Computer running slow, cant download FRST

Hi jcol1227
 
I found this article which addresses the same symptoms you are experiencing when you initially power on your computer:

Why is SysMain Using So Much Disk CPU Memory
When analyzing program usage patterns, SysMain will sometimes overdo it and overtax the HDD. In some cases, the PC basically becomes unusable for the first 10-15 minutes after booting because it attempts to load too many programs at once.
Other reasons for high resource usage include running an application with faulty backend code, as addressed by Microsoft, or attempting to preload very large files (AAA game files, for instance).

The following fix will disable the SysMain services and should resolve the high disk usage when you start your computer.

• Highlight the text below in its entirety and press Ctrl-C to copy it to your clipboard:

Start::
CreateRestorePoint:
CloseProcesses:
cmd: sc config sysmain start=disabled & sc stop sysmain
cmd: sc queryex sysmain
End::

• Run FRST64
• Click on Fix
• When the fix completes, you will be asked to restart your computer
• Close all open windows and allow the restart
• When the restart has completed, Fixlog.txt will be placed onto your Desktop
• Copy and paste that file into your next reply to me

Next:

• Run FRST64
• Click on Scan
• When the scan completes, please copy and paste FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

• Fixlog.txt
• FRST.txt
• Addition.txt
• How is your computer performing now?

Let me know if you have any questions.

polskamachina

Edited by polskamachina, 07 April 2024 - 01:55 AM.

Hi jcol1227

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina

Hey poskamachina,

So, the system seems to be running worse now since the fix, staying at 100% disk usage for longer now. I took a few screenshots which you will find attached. There seems to be something called javascript node js, and Microsoft Phone Link that seem to be causing a lot of usage as well.

See below for requested logs:

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by Buckner Plumbing (10-04-2024 11:04:39) Run:9
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Loaded Profiles: Buckner Plumbing
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
cmd: sc config sysmain start=disabled & sc stop sysmain
cmd: sc queryex sysmain
End::
*****************

Restore point was successfully created.
Processes closed successfully.

========= sc config sysmain start=disabled & sc stop sysmain =========

[SC] ChangeServiceConfig SUCCESS

SERVICE_NAME: sysmain
        TYPE               : 30  WIN32  
        STATE              : 3  STOP_PENDING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x2710


========= End of CMD: =========


========= sc queryex sysmain =========


SERVICE_NAME: sysmain
        TYPE               : 30  WIN32  
        STATE              : 3  STOP_PENDING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x2710
        PID                : 1976
        FLAGS              :


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 11:07:14 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by Buckner Plumbing (administrator) on BP-LAPTOP (HP HP Notebook) (10-04-2024 11:19:42)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
Loaded Profiles: Buckner Plumbing
Platform: Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\js\node_modules\adobe-cr\build\Release\Adobe Crash Processor.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Dropbox, Inc -> ) C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4163_none_7e304ec47c735f2e\TiWorker.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(wuauclt.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.409.131.0.exe
(wuauclt.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2024-01-13] (Adobe Inc. -> )
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8578976 2024-03-30] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\Run: [MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp196: C:\Windows\System32\spool\prtprocs\x64\hpcpp196.dll [758000 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2024-01-13] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127728 2017-02-14] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310696 2017-02-14] (HP Inc. -> HP Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {62AD1D03-0261-436E-B90C-E9E0D5DF21C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {3320F785-E30C-490A-B83F-F9D74FB2A3A1} - System32\Tasks\Adobe Creative Cloud => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2024-01-13] (Adobe Inc. -> Adobe Inc.)
Task: {505703A0-6780-44E9-83F5-9132DAC01B04} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {363A5FD7-DDD4-46DA-9EAB-3B3429497F71} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {4A7C5211-7393-4C3E-8208-B4580CAA4171} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {F8022533-4096-4FC4-B348-6E3AA1BB9813} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {938E617C-282A-4726-B4F4-AA8A92A2581D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B4CCC76C-CE99-45A5-9013-0D69C8B119FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2024-02-01] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {CC3CD0DC-A784-4338-B339-942254500380} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-02-01] (HP Inc. -> HP Inc.)
Task: {2F51563F-40F9-4E39-AE48-CCF19A8DA49C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161264 2024-02-01] (HP Inc. -> HP Inc.)
Task: {36A8DDF7-B1D0-4A9A-A58C-B4DD9F8326CE} - System32\Tasks\HPEA3JOBS => C:\Program  -> Files\HP\HP ePrint\hpeprint.exe /CheckJobs
Task: {1B0FE210-9FCB-4890-B7F9-6C1BC2FF9C86} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D9C23DE-AD05-4AE3-AE03-5A5EBE91FF56} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {3596E3A8-C07F-4F58-98C5-CC64C21EA334} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221360 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA1F1D03-21AC-4351-845C-FC6786A50FC3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221360 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {442A5E67-2751-47C4-9F85-4D0F69394325} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [343240 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {6390E4D4-D0BB-4053-815B-1189B4FAAB26} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C803DEBF-D109-4263-B19C-3522A3428B68} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C77C2146-B72D-460D-B947-10E53303F81D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {67F0E93C-9B8C-45C7-9E78-8EFFE8624F9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF19AEF6-FA1F-4BE3-B818-32DCD77A5D51} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671136 2024-04-02] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {43B402A2-8DBE-45FD-B143-CF19A2E7C111} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1936981840-1978000543-3804904241-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [671136 2024-04-02] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {D0BCC693-0878-44E0-B7B1-F2C897B40F85} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {3EC0C88A-D0D9-4E7F-AEF2-A7DDB8721EF0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {F9BBC389-A626-4895-975D-D7925CB0414A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-06-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{418c7cc2-f2ba-413a-86bc-89e01001936f}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-23]
Edge Extension: (Google Docs Offline) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-09]
Edge Extension: (Edge relevant text changes) - C:\Users\Buckner Plumbing\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]

FireFox:
========
FF DefaultProfile: upx7vtdc.default
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\0sx8i1eu.default-release [2024-04-10]
FF DownloadDir: C:\Users\Buckner Plumbing\Downloads
FF ProfilePath: C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default [2024-03-25]
FF Notifications: Mozilla\Firefox\Profiles\upx7vtdc.default -> hxxps://spark.adobe.com
FF Extension: (Firefox All Aboard 1.6) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\@all-aboard-v1-6.xpi [2017-05-11] [Legacy]
FF Extension: (Adaware AdBlock) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2024-01-29]
FF Extension: (uBlock Origin) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-24]
FF Extension: (Block Site) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2020-10-08]
FF Extension: (Re-Pagination) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{6072cb90-a0bd-11da-a746-0800200c9a66}.xpi [2017-09-06] [Legacy]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Buckner Plumbing\AppData\Roaming\Mozilla\Firefox\Profiles\upx7vtdc.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-06-13] [Legacy]
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF Extension: (Firefox All Aboard 1.6) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\@all-aboard-v1-6 [2024-04-02] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @devicesoft.com/np_device_plugin -> C:\Users\Buckner Plumbing\AppData\Roaming\WebPlugins\DVR\npDvrSVideo.dll [2017-05-17] (npDvrSVideo) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-06-20] (Advanced Micro Devices, Inc. -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2024-01-13] (Adobe Inc. -> Adobe Inc.)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-10] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-03-29] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-01-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [891328 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [889896 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [886824 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [890408 2024-02-01] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-10 11:19 - 2024-04-10 11:26 - 000023487 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST.txt
2024-04-10 11:16 - 2024-04-10 11:16 - 000000000 ___HD C:\$WinREAgent
2024-04-10 11:04 - 2024-04-10 11:07 - 000001595 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Fixlog.txt
2024-04-08 17:40 - 2024-04-08 17:41 - 000000000 ___HD C:\adobeTemp
2024-04-08 12:37 - 2024-04-08 12:37 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2024-04-02 17:42 - 2024-04-05 14:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-03-29 14:53 - 2024-03-29 15:01 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-03-29 14:52 - 2024-03-29 15:02 - 000211902 _____ C:\WINDOWS\ntbtlog.txt
2024-03-25 15:15 - 2024-03-25 15:23 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Documents\Health Care
2024-03-25 14:03 - 2024-03-25 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2024-03-25 14:03 - 2024-03-25 14:03 - 000000000 ____D C:\Program Files\Speccy
2024-03-23 12:56 - 2024-04-10 11:04 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST-OlderVersion
2024-03-22 14:22 - 2024-03-22 15:17 - 000272836 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\Search.txt
2024-03-22 13:20 - 2024-04-10 11:17 - 000000000 ____D C:\Users\Buckner Plumbing\OneDrive\Desktop\Revo Uninstaller
2024-03-22 13:02 - 2024-03-22 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-03-22 13:02 - 2024-03-22 13:02 - 000000000 ____D C:\Program Files\VS Revo Group
2024-03-21 02:48 - 2024-03-21 02:48 - 000000506 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET_scan.txt
2024-03-20 20:06 - 2024-03-20 20:16 - 000001300 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:16 - 000001400 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-03-20 20:04 - 2024-03-20 20:04 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\ESET
2024-03-20 19:57 - 2024-03-20 19:57 - 008389496 _____ (ESET) C:\Users\Buckner Plumbing\OneDrive\Desktop\esetonlinescanner.exe
2024-03-20 19:52 - 2024-03-20 19:52 - 000008921 _____ C:\Users\Buckner Plumbing\OneDrive\Desktop\AdwCleaner[C00].txt
2024-03-20 19:45 - 2024-03-20 19:51 - 000000000 ____D C:\AdwCleaner
2024-03-20 19:44 - 2024-03-20 19:44 - 008790880 _____ (Malwarebytes) C:\Users\Buckner Plumbing\OneDrive\Desktop\adwcleaner.exe
2024-03-20 19:39 - 2024-03-20 19:39 - 000000000 ___HD C:\ProgramData\temp
2024-03-19 06:05 - 2024-04-10 11:23 - 000000000 ____D C:\FRST
2024-03-19 06:04 - 2024-04-10 11:04 - 002394112 _____ (Farbar) C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe
2024-03-14 15:56 - 2024-03-14 15:56 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-14 15:55 - 2024-03-14 15:55 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-11 11:48 - 2024-03-11 11:48 - 000248658 _____ C:\Users\Buckner Plumbing\Downloads\EligibilityResultsNotice.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-10 11:30 - 2024-01-13 20:11 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\com.adobe.dunamis
2024-04-10 11:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-10 11:27 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-10 11:18 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-10 11:16 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-10 11:10 - 2020-11-19 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-10 11:09 - 2021-05-02 11:40 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-10 11:08 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-10 11:08 - 2017-06-15 03:19 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-04-10 10:57 - 2020-11-19 03:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-08 16:04 - 2024-01-13 20:39 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-04-08 16:04 - 2021-05-02 12:17 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1936981840-1978000543-3804904241-1001
2024-04-08 16:04 - 2021-05-02 09:52 - 000002423 _____ C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-08 12:39 - 2021-05-02 12:17 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-08 12:38 - 2017-04-07 18:33 - 000000000 ____D C:\Program Files (x86)\Adobe
2024-04-08 12:38 - 2017-04-07 18:32 - 000000000 ____D C:\ProgramData\Adobe
2024-04-07 10:49 - 2017-04-15 02:00 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Word
2024-04-06 16:44 - 2020-11-19 03:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-06 16:44 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-06 16:39 - 2017-05-18 11:57 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-04-05 16:54 - 2024-02-24 17:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-05 14:01 - 2017-03-21 10:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-05 14:01 - 2017-01-10 05:57 - 000000000 ____D C:\ProgramData\Realtek
2024-04-04 15:56 - 2016-10-21 08:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-04-04 15:30 - 2020-11-19 03:32 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 15:30 - 2020-11-19 03:32 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-02 23:47 - 2017-03-21 10:37 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-02 12:34 - 2024-01-29 21:43 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-04-02 12:34 - 2024-01-29 21:43 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-03-30 12:01 - 2018-05-04 22:10 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\Packages
2024-03-29 15:20 - 2021-02-04 15:35 - 000000000 ____D C:\Program Files\Adobe
2024-03-29 15:17 - 2021-02-04 15:06 - 000000000 ___RD C:\Users\Buckner Plumbing\Creative Cloud Files
2024-03-29 15:16 - 2024-01-13 19:54 - 000003280 _____ C:\WINDOWS\system32\Tasks\Adobe Creative Cloud
2024-03-29 14:59 - 2017-08-25 15:21 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\ElevatedDiagnostics
2024-03-25 15:52 - 2021-02-04 15:20 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-03-23 12:57 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-03-23 12:57 - 2016-10-21 13:47 - 000000000 ___HD C:\hp
2024-03-22 13:24 - 2017-06-15 22:41 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Local\HP
2024-03-22 13:24 - 2017-06-15 03:20 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-22 13:19 - 2017-06-15 03:18 - 000000000 ____D C:\Program Files (x86)\HP
2024-03-22 13:19 - 2017-03-17 12:20 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\HP
2024-03-22 13:19 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\HP
2024-03-22 13:11 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-22 13:11 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-03-21 17:31 - 2016-10-21 08:33 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-03-21 17:21 - 2021-02-04 16:45 - 000000000 ____D C:\Program Files\ruxim
2024-03-20 19:51 - 2017-03-17 12:23 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\Roaming\Hewlett-Packard
2024-03-20 19:51 - 2016-10-21 08:34 - 000000000 ____D C:\Program Files (x86)\HP Inc
2024-03-20 19:51 - 2016-10-21 08:33 - 000000000 ____D C:\Program Files\HP
2024-03-20 19:51 - 2016-10-21 08:31 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-03-20 19:34 - 2017-05-05 20:22 - 000000000 ____D C:\Users\Buckner Plumbing\AppData\LocalLow\Temp
2024-03-18 12:18 - 2021-05-02 12:05 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-16 11:23 - 2020-11-19 03:30 - 000336168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-16 11:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-16 11:17 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-16 11:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-14 15:55 - 2020-11-19 03:32 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-03-14 14:45 - 2017-03-17 15:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-14 14:31 - 2017-03-17 15:32 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2017-03-17 12:19 - 2024-04-10 11:12 - 001405881 _____ () C:\Users\Buckner Plumbing\AppData\Local\BTServer.log
2018-10-26 12:52 - 2018-10-26 12:52 - 000000000 _____ () C:\Users\Buckner Plumbing\AppData\Local\oobelibMkey.log
2024-03-09 13:19 - 2024-03-09 13:19 - 000000017 _____ () C:\Users\Buckner Plumbing\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by Buckner Plumbing (10-04-2024 11:32:08)
Running from C:\Users\Buckner Plumbing\OneDrive\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4170 (X64) (2021-05-02 16:20:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1936981840-1978000543-3804904241-500 - Administrator - Disabled)
Buckner Plumbing (S-1-5-21-1936981840-1978000543-3804904241-1001 - Administrator - Enabled) => C:\Users\Buckner Plumbing
DefaultAccount (S-1-5-21-1936981840-1978000543-3804904241-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1936981840-1978000543-3804904241-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1936981840-1978000543-3804904241-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1936981840-1978000543-3804904241-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
ACP Application (HKLM\...\{FC5382F1-9A21-5071-E376-C401639D8227}) (Version: 2016.0809.2131.47 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 24.001.20643 - Adobe Systems Incorporated)
Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 23.001.20064 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.1.0.587.7 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_3) (Version: 24.3 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{870A7CB1-9CC6-98C6-0CFC-110F4E70395B}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0620.401.5401 - Advanced Micro Devices, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-67b4db76-3743-45bd-b82a-ec7c5e521b94) (Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.863.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FLIR Tools (HKLM-x32\...\{1E4B41AC-E594-4101-A677-FC23FA0BC0FE}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
FLIR Tools (HKLM-x32\...\{1f3093d4-5da7-4bb6-8e45-ef8f7ffb9b04}) (Version: 5.13.18031.2002 - FLIR Systems)
FLIR Tools English Documentation (HKLM-x32\...\{037C1BC6-8980-4C11-A648-62FD924256FD}) (Version: 5.13.18031.2002 - FLIR Systems) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{2CB12285-90BF-469F-B973-34495ABAF048}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{5C690381-6AF5-4374-B50C-02F0390E9980}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{D711D91A-127D-4A11-BA83-634868AD8016}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{EA274518-738D-4A48-A1CB-596173D4C6A2}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{03ED1397-7E72-4F6E-A0F0-2994A0A13421}) (Version: 5.2.20454 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{B9ADB0F9-459B-4E6B-A021-0F38C73FC060}) (Version: 5.2.20454 - HP Inc.) Hidden
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-cb7f0e76-9578-4ef3-b7a8-b96046b1ca07) (Version: 3.0.2.118 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 124.0.2 (x64 en-US)) (Version: 124.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-bb06e8c0-4b81-425c-804a-6267ade1aa0f) (Version: 1.1.2.4 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Runefall (HKLM-x32\...\WTA-18546825-9881-4edf-8e4e-c545a50bfc3f) (Version: 3.0.2.126 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-87ecc590-42a0-4281-9334-6cdc2fbd2c65) (Version: 3.0.2.51 - WildTangent) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WebPlugin version 1.0.1.323 (HKLM-x32\...\{70019763-8886-4723-AFD6-D920B0E2F4AE}_is1) (Version: 1.0.1.323 - DVR Soft.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
Windows Driver Package - SeeSnake (CXCVBS) Media  (10/01/2009 6.0.114.0) (HKLM\...\406A683F4E027049BD7ACBF3299A2FF13C802FFC) (Version: 10/01/2009 6.0.114.0 - SeeSnake)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

Packages:
=========

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-29] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2024-01-13] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-02-04] (Amazon.com)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-01-29] (Meta)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-03-17] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.33.28.0_x64__v10z8vjag6ke6 [2024-02-29] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-30] (Microsoft Corporation)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21001.0_x64__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2024-01-29] (Netflix, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-17] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-4AD7BFE68F30} -> [Creative Cloud Files] => C:\Users\Buckner Plumbing\Creative Cloud Files [2021-02-04 15:06]
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-08] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-08] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-08] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-08] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-18] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-20] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2024-04-08] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-18] (Adobe Inc. -> Adobe Systems Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [57344 2008-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square

==================== Loaded Modules (Whitelisted) =============

2016-06-15 04:36 - 2016-06-15 04:36 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2016-06-15 04:36 - 2016-06-15 04:36 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2016-10-21 08:37 - 2016-10-21 08:37 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2016-10-21 08:37 - 2016-10-21 08:37 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 00:14 - 2016-09-14 00:14 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> {3EB731EC-856E-45EE-8468-F26F4FD58DEE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1936981840-1978000543-3804904241-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-30] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3791
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1936981840-1978000543-3804904241-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKLM\...\StartupApproved\Run32: => "SeeSnakeHQUpdater"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1936981840-1978000543-3804904241-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_3C524E9FA40EF560AE6A5D7D0ECDB354"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{738AA787-A5B3-457C-A90D-82CA9720D8BB}] => (Allow) C:\ProgramData\FLIR Systems\FLIR Tools\Updates\FLIR Tools Updater.exe (FLIR Systems AB -> FLIR Systems)
FirewallRules: [{3016D91E-A4CE-46AC-BD0B-A790539EE6CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C5D89BF-2B7B-422C-8394-8E84767E22EC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6E8D63F-F43F-4A74-9579-A3BC6EB32FC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{19B35FA3-14D8-4DF8-8DDA-2FF5718DBA6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{221EB7E1-1BF2-4984-BC38-2F9C1A505842}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D0712CC8-4A8F-4219-9C4A-20A1FA18BF66}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A09E4E47-B373-4662-A9FB-00848FD03D0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3C0F766-80C8-48F0-8790-5ED0B69192C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E2F9E56-8481-47BD-8944-E0FB91443C58}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD374420-B398-493D-8F4B-8014EA18F582}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1137CCD9-B9D0-4859-8EDC-68DD8020D178}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F160D60D-E2DB-4DAE-BEB1-87BCD66F0F45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{494E55EC-909D-4711-BFA8-6FF0188C8BF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1BDDF4D-82F6-4758-8276-B31F926DA13E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D9BD41B-506D-4E99-9ED2-C362B96D62DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36385761-3028-47E4-A9E7-B82096F0335E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{897EC260-CB95-4462-9C9B-202D536F7B16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.114.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C65961B2-6A3F-46E2-8838-07BDCFE8D95E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

30-03-2024 12:04:13 Scheduled Checkpoint
08-04-2024 13:57:22 Scheduled Checkpoint
10-04-2024 11:04:49 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/10/2024 11:08:02 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..

Error: (04/10/2024 11:08:02 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (04/10/2024 11:08:02 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..

Error: (04/10/2024 11:08:02 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (04/10/2024 11:08:02 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..

Error: (04/10/2024 11:08:02 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..

Error: (04/10/2024 11:08:02 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (04/10/2024 11:08:02 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]


System errors:
=============
Error: (04/10/2024 11:29:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070050: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.409.177.0) - Current Channel (Broad).

Error: (04/10/2024 11:10:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The uhssvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/10/2024 11:10:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the uhssvc service to connect.

Error: (04/10/2024 11:07:59 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (04/10/2024 11:07:27 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (04/10/2024 11:07:24 AM) (Source: DCOM) (EventID: 10010) (User: BP-LAPTOP)
Description: The server Microsoft.Windows.StartMenuExperienceHost_10.0.19041.3636_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.

Error: (04/10/2024 11:07:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2024 11:07:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdaptiveSleepService service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
================
Date: 2024-04-08 16:02:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-07 16:02:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-06 16:57:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-04 15:50:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-04-02 15:57:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2024-04-10 11:29:24
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.409.131.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24030.4
Error code: 0x80070050
Error description: The file exists.

Date: 2024-03-29 15:01:25
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-29 14:53:09
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2024-03-29 14:51:18
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.407.804.0
Previous security intelligence Version: 1.407.748.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.24020.9
Previous Engine Version: 1.1.24020.9
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2024-03-29 14:51:18
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.407.804.0
Previous security intelligence Version: 1.407.748.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.24020.9
Previous Engine Version: 1.1.24020.9
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2024-03-22 13:00:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2024-03-21 18:17:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.21 10/27/2016
Motherboard: HP 81F9
Processor: AMD A10-9600P RADEON R5, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 50%
Total physical RAM: 7647.12 MB
Available physical RAM: 3793.05 MB
Total Virtual: 11999.12 MB
Available Virtual: 8191.17 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:824.79 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.65 GB) (Model: TOSHIBA MQ01ABD100) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7de8c6a7-9a55-438d-afb1-8e8177dab4fa}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.35 GB) NTFS
\\?\Volume{771c2074-a093-44da-aa77-3c96a07fbad7}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 395B16A8)

Partition: GPT.

==================== End of Addition.txt =======================

Hi jcol1227
 
Sorry to hear things are still not up to speed. Let's get some diagnostic numbers off of your hard disk.

• Download CrystalDiskMark and run the installer
• Launch the program
• The only setting you'll need to change is the number of passes it makes. It's the first setting on the left. Change the 1 via the drop down arrow to 3
• Click on All and the button will now say Stop
• The program will begin the test
• The test is completed when all eight boxes are filled in and the Stop button returns to its original state of All
• Go to File -> Save -> Image
• Attach the image in your next reply to me

Next:
 
We need to check your hard disk health with GSmartControl:

Please download gsmartcontrol and save it to your Desktop.

• Extract gsmartcontrol-0.8.7-win32.zip to a folder, double-click on gsmartcontrol.exe
• A list of hard drives will appear, single-click each disk to see Drive Information and identify your drive
  note: most machines will only have one or two entries, but an easy way to identify your drive is by its size.
• Double-click on the hard drive to see detailed Device Information
• Click on the Attributes tab, do you see any red or pink entries like the ones below? Please list the names in your next reply if there are any.
  
• Click on the Perform Tests tab
• Select Extended Self-Test and click Execute
  note: this test can take several hours to run
• Allow the test to complete, the results will be displayed at the bottom
• Please post the result of the scan in your next reply

In summary I will need from you:

• Attached Image results of your CrystalDiskMark scan
• Resluts of the gsmartcontrol test (red or pink entries?)

Let me know if you have any questions.
 
polskamachina

Hi jocol1227

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina

GSmartControl did not list any red or pink entries under the attributes tab. Please see attached for additional requested info.

Hi jcol1227

I compared your CrystalDiskMark numbers with my SSD. Though your drive is functioning the way it's intended, I think you would find upgrading to an SSD will give you a BIG boost in performance.This is something an intermediate to an advanced do-it-yourselfer can perform however it probably wouldn't make economical sense to pay someone else to do it. Or, you can stick with your original drive and just live with the occasional slowness.

One other thing you can try is checking the status of your Windows updates:

• Hold down the Windows flag key on tap the letter S
• Type Windows update in the search box and click on Windows update in the search results
• Check to see if an update(s) is in the process of being downloaded or installed. That can put a big load on your processing power and slow things to a crawl
• If this is the case, you'll just have to wait until the update completes before your machine is back to full speed

In summary I will need from you:

• Are you interested in upgrading your hard drive?
• What is the current status of your Windows Update?
• Is it actively installing or downloading an update?

Let me know if you have any questions.

polskamachina

Windows looks up to date with no current downloads running. I did get a notification about 2 days ago an update was ready to install, at which point I restarted and let the install run.

The current performance may be something I can live with for the time being since the high disk usage does seem to diminish after several minutes following restart/wake. But, if I do decide to update to SSD, do you have any recommendations and/or resources that might be helpful?

Thanks!

Hi jcol1227

But, if I do decide to update to SSD, do you have any recommendations and/or resources that might be helpful?

Is this a project you wanted to undertake yourself or are you going to take it to a computer repair shop?
 
polskamachina

It would be something I would comfortable performing myself.

Hi jcol1227

It would be something I would comfortable performing myself.

I will preface these instructions by saying that I am making the assumption that you know your way around the inside of a computer. Avoid wearing clothing that can build up static electricity. Any time you disassemble anything with electronics inside, there is always a risk that something unexpected may happen. Unplug the power cord/adapter and remove the battery from your computer before disassembly. The connector that connects your laptop's hard drive may involve removing a flexible film cable (FFC) from a zero insertion force socket (ZIF). This FFC and ZIF connector which it plugs into are VERY FRAGILE. Use the least amount of force to disconnect and reconnect them. Finally, I cannot be responsible for any bad outcomes. The risk is all yours. If you accept this risk then proceed, otherwise it wouldn't be that terrible to continue using your computer as it is now.
 
This is how I upgrade my computers with a new SSD:

• If any of these directions seem totally foreign to you then I would strongly advise against attempting this task without an expert assisting you or even better, let the expert do it.
• THE FIRST STEP IS TO BACKUP ALL OF YOUR DATA (It's better to be safe than sorry)
• Purchase an Internal, 2.5 inch, 1 TB, SATA, SSD drive (I've had good luck with Samsung but there are many name brands that are less expensive)
• I would use Youtube as a guide for disassembly of your laptop. Note: You should use a spudger tool to pry apart the case after the screws have been removed. If you don't have a spudger tool, an old plastic credit card may (but not necessarily) be a good substitute
• IF you have a desktop computer at your disposal which has a full size tower case with a motherboard that has two additional SATA ports, you can install your old drive and your new drive into that computer and clone it all in one shot (The transfer speed will be faster than using a USB port on your laptop)
• If you don't have a desktop computer, you'll need a SATA to USB adapter to connect the SSD to your computer. Using this method will result in a slower transfer speed.
• You can use the free software  EASEUS Todo Backup or DiskGenius to perform the Clone Disk operation.
• Make sure you double and triple check that your source drive is the old drive and the target drive is the new SSD drive before starting the clone operation
• I would accept all the default or recommended options with regards to the cloning process
• After the disk clone completes, compare the SSD's partitions with your old drive. The partitions MUST be in the same order or your new drive may not boot. If both drives are the same size, 1 TB, then this shouldn't be a problem
• Install the new drive into your laptop
• Assuming the SSD boots OK make sure that the scheduled derfrag operation is turned OFF.
• Store your old drive in safe place (I save mine in the box the new drive came in) as you may need it if the clone operation failed

In summary I will need from you:

• Good news that your new drive is up and running

Good luck.
 
polskamachina

Thanks for the advice and all your help during this thread! If/when I decide to update to an SSD, I will let you know how it goes. Btw, I was just wondering...I know you said you are in California but are you originally from Poland? I ask because I used to live there and its a great country!

Thanks again, and all the best!

Hi jcol1227

My ancestry goes back to Poland but I was born in the U.S. I heard a little bit of Polish spoken when we visited nearby relatives and somewhere along the line, I heard the "word" polskamachina (phonetically spelled).. I'm not exactly sure what it means but I do like working with machines and I was pleased to find that it was always available as a username when I ran out of "normal" names. Unfortunately, I've never visited Europe but who knows, maybe some day....

Please keep me posted about your SSD decision.

polskamachina

Hi jcol1227,
 
Your computer appears to be all clean.
 
Please continue with the following steps that will remove all the diagnostic tools you used to scan and clean your system.

• Download KpRm by Kernel-Panik and save it to your desktop
• Right-click kprm_2.9.3.exe and select Run as Administrator
• Read and accept the disclaimer
• When the tool opens, ensure all boxes under Actions are checked
• Under Delete quarantines select Delete now, then click Run
• Once complete, click OK.
• A log will open in Notepad named kprm-(date).txt.
• Please copy and paste the contents of that file into your next reply to me

Let me know if you have any questions.
 
polskamachina

# Run at 04/20/24 8:32:24 PM
# KpRm (Kernel-panik) version 2.17.0
# Website https://kernel-panik.me/tool/kprm/
# Run by Buckner Plumbing from C:\Users\Buckner Plumbing\OneDrive\Desktop
# Computer Name: BP-LAPTOP
# OS: Windows 10 X64 (19045) (10.0.19045.4291)
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines

- Create Registry Backup -

   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\Buckner Plumbing\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2024-04-20-20-32-23

- Delete Tools -


  ## AdwCleaner
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\adwcleaner.exe deleted
     [OK] C:\AdwCleaner deleted

  ## ESET Online Scanner
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\esetonlinescanner.exe deleted
     [OK] C:\Users\Buckner Plumbing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
     [OK] C:\Users\Buckner Plumbing\AppData\Local\ESET\ESETOnlineScanner deleted

  ## FRST
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\Addition.txt deleted
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\Fixlog.txt deleted
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST.txt deleted
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\FRST64.exe deleted
     [OK] C:\Users\Buckner Plumbing\OneDrive\Desktop\Search.txt deleted
     [OK] C:\FRST deleted

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Scheduled Checkpoint created at 03/30/2024 16:04:13 deleted
   ~ [OK] RP named Scheduled Checkpoint created at 04/08/2024 17:57:22 deleted
   ~ [OK] RP named Restore Point Created by FRST created at 04/10/2024 15:04:49 deleted
   ~ [OK] RP named Windows Modules Installer created at 04/10/2024 16:25:45 deleted
   ~ [OK] RP named Windows Modules Installer created at 04/10/2024 17:06:22 deleted
   ~ [OK] RP named Scheduled Checkpoint created at 04/17/2024 18:21:41 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ [I] RP named KpRm created at 04/21/2024 00:37:56

-- KPRM finished in 578.00s --




 

Edited by jcol1227, 20 April 2024 - 07:42 PM.