arts) C:\Users\nc2un\Downloads\EAappInstaller.exe

2024-03-29 08:27 - 2024-03-29 08:27 - 000000000 ____D C:\Users\nc2un\AppData\Local\VS Revo Group

2024-03-29 08:27 - 2024-03-29 08:27 - 000000000 ____D C:\ProgramData\VS Revo Group

2024-03-29 08:27 - 2024-03-29 08:27 - 000000000 ____D C:\Program Files\VS Revo Group

2024-03-29 08:10 - 2024-04-12 16:42 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\MMC

2024-03-29 07:48 - 2024-04-10 10:38 - 000000000 ____D C:\Users\nc2un\AppData\Local\D3DSCache

2024-03-29 06:44 - 2024-03-29 03:55 - 000000000 ____D C:\WINDOWS\Panther

2024-03-29 06:42 - 2024-03-29 06:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2024-03-29 06:42 - 2024-03-29 03:55 - 000000000 ____D C:\Windows.old

2024-03-29 06:41 - 2024-04-16 07:47 - 000000000 ____D C:\WINDOWS\SystemTemp

2024-03-29 06:41 - 2024-04-10 16:23 - 000000000 ____D C:\WINDOWS\InboxApps

2024-03-29 06:41 - 2024-03-29 06:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde

2024-03-29 06:41 - 2024-03-29 06:41 - 000000000 ____D C:\ProgramData\ssh

2024-03-29 06:30 - 2024-03-29 06:30 - 000008192 _____ C:\WINDOWS\system32\config\userdiff

2024-03-29 06:25 - 2024-03-29 06:25 - 000000000 ____D C:\Users\nc2un\AppData\Local\OneDrive

2024-03-29 06:14 - 2024-03-29 06:27 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Spelling

2024-03-29 06:12 - 2024-04-03 01:31 - 000000000 ____D C:\Users\nc2un\AppData\Local\Comms

2024-03-29 05:56 - 2024-04-08 23:21 - 000000000 ____D C:\Users\nc2un\AppData\Local\PlaceholderTileLogoFolder

2024-03-29 05:56 - 2024-03-29 05:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2024-03-29 05:55 - 2024-04-13 23:30 - 000000000 ____D C:\ProgramData\Packages

2024-03-29 05:55 - 2024-04-10 10:46 - 000000000 ____D C:\Users\nc2un\AppData\Local\Publishers

2024-03-29 05:54 - 2024-04-13 23:35 - 000000000 ____D C:\Users\nc2un\AppData\Local\Packages

2024-03-29 05:54 - 2024-04-03 01:09 - 000000000 ____D C:\Users\nc2un\AppData\Local\ConnectedDevicesPlatform

2024-03-29 05:54 - 2024-03-29 05:54 - 000000020 ___SH C:\Users\nc2un\ntuser.ini

2024-03-29 05:54 - 2024-03-29 05:54 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Network

2024-03-29 05:54 - 2024-03-29 05:54 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Adobe

2024-03-29 05:54 - 2024-03-29 05:54 - 000000000 ____D C:\Users\nc2un\AppData\Local\VirtualStore

2024-03-29 03:56 - 2024-04-16 08:28 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2024-03-29 03:51 - 2024-04-04 14:57 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{27F5E093-8A0C-4650-9BB2-AE86780AB3B1}

2024-03-29 03:51 - 2024-04-04 14:57 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{149F8DC8-3E66-43AD-9648-FD9C1DEE95FC}

2024-03-29 03:50 - 2024-04-16 08:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2024-03-29 03:50 - 2024-04-10 05:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2024-03-29 03:50 - 2024-03-29 03:50 - 000013922 _____ C:\Users\Jade1\Desktop\Removed Apps.html

2024-03-29 03:50 - 2024-03-29 03:50 - 000000000 ____D C:\Users\nc2un\Documents\FreshStart

2024-03-29 03:50 - 2024-03-29 03:50 - 000000000 ____D C:\Users\Jade1\Documents\FreshStart

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\SystemCertificates

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\IME

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Crypto

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\SystemCertificates

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Crypto

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\SystemCertificates

2024-03-29 03:49 - 2024-03-29 03:49 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Crypto

2024-03-29 03:48 - 2024-04-15 20:42 - 000000000 ____D C:\Users\Jade1

2024-03-29 03:48 - 2024-04-13 23:26 - 000000000 ____D C:\Users\nc2un

2024-03-29 03:48 - 2024-04-13 23:23 - 000000000 ____D C:\Users\keyer_z86jbid

2024-03-29 03:48 - 2024-04-10 17:53 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Windows

2024-03-29 03:48 - 2024-03-31 16:31 - 000000000 ____D C:\Users\keyer_z86jbid\AppData\Roaming\Microsoft\Windows

2024-03-29 03:48 - 2024-03-29 09:48 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Windows

2024-03-29 03:46 - 2024-04-16 08:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2024-03-29 03:46 - 2024-03-29 18:48 - 000000000 ____D C:\Program Files\Intel

2024-03-29 03:46 - 2024-03-29 03:46 - 000561169 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat

2024-03-29 03:46 - 2024-03-29 03:46 - 000113697 _____ C:\WINDOWS\system32\Drivers\rtwavesvolpro.dat

2024-03-29 03:46 - 2024-03-29 03:46 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat

2024-03-29 03:46 - 2024-03-29 03:46 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat

2024-03-29 03:46 - 2024-03-29 03:46 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

2024-03-29 03:46 - 2024-03-29 03:46 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2024-03-29 03:46 - 2024-03-29 03:46 - 000000000 ____D C:\Program Files\Realtek

2024-03-29 03:46 - 2024-03-29 03:46 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin

2024-03-29 03:44 - 2024-04-16 18:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2024-03-29 03:44 - 2024-04-12 05:48 - 000439016 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2024-03-29 03:19 - 2024-03-29 03:50 - 000000000 ___HD C:\$SysReset

2024-03-29 00:44 - 2024-03-29 00:45 - 223437856 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Intel-HD-4000-and-5000-Series-Graphics-Driver_4KV26_WIN_20.19.15.5063_A08_03 (2).EXE

2024-03-29 00:17 - 2024-03-29 00:20 - 000000000 ____D C:\Users\nc2un\Documents\Outlook Files

2024-03-28 07:05 - 2024-03-28 07:05 - 000000000 ____D C:\Users\Public\Documents\Electronic Arts

2024-03-28 05:48 - 2024-03-28 05:48 - 000001400 _____ C:\Users\Jade1\Desktop - Shortcut.lnk

2024-03-28 02:58 - 2024-04-02 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA

2024-03-28 02:31 - 2024-03-28 02:31 - 002596472 _____ (Patch My PC, LLC) C:\Users\nc2un\Downloads\PatchMyPC.exe

2024-03-28 02:30 - 2024-03-29 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2024-03-28 02:30 - 2024-03-28 02:30 - 017726648 _____ (VS Revo Group ) C:\Users\nc2un\Downloads\RevoUninProSetup.exe

2024-03-28 01:52 - 2024-04-14 00:28 - 000000000 ____D C:\Users\nc2un\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2

2024-03-28 01:52 - 2024-03-28 01:52 - 000142744 _____ C:\Users\nc2un\Downloads\vtuploader2.2.exe

2024-03-28 01:00 - 2024-03-29 06:20 - 000000000 ____D C:\Users\nc2un\Documents\Tenant . Landlord

2024-03-27 16:44 - 2024-03-27 16:44 - 002140712 _____ (Overwolf Ltd.) C:\Users\Jade1\Downloads\CurseForge - Installer.exe

2024-03-27 16:29 - 2024-03-27 16:29 - 000002156 _____ C:\Users\Jade1\Desktop\EA.lnk

2024-03-27 15:32 - 2024-03-27 15:32 - 223437856 _____ (Dell Inc.) C:\Users\nc2un\Downloads\Intel-HD-4000-and-5000-Series-Graphics-Driver_4KV26_WIN_20.19.15.5063_A08_03 (1).EXE

2024-03-27 11:05 - 2024-03-27 11:05 - 001362832 _____ () C:\Users\keyer_z86jbid\Downloads\free-pdf-creator.exe

2024-03-27 11:03 - 2024-03-27 11:03 - 047696672 _____ (Corel Corporation) C:\Users\keyer_z86jbid\Downloads\wzsus53.exe

2024-03-27 02:14 - 2024-03-27 02:14 - 000545857 _____ C:\Users\keyer_z86jbid\Downloads\Master your Mind - The Smart Read (2).epub

2024-03-27 02:04 - 2024-03-27 02:04 - 000545857 _____ C:\Users\keyer_z86jbid\Downloads\Master your Mind - The Smart Read (1).epub

2024-03-27 01:56 - 2024-03-27 01:56 - 000545857 _____ C:\Users\keyer_z86jbid\Downloads\Master your Mind - The Smart Read.epub

2024-03-26 23:54 - 2024-03-26 23:54 - 000060994 _____ C:\Users\keyer_z86jbid\Downloads\taxreturn (1).pdf

2024-03-26 23:47 - 2024-03-26 23:47 - 000139124 _____ C:\Users\keyer_z86jbid\Downloads\File_000.jpeg

2024-03-26 23:47 - 2024-03-26 23:47 - 000083554 _____ C:\Users\keyer_z86jbid\Downloads\2019TaxReturn (1).PDF

2024-03-26 23:45 - 2024-03-26 23:45 - 000109705 _____ C:\Users\keyer_z86jbid\Downloads\1.pdf

2024-03-26 11:59 - 2024-03-26 11:59 - 000771146 _____ C:\Users\keyer_z86jbid\Downloads\wellness-guidelines-adult-tx.pdf

2024-03-26 11:09 - 2024-03-26 11:09 - 000372740 _____ C:\Users\keyer_z86jbid\Downloads\bluecross id carx.pdf

2024-03-26 11:08 - 2024-03-26 11:08 - 000372740 _____ C:\Users\keyer_z86jbid\Downloads\ea5ddffe-5edf-4962-8f08-9a1be54a8986.pdf

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2024-04-16 17:19 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2024-04-16 08:28 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF

2024-04-16 08:27 - 2024-02-11 01:05 - 000000000 __SHD C:\Users\nc2un\IntelGraphicsProfiles

2024-04-16 08:21 - 2024-02-11 02:57 - 000008192 ___SH C:\DumpStack.log.tmp

2024-04-16 08:21 - 2019-12-07 04:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI

2024-04-16 07:08 - 2024-02-12 20:52 - 000000000 __SHD C:\Users\Jade1\IntelGraphicsProfiles

2024-04-16 06:45 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness

2024-04-16 00:44 - 2024-02-13 12:14 - 000000000 __SHD C:\Users\keyer_z86jbid\IntelGraphicsProfiles

2024-04-15 20:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState

2024-04-15 19:12 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps

2024-04-15 17:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF

2024-04-13 23:28 - 2024-02-11 02:57 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2024-04-13 23:28 - 2024-02-11 02:57 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2024-04-13 23:26 - 2024-02-11 01:05 - 000000000 __RHD C:\Users\Public\AccountPictures

2024-04-13 23:23 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing

2024-04-13 23:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\registration

2024-04-12 14:03 - 2024-02-13 12:13 - 000000000 ___RD C:\Users\keyer_z86jbid\OneDrive

2024-04-12 14:03 - 2024-02-12 20:52 - 000000000 ___RD C:\Users\Jade1\OneDrive

2024-04-12 14:03 - 2024-02-11 01:06 - 000000000 ___RD C:\Users\nc2un\OneDrive

2024-04-12 05:46 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2024-04-12 05:26 - 2024-02-13 12:14 - 000000000 ___RD C:\Users\keyer_z86jbid\3D Objects

2024-04-12 04:18 - 2024-02-11 02:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

2024-04-11 03:08 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat

2024-04-10 21:48 - 2024-02-11 01:07 - 000000000 ___HD C:\OneDriveTemp

2024-04-10 21:48 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2024-04-10 16:23 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning

2024-04-10 16:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr

2024-04-10 16:11 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

2024-04-10 11:07 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp

2024-04-04 12:32 - 2024-02-13 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2024-04-03 03:08 - 2024-02-11 01:03 - 000000000 ___SD C:\Users\nc2un\AppData\Roaming\Microsoft\Protect

2024-04-01 19:51 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2024-03-29 17:37 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2024-03-29 17:36 - 2024-02-13 23:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64

2024-03-29 09:48 - 2024-02-12 20:52 - 000000000 ___RD C:\Users\Jade1\3D Objects

2024-03-29 09:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2024-03-29 09:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2024-03-29 09:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE

2024-03-29 09:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX

2024-03-29 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV

2024-03-29 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT

2024-03-29 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE

2024-03-29 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX

2024-03-29 07:56 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender

2024-03-29 07:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2024-03-29 06:43 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template

2024-03-29 06:43 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2024-03-29 06:42 - 2024-02-11 05:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2024-03-29 06:41 - 2019-12-07 04:54 - 000000000 ___SD C:\WINDOWS\system32\AppV

2024-03-29 06:41 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2024-03-29 06:41 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2024-03-29 06:41 - 2019-12-07 04:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\F12

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemApps

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Keywords

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Com

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\IME

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\DiagTrack

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System

2024-03-29 06:41 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender

2024-03-29 06:40 - 2019-12-07 04:54 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll

2024-03-29 06:40 - 2019-12-07 04:54 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml

2024-03-29 06:40 - 2019-12-07 04:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2024-03-29 06:40 - 2019-12-07 04:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2024-03-29 05:54 - 2024-02-11 01:05 - 000000000 ___RD C:\Users\nc2un\3D Objects

2024-03-29 03:56 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate

2024-03-29 03:55 - 2019-12-07 04:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2024-03-29 03:55 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool

2024-03-29 03:50 - 2024-02-28 18:10 - 000000000 ____D C:\Users\Jade1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2024-03-28 06:02 - 2024-02-12 20:54 - 000000000 ___RD C:\Users\Jade1\Screenshots

2024-03-28 01:24 - 2024-02-12 08:37 - 000000000 ____D C:\Users\nc2un\Documents\LILAH SCHOOL

2024-03-27 14:06 - 2024-02-18 04:48 - 000000000 ____D C:\Tenorshare

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.04.2024

Ran by nc2un (16-04-2024 18:34:41)

Running from C:\Users\nc2un\Desktop

Microsoft Windows 10 Pro Version 22H2 19045.4291 (X64) (2024-03-29 08:55:47)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-2886619696-1302744882-3861898303-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2886619696-1302744882-3861898303-503 - Limited - Disabled)

Guest (S-1-5-21-2886619696-1302744882-3861898303-501 - Limited - Disabled)

Jade1 (S-1-5-21-2886619696-1302744882-3861898303-1002 - Limited - Enabled) => C:\Users\Jade1

keyer_z86jbid (S-1-5-21-2886619696-1302744882-3861898303-1008 - Limited - Enabled) => C:\Users\keyer_z86jbid

nc2un (S-1-5-21-2886619696-1302744882-3861898303-1001 - Administrator - Enabled) => C:\Users\nc2un

WDAGUtilityAccount (S-1-5-21-2886619696-1302744882-3861898303-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

CurseForge (HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.249.2.1 - Overwolf app)

EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.173.0.5686 - Electronic Arts) Hidden

EA app (HKLM-x32\...\{df861f89-e998-47ba-bfff-9354af4d3751}) (Version: 13.173.0.5686 - Electronic Arts)

Find.Same.Images.OK (HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\Find.Same.Images.OK) (Version:  - )

GlassWire 3.3 (remove only) (HKLM-x32\...\GlassWire 3.3) (Version: 3.3.664 - SecureMix LLC)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.123 - Google LLC)

HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 8.00 - Martin Malik, REALiX s.r.o.)

Intel® Chipset Device Software (HKLM\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{212B25D1-7216-4140-B248-D24BA0F80029}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{81274252-3CCE-4ABF-91F0-811144288963}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{927853D5-9CCC-4ED8-9C64-113EB34E8728}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (HKLM\...\{F6AA7E43-41A4-4304-BA96-A495C5788231}) (Version: 1.45.447.1 - Intel Corporation) Hidden

Malwarebytes version 4.6.11.320 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.11.320 - Malwarebytes)

Microsoft .NET Host - 6.0.28 (x64) (HKLM\...\{CA84969C-64F9-4606-A998-E692A5DA9B9F}) (Version: 48.112.10439 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 6.0.28 (x64) (HKLM\...\{7C4254A1-17EE-4840-B9D3-7CA9B34C75CD}) (Version: 48.112.10439 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 6.0.28 (x64) (HKLM\...\{4BCC5DFD-5D10-4ACC-AAA9-8A1578A9F0C6}) (Version: 48.112.10439 - Microsoft Corporation) Hidden

Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.97 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)

Microsoft VC++ redistributables repacked. (HKLM\...\{93E32441-3402-439F-8EF7-8EC66D3B74CA}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft VC++ redistributables repacked. (HKLM-x32\...\{4ADC7996-3183-4E8D-8827-34E6558F5B83}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)

Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.28 (x64) (HKLM\...\{443A7BE8-E5BE-4514-BDAB-0A872E3E846B}) (Version: 48.112.10435 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.28 (x64) (HKLM-x32\...\{bd3c5800-9256-43b9-97a7-eb349fc38d78}) (Version: 6.0.28.33420 - Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20176 - Microsoft Corporation) Hidden

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.243.1.1 - Overwolf Ltd.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)

Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)

Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.105.345.1020 - Electronic Arts Inc.)

Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com)

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)

VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )

 

Packages:

=========

 

HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2024-04-13] (Microsoft Corporation)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-04-13] (HP Inc.)

Microsoft Copilot -> C:\Program Files\WindowsApps\microsoft.windows.ai.copilot.provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-04-13] (Microsoft Corporation)

Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21001.0_x64__8wekyb3d8bbwe [2024-04-14] (Microsoft Corporation) [Startup Task]

Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.153.0_x64__pwbj9vvecjh7j [2024-04-13] (Amazon Development Centre (London) Ltd)

Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.18.194.0_x64__43tkc6nmykmb6 [2024-04-13] (Ookla)

Virustotal Scan -> C:\Program Files\WindowsApps\56424Roast247.WinAntivirus_1.0.0.0_neutral__tvnndvqfdvvsa [2024-04-13] (Roast247)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)

 

==================== Codecs (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2024-03-29] (Electronic Arts -> On2.com)

HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2024-03-29] (Electronic Arts -> On2.com)

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

 

==================== Alternate Data Streams (Whitelisted) ========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Jade1\Downloads\RecRoomSetup.exe:MBAM.Zone.Identifier [133]

AlternateDataStreams: C:\Users\nc2un\Downloads\hwi_772.exe:MBAM.Zone.Identifier [122]

AlternateDataStreams: C:\Users\nc2un\Downloads\spsetup132_pro.exe:MBAM.Zone.Identifier [360]

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-12] (Microsoft Corporation -> Microsoft Corporation)

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 04:14 - 2019-12-07 04:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg

HKU\S-1-5-21-2886619696-1302744882-3861898303-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jade1\Downloads\Screenshot_10-3-2024_183742_www.youtube.com.jpeg

HKU\S-1-5-21-2886619696-1302744882-3861898303-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\keyer_z86jbid\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Screenshot_20231203-001803.png

DNS Servers: 192.168.4.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKLM\...\StartupApproved\Run: => "RtHDVBg"

HKLM\...\StartupApproved\Run: => "RtHDVCpl"

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_186B36493624808C4C8AA94AFEF2776A"

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\StartupApproved\Run: => "EADM"

HKU\S-1-5-21-2886619696-1302744882-3861898303-1001\...\StartupApproved\Run: => "Overwolf"

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{E470F2DD-62EA-45AE-B0C4-2BF791C1DB1A}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [{4298D075-82BE-4938-BFF4-5D8301195CA2}] => (Allow) C:\Program Files\EA Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [{1FE73125-D7CC-4614-B16C-7E6D45D53A34}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe => No File

FirewallRules: [{D5B15308-E555-4161-93C8-ECF997F9757A}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe => No File

FirewallRules: [{7334DB5C-D2B7-476B-B63E-E90882F5A4B0}] => (Block) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe => No File

FirewallRules: [{17D4744E-4E8E-4E05-857A-6950A847A1A2}] => (Block) C:\Program Files (x86)\Overwolf\0.243.0.9\OverwolfBrowser.exe => No File

FirewallRules: [{632C7A9F-0BFF-4DB6-93CE-4ED4124AD51C}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{1FEA5E9A-E903-4AA1-B2AB-119131EA14DE}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{535DDC9F-65C7-46E2-A2BF-C81006CEF9CB}] => (Allow) c:\program files\itunes\itunes.exe => No File

FirewallRules: [{B51BDDE9-90D0-4649-B76E-CF70D0C3CDCC}] => (Allow) c:\program files\itunes\itunes.exe => No File

FirewallRules: [{9CFA9E43-AE57-4D39-A794-5C2EFAC21742}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)

FirewallRules: [{F72D0523-5B20-4228-9A8F-C5F6C1A9F0F4}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)

FirewallRules: [{88B3F8FD-1CA9-4DBA-BE64-DD56412225A8}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe (GlassWire -> SecureMix LLC)

FirewallRules: [{72E2C605-6D0A-4B92-93E7-0A615C2FA185}] => (Allow) c:\program files (x86)\glasswire\gwctlsrv.exe (GlassWire -> SecureMix LLC)

FirewallRules: [{469D98B6-77D9-4827-91A8-50D3CA765AAC}] => (Allow) c:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{5D5E5BC9-1ADB-4908-9064-190125464B02}] => (Allow) c:\windows\system32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{DE58D465-CB9A-4C23-BB35-CFCC3D13DDE1}] => (Allow) c:\program files\windowsapps\microsoft.gamingservices_19.87.13001.0_x64__8wekyb3d8bbwe\gamingservices.exe => No File

FirewallRules: [{86C97FC8-CDA6-4BE4-84B2-9757BF321B7E}] => (Allow) c:\program files\windowsapps\microsoft.gamingservices_19.87.13001.0_x64__8wekyb3d8bbwe\gamingservices.exe => No File

FirewallRules: [{28FD4720-7FEE-48C8-AC46-BA7CDA55D5C9}] => (Allow) c:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{53D8ECFC-9310-41A8-9701-662AF4AB686B}] => (Allow) c:\windows\system32\taskhostw.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{2C0A24D2-480B-4AFB-BFAD-89A4BEF2558C}] => (Allow) c:\program files\windowsapps\microsoft.6365217ce6eb4_102.2403.21001.0_x64__8wekyb3d8bbwe\microsoftsecurityapp\microsoftsecurityapp.exe (Microsoft Corporation -> )

FirewallRules: [{C1818627-B03C-4622-AEFF-394A796D9601}] => (Allow) c:\program files\windowsapps\microsoft.6365217ce6eb4_102.2403.21001.0_x64__8wekyb3d8bbwe\microsoftsecurityapp\microsoftsecurityapp.exe (Microsoft Corporation -> )

FirewallRules: [{6FE7FFDE-5554-4043-B109-72CF07747EBA}] => (Allow) c:\windows\immersivecontrolpanel\systemsettings.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{1C5833DC-EA74-49AB-BBE9-9F5AC145754A}] => (Allow) c:\windows\immersivecontrolpanel\systemsettings.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{364E7930-BCDC-47A9-86C8-B5125BD3DF01}] => (Allow) c:\windows\systemapps\microsoft.windows.search_cw5n1h2txyewy\searchapp.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{9BBE460E-C51B-46F5-B0D8-E0A7BDD4E874}] => (Allow) c:\windows\systemapps\microsoft.windows.search_cw5n1h2txyewy\searchapp.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{33AC849F-FAAB-4DD7-8738-8C19DDC55991}] => (Allow) c:\windows\system32\backgroundtaskhost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{C04DD23E-8552-450C-95AD-8C6E642E2F3F}] => (Allow) c:\windows\system32\backgroundtaskhost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{7DD261D8-D140-432A-8AFF-90C458FDE3A1}] => (Allow) c:\windows\system32\werfault.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{B0BD6645-0185-4130-A697-4253594A7B29}] => (Allow) c:\windows\system32\werfault.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{EA8B6415-98DD-42C1-AAFA-4479999CE1EF}] => (Allow) c:\users\nc2un\downloads\adwcleaner (1).exe => No File

FirewallRules: [{D7CC430A-1D10-474F-9FA5-04C8961B1382}] => (Allow) c:\users\nc2un\downloads\adwcleaner (1).exe => No File

FirewallRules: [{FDDC068A-07BB-4A09-8504-5025F4A4B2F3}] => (Allow) c:\users\nc2un\downloads\adwcleaner(1).exe => No File

FirewallRules: [{EB893255-5A4E-4D19-A32C-8153B5D451A5}] => (Allow) c:\users\nc2un\downloads\adwcleaner(1).exe => No File

FirewallRules: [{E55EF63B-F9FB-47CA-A6BC-20A377FC7A9C}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.24030.9-0\msmpeng.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{9B5A5A16-DE23-4EFC-A3E8-92ADF54B322C}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.24030.9-0\msmpeng.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{766C85A3-07EC-4083-B16D-515DA2602371}] => (Allow) c:\users\nc2un\desktop\frst64 (1).exe => No File

FirewallRules: [{0912D82B-4EB1-4AE2-BF51-A00E8CEE4D5F}] => (Allow) c:\users\nc2un\desktop\frst64 (1).exe => No File

FirewallRules: [{A8051032-7D66-46CF-8C41-3874114B91B0}] => (Allow) c:\program files (x86)\common files\overwolf\overwolfupdater.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{82995783-59E0-438B-BE95-71CEE5DAFB15}] => (Allow) c:\program files (x86)\common files\overwolf\overwolfupdater.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{0FF68197-060C-46CF-8540-1C3C67A6257D}] => (Allow) c:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{9C542656-2A1C-4826-AA10-B415E0ADB49E}] => (Allow) c:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{0663BDD2-7FF1-4118-97CB-7E0B31903A7D}] => (Allow) c:\program files\windowsapps\robloxcorporation.roblox_2.619.508.0_x64__55nm5eh3cm0pr\windows10universal.exe => No File

FirewallRules: [{3FC95727-9412-492C-AC13-3B0D460F8F46}] => (Allow) c:\program files\windowsapps\robloxcorporation.roblox_2.619.508.0_x64__55nm5eh3cm0pr\windows10universal.exe => No File

FirewallRules: [{005AD5B8-A467-451B-979C-F94ACDD8CC52}] => (Allow) c:\windows\system32\runtimebroker.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{406975C4-63A5-4797-99CA-277EE7B0EAD7}] => (Allow) c:\windows\system32\runtimebroker.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{F3308764-6839-4E6F-B8FE-414F98890F08}] => (Allow) c:\program files\windowsapps\microsoft.xboxgamingoverlay_7.124.3191.0_x64__8wekyb3d8bbwe\gamebar.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{F8EEE5F0-8E70-470D-8D3B-920FF599ECC7}] => (Allow) c:\program files\windowsapps\microsoft.xboxgamingoverlay_7.124.3191.0_x64__8wekyb3d8bbwe\gamebar.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{EB358050-F8A7-4F86-91F5-BA5EAD692C5B}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\ealaunchhelper.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{3BC88B86-7FC1-42D0-AC3C-E5737F0E91AC}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\ealaunchhelper.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{E2CA6A29-B8FA-4866-9AA4-32905F2B2B74}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\eabackgroundservice.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{D7D48236-788F-4F35-BB8A-834A82B63112}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\eabackgroundservice.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{9740D5D9-7A6B-4456-A082-A9704751D4D8}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\eadesktop.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{E762C285-BE0B-4A9F-8392-37E0D39E58D4}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\eadesktop.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{491B7F18-CD80-439D-8211-04D3CCE70002}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\eacefsubprocess.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{AA083A99-177B-4E07-BA98-949F95157F01}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\eacefsubprocess.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{59A353ED-4AF4-4BB2-AF54-99AE35C55EC7}] => (Allow) c:\windows\system32\backgroundtransferhost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{EC80382E-7670-4DF7-BC70-D7361588923C}] => (Allow) c:\windows\system32\backgroundtransferhost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{2ECAAB65-1CD1-418F-8126-FC0E4D7FC885}] => (Allow) c:\program files (x86)\google\update\googleupdate.exe => No File

FirewallRules: [{7D9F06DB-0366-4610-AF19-32B65F8711C6}] => (Allow) c:\program files (x86)\google\update\googleupdate.exe => No File

FirewallRules: [{9FE73FFC-645B-4D8D-A9E2-FDC057CAAE13}] => (Allow) c:\users\keyer_z86jbid\appdata\local\microsoft\onedrive\onedrive.exe => No File

FirewallRules: [{D72AAB6E-1B43-4031-BFAF-4A38A4233BD4}] => (Allow) c:\users\keyer_z86jbid\appdata\local\microsoft\onedrive\onedrive.exe => No File

FirewallRules: [{E89F3E72-76CF-411A-ACEA-D99FDBF2D4B7}] => (Allow) c:\program files\windowsapps\15191peakplayer.neatoffice_3.4.6.0_x64__y5c4dfz5b21fm\filewatcher\filewatcher.exe (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> )

FirewallRules: [{837AB7AA-31BD-4FAD-AE59-1B3798501CF1}] => (Allow) c:\program files\windowsapps\15191peakplayer.neatoffice_3.4.6.0_x64__y5c4dfz5b21fm\filewatcher\filewatcher.exe (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> )

FirewallRules: [{183E806F-E8DA-42EB-9723-5736BC42E912}] => (Allow) c:\program files\bonjour\mdnsresponder.exe => No File

FirewallRules: [{4247A2A8-18BF-4D16-A17E-AC8487AB077A}] => (Allow) c:\program files\bonjour\mdnsresponder.exe => No File

FirewallRules: [{32AAA263-D63F-442A-955B-1F890B576CCF}] => (Allow) c:\program files\windowsapps\microsoft.desktopappinstaller_1.22.10861.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe (Microsoft Corporation -> )

FirewallRules: [{90B3FA3B-BA04-484B-B77B-E744AD8F0C3B}] => (Allow) c:\program files\windowsapps\microsoft.desktopappinstaller_1.22.10861.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe (Microsoft Corporation -> )

FirewallRules: [{4B37C811-F3E0-42A8-B8D8-742AEB4CD888}] => (Allow) c:\program files\windowsapps\15191peakplayer.neatoffice_3.4.6.0_x64__y5c4dfz5b21fm\officeapp\officeapp.exe (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> )

FirewallRules: [{7AAE98A4-68A9-4782-8531-3133AE6C930F}] => (Allow) c:\program files\windowsapps\15191peakplayer.neatoffice_3.4.6.0_x64__y5c4dfz5b21fm\officeapp\officeapp.exe (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> )

FirewallRules: [{379E33C6-E0D8-4696-A9A7-A019E4270B10}] => (Allow) c:\program files\windowsapps\15191peakplayer.neatoffice_3.4.6.0_x64__y5c4dfz5b21fm\officeapp\apps\office\program\soffice.bin (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> admin)

FirewallRules: [{9362739D-A237-437C-A8A7-3B1C86E907DF}] => (Allow) c:\program files\windowsapps\15191peakplayer.neatoffice_3.4.6.0_x64__y5c4dfz5b21fm\officeapp\apps\office\program\soffice.bin (1539F157-3B11-4C68-B0C7-6E8113B7B1BD -> admin)

FirewallRules: [{7EE4FF51-BC6E-47C8-BCAD-4D691210B7C0}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\hxtsr.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{52206F22-CC53-41AE-99C0-4814E364817B}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\hxtsr.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{266176E0-358E-472C-9DF6-13C0C1502951}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.24022.87.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe => No File

FirewallRules: [{5EBA4563-FAD0-4F7A-B21C-F6DE3629C2C9}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.24022.87.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe => No File

FirewallRules: [{EE12CA8A-6CE1-4A78-B59E-683DC1D12536}] => (Allow) c:\program files\vs revo group\revo uninstaller pro\revouninpro.exe (VS Revo Group Ltd. -> VS Revo Group)

FirewallRules: [{486457A9-2064-4B1A-8DDB-435F9CE3419D}] => (Allow) c:\program files\vs revo group\revo uninstaller pro\revouninpro.exe (VS Revo Group Ltd. -> VS Revo Group)

FirewallRules: [{D9FFA738-9FE1-4E05-B521-DEC1B8169926}] => (Allow) c:\program files (x86)\apple software update\softwareupdate.exe => No File

FirewallRules: [{31CDDFE2-01B4-4F23-9F7B-14FDCD234A9D}] => (Allow) c:\program files (x86)\apple software update\softwareupdate.exe => No File

FirewallRules: [{4775CE44-B7B8-441C-9BBE-21B263D1B836}] => (Allow) c:\program files\windowsapps\microsoft.windowsstore_22402.1401.4.0_x64__8wekyb3d8bbwe\winstore.app.exe => No File

FirewallRules: [{E6212625-1642-45FA-A391-93E5EC5306DA}] => (Allow) c:\program files\windowsapps\microsoft.windowsstore_22402.1401.4.0_x64__8wekyb3d8bbwe\winstore.app.exe => No File

FirewallRules: [{EE5D8251-C6D1-4412-9639-1167A90134B5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{9F4C3F3D-C1DE-4E4B-A8AC-79CA3FACA93B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{4B7C0998-D777-46D4-8AB0-8D140F9376E7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{8E55BF8F-A754-4699-85DA-FCD551F4DE7B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{BB6CCEDC-5E5A-4E12-ACB1-9E9472E38CEA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{5A46EC56-308F-4CFC-A59A-D07EF91C664B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{4A4234AA-4FF6-428A-9AC9-1F46268032E1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{83512A7B-4904-4FFA-973D-AD13056FDC8A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{A9E109AD-1D37-4665-9B2C-A23C658D5CDF}] => (Allow) c:\program files\windowsapps\appleinc.itunes_12131.3.2010.0_x64__nzyj5cx40ttqa\itunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{C9849863-6490-46A1-B06D-CA587C089045}] => (Allow) c:\program files\windowsapps\appleinc.itunes_12131.3.2010.0_x64__nzyj5cx40ttqa\itunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{32E4F402-9E12-4C31-844B-DFF22C2B94CB}] => (Allow) c:\windows\system32\wermgr.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{8B35D454-8AD5-4E2E-A5D8-D35952C0D49B}] => (Allow) c:\windows\system32\wermgr.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{5260D184-C4A5-442F-85DD-7E6DD2220EC4}] => (Allow) c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{B6638317-E790-4163-8BBB-E59EC6EC0C0B}] => (Allow) c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4F1876EF-9D86-49DF-9D00-34915B6AA734}] => (Allow) c:\windows\system32\compattelrunner.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{EE14AD51-8722-4523-B7F5-C155379C1119}] => (Allow) c:\windows\system32\compattelrunner.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{781D579F-9E40-4FD7-8AA0-0879C1D7FA68}] => (Allow) c:\windows\system32\devicecensus.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{64B784CB-187E-43DB-B445-9E9C8F7146DE}] => (Allow) c:\windows\system32\devicecensus.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{700222D7-EB1F-4296-AB6F-85E5E299A7BC}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2024.11030.15001.0_x64__8wekyb3d8bbwe\photosapp.exe (Microsoft Corporation -> )

FirewallRules: [{E881AB17-519C-464D-9BAF-76A9FDE74AAC}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2024.11030.15001.0_x64__8wekyb3d8bbwe\photosapp.exe (Microsoft Corporation -> )

FirewallRules: [{C735438A-5B79-4E58-B37E-2F7250F0FD49}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{B4AB58C5-A452-4528-8A9E-41B5193E512D}] => (Allow) c:\windows\system32\apphostregistrationverifier.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{8CA5B79D-ABE7-4478-95C6-21669BA39A5A}] => (Allow) c:\windows\system32\mousocoreworker.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{428DADF2-0B25-4088-A6FF-DBCA0454763A}] => (Allow) c:\windows\system32\mousocoreworker.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{D3AC7FF7-F488-45D3-AB92-E9539DE8E673}] => (Allow) c:\windows\system32\sihclient.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{0009BDF7-EDDB-4BF4-AF4A-EBD534A7E1B0}] => (Allow) c:\windows\system32\sihclient.exe (Microsoft Windows Publisher -> Microsoft Corporation)

FirewallRules: [{DD20F17C-753B-49DF-A13A-0542EC832C5F}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\hxoutlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E0B00369-32BD-4F0F-BEDD-63DE5AC01BEF}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\hxoutlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{F898E2D1-4E47-4C69-BCA9-391D0E46EACC}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\hxcalendarappimm.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{3D9EADE0-9F9D-4CAE-923E-F88EDE3B6554}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\hxcalendarappimm.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4BF630A8-DE02-449E-985A-D162EE3F5555}] => (Allow) c:\program files (x86)\overwolf\0.243.1.1\overwolfcrashhandler.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{886CF3CF-2F80-4FBB-A4BC-45BD9B6913D9}] => (Allow) c:\program files (x86)\overwolf\0.243.1.1\overwolfcrashhandler.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{70BCEC61-BD1B-49AA-9B12-59E92591F4CD}] => (Allow) c:\program files (x86)\overwolf\overwolf.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{0E8B51BF-2347-42AE-A0EA-A9A6B7D22E2C}] => (Allow) c:\program files (x86)\overwolf\overwolf.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{F6F4C932-90A5-4889-8833-52D5303FCDE1}] => (Allow) c:\program files (x86)\overwolf\0.243.1.1\overwolfbrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{0B5EC2CC-5687-464A-9F6C-54893DAF4C8A}] => (Allow) c:\program files (x86)\overwolf\0.243.1.1\overwolfbrowser.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{E5B15092-8E91-4F46-B313-1A81131184D6}] => (Allow) c:\users\jade1\appdata\local\overwolf\extensions\ncfplpkmiejjaklknfnkgcpapnhkggmlcppckhcb\248.0.1\obs\bin\64bit\ow-obs.exe (Overwolf Ltd -> Overwolf)

FirewallRules: [{23AA6560-54C9-498D-835F-0DCD0382DD9D}] => (Allow) c:\users\jade1\appdata\local\overwolf\extensions\ncfplpkmiejjaklknfnkgcpapnhkggmlcppckhcb\248.0.1\obs\bin\64bit\ow-obs.exe (Overwolf Ltd -> Overwolf)

FirewallRules: [{E18C1211-78B3-4815-85CC-0B724E888E1B}] => (Allow) c:\users\jade1\appdata\local\overwolf\processcache\0.243.1.1\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{783BC202-CBC4-424D-8809-5986E4C75096}] => (Allow) c:\users\jade1\appdata\local\overwolf\processcache\0.243.1.1\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe (Overwolf Ltd -> Overwolf LTD)

FirewallRules: [{F28A6453-4EB4-4A01-AF1B-9316FA4E2025}] => (Allow) c:\program files\ruxim\ruximics.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{FA2159EE-D51B-4621-8A77-C72FB0629C75}] => (Allow) c:\program files\ruxim\ruximics.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{428BD5BD-9053-457D-8F6C-E2340DBB959F}] => (Allow) c:\users\nc2un\downloads\officesetup (1).exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{07EA3E89-2A6A-45C2-8CCD-5056A1D695DB}] => (Allow) c:\users\nc2un\downloads\officesetup (1).exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{98AEDD6D-675A-4462-9EC0-286647D4DD31}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{91805600-BABE-40C1-A736-B3105E68A93D}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{11C98070-7F6F-46A2-95FD-9F5EF185E5C0}] => (Allow) c:\program files\microsoft office\root\integration\integrator.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{53EAFF8C-110E-4E8E-8360-5A5F490B83CE}] => (Allow) c:\program files\microsoft office\root\integration\integrator.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{55A9629C-281F-4035-8206-2D81CEDFC306}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{6E2C8D88-666F-4481-8B4F-527D7D9D8099}] => (Allow) c:\program files\microsoft office\root\integration\addons\onedrivesetup.exe => No File

FirewallRules: [{B71EE22A-17D5-40DE-97E2-A030E3FB7C4E}] => (Allow) c:\program files\microsoft office\root\integration\addons\onedrivesetup.exe => No File

FirewallRules: [{EB15B8B3-4D4E-4B49-AF48-9C31A4B37886}] => (Allow) c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\olicenseheartbeat.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{9BAE567F-08B4-4D4C-8478-06E3ADFBDCE2}] => (Allow) c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\olicenseheartbeat.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CF393228-5649-4898-8363-227730D8C0FD}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{118B9923-FDC6-46DD-AA1F-CAAAB0E8D9A7}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{76E29747-BD20-4127-99BD-03FC417E65C9}] => (Allow) c:\program files\microsoft office\root\office16\mspub.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{5FEAFAB4-523B-4863-AC23-ABF30D0FAF8B}] => (Allow) c:\program files\microsoft office\root\office16\mspub.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{04C3EC03-9F58-4D8D-BFCF-B8C1D3B987B4}] => (Allow) c:\program files\windowsapps\microsoft.mspaint_6.2402.12017.0_x64__8wekyb3d8bbwe\paintstudio.view.exe (Microsoft Corporation -> )

FirewallRules: [{999B1CD3-9EA2-4F8E-B904-2AF050BB063A}] => (Allow) c:\program files\windowsapps\microsoft.mspaint_6.2402.12017.0_x64__8wekyb3d8bbwe\paintstudio.view.exe (Microsoft Corporation -> )

FirewallRules: [{7129F720-E7FC-450C-BE8A-7D051A3377F3}] => (Allow) c:\program files\microsoft office\root\office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{AD06650F-CC34-4C4E-A323-A9A252A09BF3}] => (Allow) c:\program files\microsoft office\root\office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4F55E59B-B622-46B4-AD65-B29041066E00}] => (Allow) c:\program files (x86)\microsoft onedrive\onedrivestandaloneupdater.exe => No File

FirewallRules: [{E54A5DE0-83C8-402A-A95C-E1529469AF35}] => (Allow) c:\program files (x86)\microsoft onedrive\onedrivestandaloneupdater.exe => No File

FirewallRules: [{F63DD9C2-F168-47D3-BFE7-FC02DA92E9AE}] => (Allow) c:\program files\windowsapps\microsoft.microsoft3dviewer_7.2401.29012.0_x64__8wekyb3d8bbwe\3dviewer.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{48D05B5B-9871-4E11-B734-C71F440062BC}] => (Allow) c:\program files\windowsapps\microsoft.microsoft3dviewer_7.2401.29012.0_x64__8wekyb3d8bbwe\3dviewer.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{A59D62DA-FA03-4B25-8B13-F6171DD5A3D0}] => (Allow) c:\program files\windowsapps\microsoft.outlookforwindows_1.2024.403.300_x64__8wekyb3d8bbwe\xpdagent.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{C71926DE-3A45-45E6-A17B-E1A8EC3BBFD3}] => (Allow) c:\program files\windowsapps\microsoft.outlookforwindows_1.2024.403.300_x64__8wekyb3d8bbwe\xpdagent.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{DA6953FD-5FCB-4EBE-8A56-F80032D4880D}] => (Allow) c:\program files\windowsapps\microsoft.outlookforwindows_1.2024.403.300_x64__8wekyb3d8bbwe\olk.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{4D27BB71-9B72-4DCE-8540-4E650BE2D692}] => (Allow) c:\program files\windowsapps\microsoft.outlookforwindows_1.2024.403.300_x64__8wekyb3d8bbwe\olk.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{1CE577E0-63A4-42EC-AD49-CCCD6DFA1173}] => (Allow) c:\windows\system32\wwahost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{CB618645-16D8-4B4A-AE3F-901A4F7135A3}] => (Allow) c:\windows\system32\wwahost.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{F608FEBB-2C7C-445B-98E6-BC99A27F7CD0}] => (Allow) c:\users\keyer_z86jbid\downloads\officesetup.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{910E5CA1-9953-4CF7-A84C-EFC30EAC2FEB}] => (Allow) c:\users\keyer_z86jbid\downloads\officesetup.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{B1B3A351-6561-4EF0-8297-4691F4B77F5C}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\onlineinteraction\73b2aa4f-faa6-4702-8d25-444947072c82_7f7a\defenderbootstrapper.exe => No File

FirewallRules: [{670F2FE2-57FD-4526-90F8-880364F9E5AE}] => (Allow) c:\program files\common files\microsoft shared\clicktorun\onlineinteraction\73b2aa4f-faa6-4702-8d25-444947072c82_7f7a\defenderbootstrapper.exe => No File

FirewallRules: [{467C0C69-38FC-4C74-B7CD-6A7AC2CD6E33}] => (Allow) c:\program files (x86)\microsoft onedrive\onedrive.exe => No File

FirewallRules: [{7D2FAFF0-2623-45DA-A786-B1C0BA7CE521}] => (Allow) c:\program files (x86)\microsoft onedrive\onedrive.exe => No File

FirewallRules: [{8F696BCB-D0B7-4443-8E1C-8C2297059DE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{ED3535F7-85AE-4B75-B601-9CF4D7FF83D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{74CB9A5F-8581-4A42-BE68-3BBBFC14D923}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{61CFFACB-FFDB-4881-9763-5ED82277CE4E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{C40A2811-845D-407E-BF32-47B27C50E9AA}] => (Allow) c:\windows\temp\mubstemp\bingchatinstaller.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{AD4457EE-5D53-41D4-9205-B9B92BDB1247}] => (Allow) c:\windows\temp\mubstemp\bingchatinstaller.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{9810ED51-0F88-4948-97F9-05A3D7B5EAC2}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamservice.exe (Malwarebytes Inc. -> Malwarebytes)

FirewallRules: [{CC4DE078-AB2F-498F-B170-94BCC9290FEB}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamservice.exe (Malwarebytes Inc. -> Malwarebytes)

FirewallRules: [{88FB069C-5556-4F64-B09B-B8561011859D}] => (Allow) c:\program files\malwarebytes\anti-malware\mbam.exe (Malwarebytes Inc. -> Malwarebytes)

FirewallRules: [{C438861B-BB17-4ADE-A5A7-120359D455B8}] => (Allow) c:\program files\malwarebytes\anti-malware\mbam.exe (Malwarebytes Inc. -> Malwarebytes)

FirewallRules: [{4A4C4873-0551-4C43-AD09-BD09C637B063}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamtray.exe (Malwarebytes Inc. -> Malwarebytes)

FirewallRules: [{354BE810-D62D-4856-A4EC-F94F364044C3}] => (Allow) c:\program files\malwarebytes\anti-malware\mbamtray.exe (Malwarebytes Inc. -> Malwarebytes)

FirewallRules: [{A71CB0D6-00E2-453E-95BE-47A8206465E8}] => (Allow) c:\users\nc2un\downloads\adwcleaner.exe (Malwarebytes Inc. -> Malwarebytes)

FirewallRules: [{78AA3C89-4235-41FD-BF08-010408A2563A}] => (Allow) c:\users\nc2un\downloads\adwcleaner.exe (Malwarebytes Inc. -> Malwarebytes)

FirewallRules: [{B2CE5BED-A6B8-463E-A6B2-DBDA610FE306}] => (Allow) c:\program files (x86)\microsoft onedrive\23.038.0219.0001\onedrivesetup.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{FD220202-EEC7-477B-A98D-7C235121CD31}] => (Allow) c:\program files (x86)\microsoft onedrive\23.038.0219.0001\onedrivesetup.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{45205055-0183-422C-A428-2DE442028F18}] => (Allow) c:\program files\windowsapps\microsoft.gamingservices_20.88.6001.0_x64__8wekyb3d8bbwe\gamingservices.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{995D0DA9-7A40-45B0-8B1A-858AC8BF2BDC}] => (Allow) c:\program files\windowsapps\microsoft.gamingservices_20.88.6001.0_x64__8wekyb3d8bbwe\gamingservices.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{60FD86EE-9D12-494C-AF76-E14FEDDDED83}] => (Allow) c:\program files (x86)\virustotaluploader2\virustotaluploader2.2.exe () [File not signed]

FirewallRules: [{8787931C-E021-4FB4-B275-DEEB648E24F5}] => (Allow) c:\program files (x86)\virustotaluploader2\virustotaluploader2.2.exe () [File not signed]

FirewallRules: [{B6919105-1366-4750-A38D-EBCDDC7A118F}] => (Allow) c:\windows\system32\wpctok.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{BCBA86E7-44CF-4EF6-93F8-5961D28E77D0}] => (Allow) c:\windows\system32\wpctok.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{4C64CD11-ABEC-4D6B-9F19-A9A8D611A6B9}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\eaupdater.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{0D9E68D9-952C-4CA0-BD55-C6C9CE6CCAB1}] => (Allow) c:\program files\electronic arts\ea desktop\ea desktop\eaupdater.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{2969C4BA-7993-412C-9089-22CFE0CC94CE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{1308330C-3AB1-4E5A-AB1B-913CC6EFAFEE}] => (Allow) c:\program files\hpprintscandoctor\hpprintscandoctorservice.exe => No File

FirewallRules: [{F054143F-66C0-4A48-93B3-6B203588561F}] => (Allow) c:\program files\hpprintscandoctor\hpprintscandoctorservice.exe => No File

FirewallRules: [{FB15840B-380C-4F69-A1BD-5A1810B7D5F7}] => (Allow) c:\program files\windowsapps\microsoft.windowsstore_22403.1401.2.0_x64__8wekyb3d8bbwe\winstore.app.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{36A9C827-FAD9-4043-99CF-85C286921C1B}] => (Allow) c:\program files\windowsapps\microsoft.windowsstore_22403.1401.2.0_x64__8wekyb3d8bbwe\winstore.app.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{DB92BB20-0CC9-488B-BDFD-2F6213BB963E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{EC3F407D-F902-4153-9C80-39B01F694D5D}] => (Allow) c:\program files\windowsapps\robloxcorporation.roblox_2.620.463.0_x64__55nm5eh3cm0pr\windows10universal.exe (6FEF9772-62F8-4C8B-8DE0-70F628846515 -> )

FirewallRules: [{C1671DF5-8126-4FD3-BF5F-911C8564A142}] => (Allow) c:\program files\windowsapps\robloxcorporation.roblox_2.620.463.0_x64__55nm5eh3cm0pr\windows10universal.exe (6FEF9772-62F8-4C8B-8DE0-70F628846515 -> )

FirewallRules: [{4797A965-10E5-4856-8450-4ABD71A72EA3}] => (Allow) c:\program files\windowsapps\56424roast247.winantivirus_1.0.0.0_neutral__tvnndvqfdvvsa\virustotal scan\virustotal scan.exe (8396A7AB-51BD-4D91-A614-0A503AF181D6 -> )

FirewallRules: [{FC265F38-B8BD-4B78-88E3-77FDF2F77E2F}] => (Allow) c:\program files\windowsapps\56424roast247.winantivirus_1.0.0.0_neutral__tvnndvqfdvvsa\virustotal scan\virustotal scan.exe (8396A7AB-51BD-4D91-A614-0A503AF181D6 -> )

FirewallRules: [{7422ECDE-77E9-4530-B86D-4180932AF4E9}] => (Allow) c:\program files\speccy\speccy64.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{C066780A-A06C-4081-B829-7BED0E4717C7}] => (Allow) c:\program files\speccy\speccy64.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{77A56738-3661-4516-AADA-A29BDBF9F008}] => (Allow) c:\program files\microsoft office\root\office16\powerpnt.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{9E547F1A-F6DC-4E64-9503-2E777C38423C}] => (Allow) c:\program files\microsoft office\root\office16\powerpnt.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{60C48A3F-6905-4E1B-858C-87EF9A8E67AE}] => (Allow) c:\program files (x86)\microsoft\edgewebview\application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{C3370841-3424-4A6D-AB6C-BABF4424A198}] => (Allow) c:\program files (x86)\microsoft\edgewebview\application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{5642AB07-8ED1-42A3-B33D-02D306DD3846}] => (Allow) c:\program files\microsoft office\root\office16\winword.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{58976092-0EE7-4FD5-9C79-225961908A27}] => (Allow) c:\program files\microsoft office\root\office16\winword.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E9EF4D65-0B24-4B64-87E8-B9C3BACFCE64}] => (Allow) c:\users\nc2un\desktop\frst64.exe (Farbar) [File not signed]

FirewallRules: [{3B82AE4B-5CF3-4E3C-AF18-DC056DEE8896}] => (Allow) c:\users\nc2un\desktop\frst64.exe (Farbar) [File not signed]

FirewallRules: [{06FEDBBD-7CCF-411F-9BAF-248830ECDBB4}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{10982DFB-A29A-4A6C-99AC-BE998C2E4B16}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{40014459-D288-45A7-9EB9-7E2C058EF9DA}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{732D7A50-8F8C-4427-A768-18DB140D7B96}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{B591B8A5-B068-4811-BEF6-7DC13F8F682B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{0E9F575E-0A08-4137-8953-A481E6E3DE1D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{A86F5904-DEC3-4F73-9E80-54E99E352171}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{09F7459A-E09F-46BA-8388-3B9974354D11}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{ED35CE6C-954C-406C-B6E6-B70C55D5648A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{E1E3DC9F-D2B9-439F-9AC9-2828C5F8E9C3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)

FirewallRules: [{2F9A4C08-2BFE-40BC-BC98-E9C184D8624C}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)

 

==================== Restore Points =========================

 

16-04-2024 06:21:46 Installed System Support Utility

16-04-2024 06:25:59 Removed System Support Utility

16-04-2024 06:26:46 Installed System Support Utility

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (04/15/2024 08:42:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)

Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. 

 

 DETAIL - Access is denied.

 

Error: (04/15/2024 08:42:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY)

Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This problem is often caused by services running as a user account. Try configuring services to run in either the LocalService or NetworkService account. 

 

 DETAIL - Access is denied.

 

Error: (04/15/2024 06:45:28 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program WinStore.App.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: 4008

 

Start Time: 01da8f8d9754e8e9

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_22403.1401.2.0_x64__8wekyb3d8bbwe\WinStore.App.exe

 

Report Id: fc6a0bf0-5c55-46d6-b88e-0d999be8895d

 

Faulting package full name: Microsoft.WindowsStore_22403.1401.2.0_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: App

 

Hang type: Navigation

 

Error: (04/13/2024 11:24:23 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (3416,R,98) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0070B.log.

 

Error: (04/13/2024 08:58:59 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program WinStore.App.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: 4a2c

 

Start Time: 01da8e0dea3818d6

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowsstore_22402.1401.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe

 

Report Id: 7a4791dc-d4d8-4189-9595-9f2a625e5362

 

Faulting package full name: Microsoft.WindowsStore_22402.1401.4.0_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: App

 

Hang type: Navigation

 

Error: (04/12/2024 05:48:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname BLUEZ9020.local already in use; will try BLUEZ9020-2.local instead

 

Error: (04/12/2024 05:48:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 BLUEZ9020.local. Addr 192.168.4.113

 

Error: (04/12/2024 05:48:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.4.113:5353   16 BLUEZ9020.local. AAAA FDB8:F790:F375:0001:4D7F:42A7:757C:0345

 

 

System errors:

=============

Error: (04/16/2024 06:26:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error: 

Unable to access a key.

 

Error: (04/16/2024 06:26:13 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.

 

Error: (04/16/2024 08:24:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error: 

The system cannot find the file specified.

 

Error: (04/16/2024 08:21:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

 

Error: (04/15/2024 11:56:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error: 

Unable to access a key.

 

Error: (04/15/2024 11:56:52 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.

 

Error: (04/15/2024 08:42:16 PM) (Source: DCOM) (EventID: 10005) (User: BLUEZ9020)

Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_2aae36b with arguments "Unavailable" in order to run the server:

Windows.Media.Capture.Internal.AppCaptureShell

 

Error: (04/15/2024 08:42:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The GameDVR and Broadcast User Service_2aae36b service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

 

Windows Defender:

================

Date: 2024-04-15 05:58:40

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-14 06:29:32

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-11 06:30:23

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-09 10:59:58

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2024-04-08 14:20:31

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Event[0]:

 

Date: 2024-04-13 23:24:26

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.

Security intelligence Attempted: Current

Error Code: 0x80070003

Error description: The system cannot find the path specified. 

Security intelligence Version: 0.0.0.0;0.0.0.0

Engine Version: 0.0.0.0

 

CodeIntegrity:

===============

Date: 2024-04-13 23:41:13

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

 

 

==================== Memory info =========================== 

 

BIOS: Dell Inc. A25 05/30/2019

Motherboard: Dell Inc. 00V62H

Processor: Intel® Core™ i5-4590 CPU @ 3.30GHz

Percentage of memory in use: 29%

Total physical RAM: 16292.2 MB

Available physical RAM: 11497.41 MB

Total Virtual: 17316.2 MB

Available Virtual: 12094.2 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:237.83 GB) (Free:54.7 GB) (Model: SAMSUNG MZ7LN256HCHP-000L7) NTFS

 

\\?\Volume{b77585c5-ac9e-4172-85bb-190e3816186a}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS

\\?\Volume{7a8f27dd-982f-4a43-b065-f55d8986eb69}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: C6B8F3BE)

 

Partition: GPT.

 

==================== End of Addition.txt =======================



#5 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 16 April 2024 - 07:42 PM

Welcome  :)
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.  :)

Let's begin... 

 

This Fix will empty the following folders:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns, please ask before running this fix.

The system will be rebooted after the fix has run.

  • Download the enclosed file Attached File  Fixlist.txt   23.94KB   2 downloads
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. If too large, use an online upload service and post the link. ww.wetransfer.com is a good site.

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

Edited by JSntgRvr, 16 April 2024 - 07:45 PM.

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#6 Delusionz

Delusionz
  • Topic Starter

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 17 April 2024 - 12:36 AM

fixlog.txt below. I will return with Dr Cure it as soon as I can.

 

Fixlog.txt

 

.

Same with Dr Web report: 

 

cureit.log


Edited by Delusionz, 17 April 2024 - 02:08 AM.


#7 Delusionz

Delusionz
  • Topic Starter

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 17 April 2024 - 03:07 AM

Current warnings: 

 

 



#8 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 17 April 2024 - 03:35 PM

There are no infected objects detected
 
What type of warnings are you receiving?

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#9 Delusionz

Delusionz
  • Topic Starter

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 18 April 2024 - 01:58 AM

(This event started out RARE - and now it is Non-stop all day)

It is now being joined by DNS Client Events and DCHP Client events.

However in the last 24 hours, since the fixlog, DHCP and DNS have stopped eventing

but this e1dexpress has continued to fault.

 

Warning 4/17/2024 11:26:41 AM e1dexpress 27 None

 

Error 4/17/2024 9:11:26 AM Kernel-EventTracing 2 Session

Session "Microsoft.Windows.WindowsUpdate.RUXIMLog" failed to start with the following error: 0xC0000035

 

Warning 4/17/2024 7:57:23 AM e1dexpress 27 None

 

Warning 4/16/2024 11:53:44 PM ESENT 636 General

qmgr.dll (8864,D,35) QmgrDatabaseInstance: Flush map file "C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm" will be deleted. Reason: ReadHdrFailed.

 

Warning 4/16/2024 11:53:44 PM ESENT 640 General

qmgr.dll (8864,D,35) QmgrDatabaseInstance: Error -1919 validating header page on flush map file "C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm". The flush map file will be invalidated. 

Additional information: [SignDbHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignFmHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignDbHdrFromFm:Create time:04/17/2024 04:40:52.537 Rand:3552735952 Computer:] [SignFmHdrFromFm:Create time:04/17/2024 04:40:52.537 Rand:2699245152 Computer

 

Warning 4/16/2024 11:38:31 PM WMI 63 None

A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Error 4/16/2024 11:38:29 PM WMI 4 None

Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\EN-US\WMPNETWK.MFL while recovering .MOF file marked with autorecover

 

Warning 4/16/2024 11:38:22 PM WMI 63 None

A provider, NetEventPacketCapture, has been registered in the Windows Management Instrumentation namespace root\standardcimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

 

If it helps you any, I still have a Mini Tool Box log from early on.

 

It boils down to this: 

 

I don't like letting Hypervisor run, and have always kept it from loading by removing the Windows features from my device. If I could prevent at least one of the following 4 items from being "yes", it would not automatically install Hypervisor. I suppose that's no longer the case..... 

 

Hyper-V - VM Monitor Mode Extensions Yes

Hyper-V - Second Level Address Translation Extensions Yes

Hyper-V - Virtualization Enabled in Firmware Yes

Hyper-V - Data Execution Protection Yes

 

I look at my system and it is not Windows 11 capable, and with support running out

I feel like i need to allow Windows it's most basic security measures for protection.

I forced a clean install to get my BIOS to boot properly in UEFI mode for the Secure Boot.

I also see that Kernal DMA protection is Off (unsecure?)

and that Virtualization Based Security is not enabled... ?

 

Core Isolation will not allow me to turn on Memory Integrity because of incompatible 

drivers on my Intel HD Graphics 4600, which ... by the way ... was assigned Windows Compatibility drivers..... that for some reason are not being allowed to load ==== and Windows is the one forcing that particular driver on me.

 

With Windows Security stopping before the Quick Scan completes every single day, Network Ethernet dropping constantly, Windows Update not able to install Updates, I'm just concerned that I'm rather vulnerable.

 

 

I really can't say much more than this, because the logs are gone now lol



#10 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 18 April 2024 - 11:09 AM

Disable Hipervisor:

 

How to Disable or Turn off Hyper-V in Windows 10 - Four Options (isunshare.com)

 

This Fix will empty the following folders:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns, please ask before running this fix.

The system will be rebooted after the fix has run.

  • Download the enclosed file Attached File  Fixlist.txt   16.49KB   3 downloads
  • Save it in the same location FRST64.exe is saved (FRSTEnglish.exe)
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. If too large, use an online upload service and post the link. ww.wetransfer.com is a good site.

 

Edited by JSntgRvr, 18 April 2024 - 11:11 AM.

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#11 Delusionz

Delusionz
  • Topic Starter

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 20 April 2024 - 12:51 PM

I'll have to check for the presence of Hypervisor since it isn't noted in the usual place on SysInfo. Thank you.

 

System if VERY slow since the reboot and I am so far unable to post the fixlog.txt without an error message asking whether I want to wait or exit the page... I've had to exit twice so far with no lock if I try to post the fixlog.txt.

 

I checked Event Viewer and have some complaints there lol.... mostly from Service Control Manager, DNS Client, ESENT, and WMI.



#12 Delusionz

Delusionz
  • Topic Starter

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 20 April 2024 - 12:57 PM

Wow! lol, What a trip. I was able to post a reply ---- without the fixlog.txt.

 

Tried to edit the post and add the fixlog.txt --- was a no go, so i canceled the edit.

 

It threw me out and I suppose it deleted my entire post.

 

I've uploaded fixlog to OneDrive, but OneDrive is acting a little crazy over it too and wanting access to my clipboard o.O

 

Fixlog.txt



#13 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 20 April 2024 - 05:09 PM

Repair or Reset Edge Legacy browser
 
Windows 10 allows you to reset or repair the Edge browser with a click via Settings. To do so:
  • Open the Start Menu and click on Settings. Next, under the Apps and features section, search for Microsoft Edge.
  • Now you may first select the Repair option if Edge is not working properly. When you repair Edge, your data will remain safe.
  • If this does not make any difference, you may select the Reset button. Windows will reset your Edge browser settings, keeping your Favorites intact – but you may lose other Edge data.

To update Edge, open the browser and click on the three dots on the upper right corner. Select Settings, then About Microsoft Edge. It should update inmediatelly.

 

See if that makes a difference and let me know.


No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#14 Delusionz

Delusionz
  • Topic Starter

  •  Avatar image
  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:30 PM

Posted 21 April 2024 - 12:09 AM

Great, thank you for your time and input. 

 

Couple other questions, going back to my original problem: 

 

Still have incompatible driver(s) regarding turning on Memory Integrity. Its actually the OEM graphics and the 

updated Graphics, which utilizes the exact same driver as the OEM, so its just one incompatible driver, Signed by Microsoft Windows Hardware Compatibility Publisher (invalid certificate). 

 

igdkmd64.sys

Intel Corporation

 

Device:                     Intel® HD Graphics 4600

Import date:              03/29/2024

Driver date:               10/28/2018

Driver version:           20.19.15.5063

Published name:        oem4.inf

 

 

 

igdkmd64.sys

Intel Corporation

 

Driver version:         20.19.15.5063

Product name:         Intel HD Graphics Drivers for Windows®

 

Intel HD Graphics Driver RESTART REQUIRED
This package contains the Intel HD graphics driver for 4th and 5th generation Intel processors. A graphics or video driver is the software that enables communication between the graphics card and the operating system, games, and applications. This update addresses the Intel security advisory INTEL-SA-00189. A security advisory is a statement when a security vulnerability impacts a product, and a remedy is available for the vulnerability.
Fixes & Enhancements
- Driver updates to address the Intel Security Advisory INTEL-SA-00189.
Version
20.19.15.5063, A08
Release date
17 Apr 2019
Download Type
Driver
Category
Video
Importance  RECOMMENDED
Dell Technologies recommends applying this update during your next scheduled update cycle. The update contains changes to maintain overall system health. It ensures that the system software remains current and compatible with other system modules (firmware, BIOS, drivers, and software) and may include other new features.
File Format:Update Package for MS Windows 32-Bit
File Name:Intel-HD-4000-and-5000-Series-Graphics-Driver_4KV26_WIN_20.19.15.5063_A08_03.EXE
File Size:213.09 MB
Format Description:
Dell Update Packages (DUP) in Microsoft Windows 32bit format have been designed to run on Microsoft Windows 64bit Operating Systems. Dell Update Packages (DUP) in Microsoft Windows 64bit format will only run on Microsoft Windows 64bit Operating Systems. When selecting a device driver update be sure to select the one that is appropriate for your operating system.
 Applies to
Intel Graphics HD, HD 4200/4400/4600/5000/5100/5200
Intel HD 4200/4400/4600/5000 Graphics
Intel HD, HD 4000/4200/4400/4600/5000/5100/5200 Graphics
Intel HD, HD 4200/4400/4600/5000 Graphics
Intel HD, HD 4200/4400/4600/5000/5100/5200 Graphics
 
Attached File  Intel HD Graphics 4600.png   17.97KB   0 downloads
 
Dev Mgr shows Date of 10/29/18 for the same exact version, but i know the updated driver was installed because both instances are what is keeping me from turning on Memory Integrity.
I need a workaround! Or a different, acceptable driver!
 
 
Next - Ethernet driver also seems to have reverted back to an earlier version than what I have applied updates for. Did your fixlist.txt  roll back all drivers to the original versions or something?
 
Intel PCIe Ethernet Network Driver RESTART REQUIRED
This package contains the Intel I2xx and 825xx PCIe Ethernet network driver. The Ethernet network driver helps the system to connect to a wired Internet connection.
Fixes & Enhancements
- Enhanced the security of the driver.
Version
24.1.0.0, A13
Release date
15 Nov 2019
Download Type
Driver
Category
Network, Ethernet & Wireless
Importance  CRITICAL
Dell Technologies highly recommends applying this important update as soon as possible. The update contains critical bug fixes and changes to improve functionality, reliability, and stability of your Dell system. It may also include security fixes and other feature enhancements.
File Format:Update Package for MS Windows 32-Bit
File Name:Intel-PCIe-Ethernet-Network-Driver_VP20T_WIN_24.1.0.0_A13_04.EXE
File Size:30.69 MB
Format Description:
Dell Update Packages (DUP) in Microsoft Windows 32bit format have been designed to run on Microsoft Windows 64bit Operating Systems. Dell Update Packages (DUP) in Microsoft Windows 64bit format will only run on Microsoft Windows 64bit Operating Systems. When selecting a device driver update be sure to select the one that is appropriate for your operating system.
 
- After you install the package, the Intel LAN driver version that is displayed in Device Manager is as follows:
I217, I218, and I219:
Windows 10: 12.18.9.10
Windows 7 and 8.1: 12.17.8.7
82579:
Windows 7, 8.1, and 10: 12.15.31.4
- LAN drivers take no more than 3 minutes to be installed on your system. You can install the updates in the background while using the system.

 

Note: when I originally installed this update (more than once) My Device Manager did indeed show the Version as noted above for windows 10.... but today, Device Manager says as below. 

 

 

Provider:         Intel 

Driver Date:     8/4/2015

Version:        12.13.17.4

 

 

++++++++++++++++++++++++++++++++++++++++++++++++

 

Last, but not least, In preparation for updating these items AGAIN, I checked for the Chipset drivers.... and Device Manager advises me that no drivers have been installed for this device.... Yet they have been!! 

 

And when I installed the Chipset Software/Drivers, I also allowed for the Intel ME Installer to be added.... however, I'm not even sure I needed this at ALL and would rather uninstall it....... since my Chipset isn't being found anyway??

 

Intel-Management-Engine-Components-Installer_4J8MX_WIN_11.7.0.1035_A00_08.EXE

File size

115.14 MB

Description

This package contains the driver for the Intel Management Engine Components Installer. This driver installs Intel Management Engine Interface, Serial Over LAN driver, Intel Management and Security Application Local Management Service, Intel Converged Security and Manageability Engine (CSME), Intel Management Engine Windows Management Instrumentation (WMI) provider, and Intel Capability Licensing Service Client. This update addresses the Intel Security Advisories INTEL-SA-00086 and INTEL-SA-00101. A security advisory is a statement when a security vulnerability impacts a product, and a remedy is available for the vulnerability.

Important Information

- This driver package supports both Enterprise and Consumer systems.
- The chipset driver must be installed before installing this update.   <<<<  Oh yeah? Well where did my Chipset Drivers GO??
To find the chipset driver, click This Device on the Drivers and Downloads page and select Chipset from the Category drop-down. If you are not on the Drivers and Downloads page, identify your product.

 

 

 

 


Edited by Delusionz, 21 April 2024 - 05:59 AM.


#15 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 21 April 2024 - 06:47 AM

Use Intel PC HelpSoft Driver Update to detect and install these devices automatically.

 

The best way to do this is to remove the device and software and allow intel scan and download corresponding drivers.

 

Let me know the outcome.


No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users