Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

Weird activities (even after cloud reset); changes to policies, users, reg, etc.

Started by Naps284 , Sep 12 2023 01:38 AM

  • Please log in to reply
28 replies to this topic

#1 Naps284

Naps284

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 12 September 2023 - 01:38 AM

So, I recently started seeing noticing weird stuff happening on my laptop (W11). These include for example changes to policies, user privileges, firewall rules, registry entries, and more.
I can't tell for sure which of the things I found is really suspicious, since I don't understand this stuff enough. 

I had recently lost my laptop, and after almost two weeks I gave up trying to find it. Then a store clerk texted me that they had found it (since almost two weeks). Apparently, they kept it behind the counter and were waiting for whoever lost it to come pick it up. He lastly contacted me, since had had found a letter with my contact information inside the briefcase. I immediately went there to pick it up.

The days following, I noticed some weird behaviors, so I opened the event viewer to have a look, and I found weird stuff.
 

 
So, I lost my laptop on 10.08.2023 and "found" it on 22.08.2023.
What is weird is that I had a few events on 19.08.2023.
The ones that looked weird to me, were something regarding logins, one with ID 4624 (Logon) and one with ID 4672 (Special Logon). I also saw other weird events with that date, but I can't really tell which are suspicious and which are just normal stuff.
Anyways, I attached two text files with two of those events (as examples).
 
Then, I then found events related to security privileges, registry changes and other stuff. For example, an event with ID: 16394, on the same day as the other ones (also this one is attached as txt).

Also, in the following days I noticed that events regarding Powershell activity started appearing (startup, commands sent, shutdown...). They kept repeating many times at irregular intervals (often when I was not at the pc).


After attempting various fixes (?) I decided to perform a cloud reset, just to be sure.
After completing the reset and initial setup I kept an eye on the Event Viewer and noticed after a few days that "weird" stuff was still happening. Right after the reset, events like the ones mentioned above (and more) kept appearing. Also, there seem to be some unusual rules in Windows Firewall (or rules that seem to have abnormal settings).


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2023
Ran by Nathan (administrator) on NAPS-LEGION5 (LENOVO 82B5) (12-09-2023 08:10:48)
Running from C:\Users\Nathan\Desktop\Bleeping computer forum help\FRST\FRST64.exe
Loaded Profiles: Nathan
Platform: Microsoft Windows 11 Home Version 23H2 22631.2199 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avpui.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 23.1\kpm_service.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 23.1\kpm.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoGamingSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe ->) (STARDOCK SYSTEMS, INC. -> Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start11\Start11_64.exe <2>
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.24200.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe <14>
(cmd.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\plugins_nms.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0359763.inf_amd64_cbe903b159d3b969\B359805\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0359763.inf_amd64_cbe903b159d3b969\B359805\atieclxx.exe
(explorer.exe ->) (STARDOCK SYSTEMS, INC. -> Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start11\S11Search64.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.14\ksdeui.exe
(Lenovo -> Lenovo) C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <39>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0359763.inf_amd64_cbe903b159d3b969\B359805\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe <2>
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 23.1\kpm_service.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.14\ksde.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe
(services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_a3be7e3b09033125\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (STARDOCK SYSTEMS, INC. -> Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2335.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_11.2306.22.0_x64__8wekyb3d8bbwe\Time.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.24200.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UtcDecoderHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1082672 2020-06-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18725336 2022-05-12] (Logitech Inc -> Logitech Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586040 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\Run: [MicrosoftEdgeAutoLaunch_89A8A90E86A1213AD36B675879214C30] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108344 2023-09-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41584544 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\Run: [LenovoVantage] => C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.35\LenovoVantage.exe [23976 2023-06-14] (Lenovo -> Lenovo)
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe [108456 2023-06-29] (Lenovo -> Lenovo)
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [44161792 2023-09-04] (Logitech Inc -> Logitech, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.182\Installer\chrmstp.exe [2023-09-11] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {8335BD27-4A3D-4A81-A844-BB3268F578DC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {A45A7C0C-AE71-4B92-8BCB-64ED21B1D745} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "efd0bda4-a99f-4d63-bfff-2b0f1ac63c27" --version "6.15.10623" --silent
Task: {00F2912C-42EA-4347-B056-DEAF064214D7} - System32\Tasks\CCleanerSkipUAC - Nathan => C:\Program Files\CCleaner\CCleaner.exe [34687904 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {8BA4ECBE-D380-4BA6-A733-9AEDF3CCA618} - System32\Tasks\GoogleUpdateTaskMachineCore{2F8F568B-09EF-41AF-9F09-DF1F029230AA} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-11] (Google LLC -> Google LLC)
Task: {0BA5AF57-F299-4B78-ABA7-6C3A6BDB0C2C} - System32\Tasks\GoogleUpdateTaskMachineUA{815BF1FD-D721-443D-9277-CC03815F6F14} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-11] (Google LLC -> Google LLC)
Task: {E688DA44-97EF-4ADD-AFD8-E0666499F276} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [726272 2023-09-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {F3E6261C-3FBD-4458-81EC-CCBFBABC1710} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {4A9B24A9-E8CB-4ADB-A495-923DD5A08A88} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {44101791-B47C-47E1-8681-06B9EF0039E1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [102400 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {D2273689-049A-4DFA-AE45-C45BA11A3554} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0cd48056-a639-4adc-b0e1-76ae638db8f1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {61940617-1520-4AB4-894C-FE4F866CF460} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4a925b01-f714-4a31-93be-c72d11d08575 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8DCF94AA-DC30-4571-8E52-10192806FEF2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b063d3de-d9f8-4550-abe2-a6f68c465c59 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {C8B52414-8D42-4C49-989E-6B838FC4F875} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d62db9c4-39cc-4c48-a438-ebb5168789be => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {914D0E9F-431C-4E89-B472-AB9FEDC8E9F5} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {840722D7-C5F1-40B9-8956-7D39EF592B19} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {12497007-AD2D-4871-999D-CA914BF13803} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {71AF8222-231E-468C-8596-77D35803BB9F} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {ACA695D4-BBDC-49DC-8769-E7F1034D68DC} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0D44BCCB-FC1D-46B3-8A22-0BE882C5B9BB} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {BD85525B-0BF1-4A1E-B0A8-BFE965CED2C3} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {754DD0BF-D3D5-4561-AD06-D73EB8ECFCC8} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {A77F383F-366B-4579-B8F1-930E06BB5860} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {97A848AF-FF8E-4339-93EA-CC52674025FB} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {7053B3BE-8682-4BC9-9B87-93ECF9243EC6} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {FF0CF741-F8B1-49D0-A756-D90054F044DB} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {37D237F9-3E0D-4267-ABC7-0726A55139EA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A55A48E9-DBD5-46AB-AB57-BD020788825E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {298FB23C-B412-4043-89EC-A18DFBF955D7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {6854BBB1-D8BB-4781-82B1-7AC077DAE88E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {50692002-3397-4896-B9B7-CD4DF07A7EDC} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {8804F7D8-4ADF-4E5A-B5EC-19FB36B82D51} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1271288 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A74ED1D-AAF0-4AAF-8055-D1E146A70289} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {072733A6-521F-4087-85AC-554245381448} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {1552602A-7747-4418-9DA0-BE2B3F5D1640} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A68BFA88-A8B7-450E-9ED3-5C6D99B1EA86} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3293168 2020-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BB77650E-2449-4C78-BA74-3BEE50B2158A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0A19A9F6-6B4F-4B16-9996-7855BDF10173} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1183EA6C-EC7E-468E-A48B-D01AB2DF5224} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {69A7CD59-EDAC-40C9-B73E-A63E7023DC60} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D3BEF9B0-5591-4B58-99A2-DABD94AB4EAE} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B740222D-CA01-455B-9B23-88B695ADBD76} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97FDB880-F071-43A4-9FEE-D0F17B456703} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4822160-A1B6-4A3A-AF13-E20987C0B852} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130720 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD424A4D-7541-4CDA-ACDB-D2BD9349849D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-739449780-1690936981-217154247-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130720 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{111d4773-4ea0-438a-be1f-0eb329ce03f1}: [DhcpNameServer] 150.204.1.2
Tcpip\..\Interfaces\{5e3eca71-2628-4eeb-b5de-b897f93a882c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c89ff254-e606-4b3c-831f-458058e56e9c}: [NameServer] 198.51.100.1,198.51.100.2
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-12]
Edge Extension: (Kaspersky Protection) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2023-09-11]
Edge Extension: (Ground News - Bias Checker) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cfnmjcnjieklbbicccoabdpjclifkpnk [2023-08-30]
Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-09-11]
Edge Extension: (HARPA AI | Automation Agent with Claude & GPT) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eanggfilgoajaocelnaflolkadkeghjp [2023-08-30]
Edge Extension: (MetaMask) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2023-09-11]
Edge Extension: (Google Scholar Button) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fciokoalnclhnonofghacdplgpafdcgl [2023-09-11]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2023-09-11]
Edge Extension: (Wayback Machine) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2023-08-30]
Edge Extension: (Workona Spaces & Tab Manager) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gdfnelpciiajgjenlapgkdcjpcfpfpob [2023-09-11]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2023-08-30]
Edge Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2023-08-30]
Edge Extension: (Bitwarden - Free Password Manager) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2023-09-11]
Edge Extension: (MEGA) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jemjknhgpjaacbghpdhgchbgccbpkkgf [2023-09-11]
Edge Extension: (Edge relevant text changes) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-30]
Edge Extension: (Google Keep Chrome Extension) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2023-09-11]
Edge Extension: (All Video Downloader professional) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbpnbnogejaolbhfpfgagldkeahefbhd [2023-09-06]
Edge Extension: (All-in-One ChatGPT Copilot for Web: HIX.AI) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\njggknpmkjapgklcfhaiigafiiebpchm [2023-09-06]
Edge Profile: C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-09-12]
Edge Extension: (Video Downloader Plus) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cnbnfjhmdaflilgadocmfindhmcfpfnc [2023-08-31]
Edge Extension: (History Stats) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\dlekgeekgnjhjgmnnlhlgopmeckdjlel [2023-08-31]
Edge Extension: (Simple History Manager) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\igdedjplfplcnjadndfonimkmfjgfdjd [2023-08-31]
Edge Extension: (WOT Website Security & Privacy Protection) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\iiclaphjclecagpkkaacljnpcppnoibi [2023-08-31]
Edge Extension: (TinEye Reverse Image Search) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\immelfdfeiibcohphgicgbpcpebmogji [2023-08-31]
Edge Extension: (MEGA) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jemjknhgpjaacbghpdhgchbgccbpkkgf [2023-09-11]
Edge Extension: (Edge relevant text changes) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-31]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2023-09-11]
Edge Extension: (Video LR mirror) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\pphhglinlapdiefcikbkhcpkhbkfoahl [2023-08-31]
Edge Profile: C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2023-09-12]
Edge Extension: (Edge relevant text changes) - C:\Users\Nathan\AppData\Local\Microsoft\Edge\User Data\Profile 2\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-06]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default [2023-09-12]
CHR Extension: (JONI) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakppiadmnaeffmjijolmgmkcfhpglbh [2023-09-12]
CHR Extension: (Blueticks) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgnjhngogijkkppficiiepmjebijinl [2023-09-11]
CHR Extension: (Workona Spaces & Tab Manager) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ailcmbgekjpnablpdkmaaccecekgdhlh [2023-09-11]
CHR Extension: (DuckDuckGo) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-09-11]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-09-11]
CHR Extension: (Eazybe: Best WhatsApp™ Web CRM with ChatGPT) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgficggccelgifppbcaepjdkklfcefd [2023-09-11]
CHR Extension: (True Key™ by McAfee) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpaibbcbodhimfnjnakiidgbpiehfgci [2023-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-11]
CHR Extension: (The West) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm [2023-09-11]
CHR Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2023-09-11]
CHR Extension: (Google Scholar Button) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2023-09-11]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2023-09-11]
CHR Extension: (Workona New Tab) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mccohdmggonaiebbkliphakblbbfofck [2023-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-11]
CHR Extension: (Bitwarden - Free Password Manager) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2023-09-11]
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-11]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP21.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe [32008 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1074080 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817440 2023-08-19] (Microsoft Corporation -> Microsoft Corporation)
S3 CloudBackupRestoreSvc; C:\WINDOWS\System32\CloudRestoreLauncher.dll [1204224 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe [1928648 2020-05-19] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncHelper.exe [3511824 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [390400 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
S3 klvssbridge64_21.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\vssbridge64.exe [503544 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 kpm_service_23.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 23.1\kpm_service.exe [520960 2023-07-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.14\ksde.exe [32008 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe [295904 2023-08-17] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10676992 2023-09-04] (Logitech Inc -> Logitech, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206808 2022-05-12] (Logitech Inc -> Logitech Inc.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.184.0903.0001\OneDriveUpdaterService.exe [3848608 2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
R2 Start11; C:\Program Files (x86)\Stardock\Start11\Start11Srv.exe [250304 2023-07-18] (STARDOCK SYSTEMS, INC. -> Stardock Software, Inc)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_a3be7e3b09033125\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_a3be7e3b09033125\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [84640 2023-03-21] (Microsoft Windows Hardware Compatibility Publisher -> wch.cn)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243336 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [120416 2020-02-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2022-10-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [63696 2022-10-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 FBNetFilter; C:\WINDOWS\System32\drivers\FBNetFlt.sys [64832 2021-08-26] (LENOVO (UNITED STATES) INC. -> Lenovo Group Ltd.)
S3 HWHandSet; C:\WINDOWS\System32\drivers\hw_quusbmdm.sys [226560 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\WINDOWS\System32\drivers\hw_cdcacm.sys [127360 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\WINDOWS\System32\drivers\hw_usbdev.sys [116864 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 klbackupdisk.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klbackupdisk.sys [110312 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt.Kaspersky4Win-21-14; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-14\klbackupflt.sys [245024 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\kldisk.sys [128288 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2023-07-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klflt.sys [550664 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse.Kaspersky4Win-21-14; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-14\klgse.sys [738824 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klhk.sys [1822752 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids.Kaspersky4Win-21-14; C:\ProgramData\Kaspersky Lab\AVP21.14\Bases\klids.sys [235704 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF.Kaspersky4Win-21-14; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-14\klif.sys [1187592 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [99624 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klkbdflt.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klkbdflt.sys [121584 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klmouflt.sys [117992 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd.Kaspersky4Win-21-14; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-14\klpd.sys [81176 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klpnpflt.sys [107240 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 kltun; C:\WINDOWS\system32\DRIVERS\kltun.sys [86760 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_Kaspersky4Win-21-14_arkmon; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-14_arkmon.sys [369432 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_Kaspersky4Win-21-14_klark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-14_klark.sys [351912 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_Kaspersky4Win-21-14_klbg; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-14_klbg.sys [179816 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_Kaspersky4Win-21-14_mark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-14_mark.sys [260512 2023-09-06] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klwfp.sys [182008 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klwtp.sys [428784 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\kneps.sys [352504 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R4 LenovoDiagnosticsDriver; C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\3.0.0.24\LenovoDiagnosticsDriver.sys [53240 2023-06-15] (Lenovo -> Lenovo Group Limited ®)
R3 LGBusEnum; C:\WINDOWS\system32\drivers\LGBusEnum64.sys [46264 2022-05-12] (Logitech Inc -> Logitech Inc.)
S3 LGJoyHidFilter; C:\WINDOWS\System32\drivers\LGJoyHidFilter64.sys [67768 2022-05-12] (Logitech Inc -> Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\System32\drivers\LGJoyHidLo64.sys [54456 2022-05-12] (Logitech Inc -> Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore64.sys [76480 2022-05-12] (Logitech Inc -> Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2022-05-12] (Logitech -> Logitech Inc.)
S3 LGSUsbFilt; C:\WINDOWS\System32\drivers\LGSUsbFilt.Sys [41752 2022-05-12] (Logitech -> Logitech Inc.)
S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid64.sys [34496 2022-05-12] (Logitech Inc -> Logitech Inc.)
S3 logi_generic_hid_filter; C:\WINDOWS\system32\drivers\logi_generic_hid_filter.sys [62288 2023-04-04] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2023-04-04] (Logitech Inc -> Logitech)
S3 logi_joy_hid_filter; C:\WINDOWS\system32\drivers\logi_joy_hid_filter.sys [63824 2023-04-04] (Logitech Inc -> Logitech)
S3 logi_joy_hid_lo; C:\WINDOWS\system32\drivers\logi_joy_hid_lo.sys [51536 2023-04-04] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-22] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2023-04-04] (Logitech Inc -> Logitech)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [11776 2022-03-31] (Microsoft Windows Hardware Compatibility Publisher -> HandSet Incorporated)
S3 motccgp; C:\WINDOWS\System32\drivers\motccgp.sys [21376 2022-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Mobility Inc)
S3 MotoSwitchService; C:\WINDOWS\System32\drivers\motswch.sys [6656 2022-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 PSKTBUS; C:\WINDOWS\System32\drivers\PSKTBUS.sys [105528 2022-03-31] (Pantech Inc. -> DEVGURU Co., LTD.)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
S3 shu0bus; C:\WINDOWS\System32\drivers\shu0bus.sys [159816 2022-03-31] (MCCI Corporation -> MCCI)
S3 ssaebus; C:\WINDOWS\System32\drivers\ssaebus.sys [136264 2022-03-31] (MCCI Corporation -> MCCI Corporation)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [76832 2022-09-30] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> )
S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [249400 2022-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
S3 LFCIO; \??\C:\swwork\Dowork5\lcfcEcRW\LfcIo64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-12 07:26 - 2023-09-12 07:26 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\UProof
2023-09-12 06:56 - 2023-09-12 08:08 - 000000000 ____D C:\Users\Nathan\Desktop\Bleeping computer forum help
2023-09-12 05:37 - 2023-09-12 05:37 - 002382848 _____ (Farbar) C:\Users\Nathan\Desktop\FRST64.exe
2023-09-12 03:17 - 2023-09-12 03:17 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2023-09-11 22:42 - 2023-09-11 22:42 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Word
2023-09-11 22:42 - 2023-09-11 22:42 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Proof
2023-09-11 22:42 - 2023-09-11 22:42 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Office
2023-09-11 22:42 - 2023-09-11 22:42 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\AddIns
2023-09-11 22:40 - 2023-09-11 22:40 - 000000000 ____D C:\ProgramData\.shared-ringdb
2023-09-11 22:37 - 2023-09-11 22:37 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\monero-wallet-gui
2023-09-11 22:29 - 2023-09-11 22:29 - 000000000 ____D C:\Users\Nathan\AppData\Local\cache
2023-09-11 20:34 - 2023-09-11 22:29 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Exodus
2023-09-11 20:34 - 2023-09-11 20:34 - 000002239 _____ C:\Users\Nathan\Desktop\Exodus.lnk
2023-09-11 20:34 - 2023-09-11 20:34 - 000000000 ____D C:\Users\Nathan\AppData\Local\SquirrelTemp
2023-09-11 20:34 - 2023-09-11 20:34 - 000000000 ____D C:\Users\Nathan\AppData\Local\exodus
2023-09-11 17:36 - 2023-09-12 07:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-11 17:36 - 2023-09-11 22:47 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-11 17:36 - 2023-09-11 22:47 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-11 17:36 - 2023-09-11 17:42 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{815BF1FD-D721-443D-9277-CC03815F6F14}
2023-09-11 17:36 - 2023-09-11 17:42 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{2F8F568B-09EF-41AF-9F09-DF1F029230AA}
2023-09-11 17:36 - 2023-09-11 17:36 - 000000000 ____D C:\Users\Nathan\AppData\Local\Google
2023-09-11 17:36 - 2023-09-11 17:36 - 000000000 ____D C:\Program Files\Google
2023-09-11 16:16 - 2023-09-11 16:16 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-06 15:14 - 2023-09-06 15:14 - 000793600 _____ C:\WINDOWS\system32\perfh010.dat
2023-09-06 15:14 - 2023-09-06 15:14 - 000150538 _____ C:\WINDOWS\system32\perfc010.dat
2023-09-06 15:03 - 2023-09-06 15:03 - 000000000 ___HD C:\$SysReset
2023-09-06 14:45 - 2023-09-06 14:45 - 000000000 ____D C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
2023-09-06 06:19 - 2023-09-06 06:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\obs-soundboard
2023-09-06 04:37 - 2023-09-12 00:22 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\obs-studio
2023-09-06 04:37 - 2023-09-06 04:37 - 000001063 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2023-09-06 04:37 - 2023-09-06 04:37 - 000000000 ____D C:\ProgramData\obs-studio-hook
2023-09-06 04:36 - 2023-09-06 06:27 - 000000000 ____D C:\Program Files\obs-studio
2023-09-06 00:38 - 2023-09-06 01:00 - 000000000 ____D C:\WINDOWS\Minidump
2023-09-06 00:33 - 2023-09-12 08:08 - 003675072 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-wal
2023-09-06 00:33 - 2023-09-06 15:05 - 000032768 _____ C:\WINDOWS\SysWOW64\DnsStorage-shm
2023-09-06 00:33 - 2023-09-06 15:05 - 000032768 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-shm
2023-09-06 00:33 - 2023-09-06 00:33 - 000012288 _____ C:\WINDOWS\SysWOW64\DnsStorage
2023-09-06 00:33 - 2023-09-06 00:33 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2023-09-06 00:33 - 2023-09-06 00:33 - 000000000 _____ C:\WINDOWS\SysWOW64\DnsStorage-wal
2023-09-06 00:26 - 2023-09-11 22:04 - 000001523 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2023-09-06 00:26 - 2023-09-11 22:04 - 000001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager.lnk
2023-09-06 00:26 - 2023-09-06 00:26 - 000000000 ____D C:\Users\Nathan\AppData\Local\Kaspersky Lab
2023-09-06 00:26 - 2023-09-06 00:26 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2023-09-06 00:25 - 2023-09-06 00:25 - 000003240 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2023-09-06 00:25 - 2023-09-06 00:25 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk
2023-09-06 00:25 - 2023-09-06 00:25 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN.lnk
2023-09-06 00:25 - 2023-09-06 00:25 - 000000000 ____D C:\Program Files\Common Files\AV
2023-09-06 00:25 - 2023-09-06 00:25 - 000000000 ____D C:\Program Files (x86)\dotnet
2023-09-06 00:24 - 2023-09-11 22:04 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2023-09-06 00:24 - 2023-09-11 22:04 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2023-09-06 00:24 - 2023-09-06 00:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\Kaspersky4Win-21-14
2023-09-06 00:20 - 2023-09-06 00:20 - 000000000 ____D C:\WINDOWS\Panther
2023-09-05 03:45 - 2023-09-09 17:52 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-05 03:45 - 2023-09-09 17:52 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-05 03:45 - 2023-09-09 17:52 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-05 03:45 - 2023-09-05 03:45 - 000000000 ____D C:\Users\Nathan\AppData\Local\OneDrive
2023-09-05 02:42 - 2023-09-05 02:42 - 000000000 ____D C:\ProgramData\Piriform
2023-09-05 01:15 - 2023-09-05 01:15 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\NVIDIA
2023-09-05 00:55 - 2023-09-05 00:55 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\McAfee
2023-09-04 23:38 - 2023-09-11 19:52 - 000000000 ____D C:\Users\Nathan\AppData\Local\LGHUB
2023-09-04 23:38 - 2023-09-06 18:16 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\G HUB
2023-09-04 23:38 - 2023-09-06 17:51 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\lghub
2023-09-04 23:38 - 2023-09-04 23:38 - 000000928 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2023-09-04 23:38 - 2023-09-04 23:38 - 000000000 ____D C:\Program Files\Logitech
2023-09-04 23:38 - 2023-09-04 23:38 - 000000000 ____D C:\Program Files\LGHUB
2023-09-04 23:34 - 2023-09-04 23:38 - 000000000 ____D C:\ProgramData\LGHUB
2023-09-04 22:58 - 2023-09-04 23:38 - 000000000 ____D C:\ProgramData\LogiShrd
2023-09-04 22:58 - 2023-09-04 22:58 - 000000000 ____D C:\Users\Nathan\AppData\Local\Logitech
2023-09-04 22:58 - 2023-09-04 22:58 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2023-09-04 22:57 - 2023-09-04 22:57 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Logitech
2023-09-04 22:57 - 2023-09-04 22:57 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Logishrd
2023-08-31 03:40 - 2023-09-03 18:44 - 000002457 _____ C:\Users\Nathan\Desktop\Personal - Edge.lnk
2023-08-31 01:04 - 2023-09-06 14:53 - 000000000 ____D C:\Program Files\CCleaner
2023-08-31 01:04 - 2023-09-05 19:40 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-08-31 01:04 - 2023-09-03 18:38 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-08-31 01:04 - 2023-08-31 01:04 - 000003472 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-08-31 01:04 - 2023-08-31 01:04 - 000002902 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Nathan
2023-08-31 00:31 - 2023-08-31 00:31 - 000000000 ____D C:\Users\Nathan\AppData\Local\Backup
2023-08-30 21:18 - 2015-04-28 20:06 - 000043256 _____ C:\WINDOWS\system32\oemlogo.bmp
2023-08-30 21:16 - 2023-08-30 21:16 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-08-30 21:16 - 2023-08-02 08:17 - 000000707 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2023-08-30 21:16 - 2023-08-02 04:41 - 000000707 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2023-08-30 21:16 - 2023-06-13 01:21 - 000000888 _____ C:\Users\Public\Desktop\Package Manager for MSFS.lnk
2023-08-30 21:12 - 2023-08-30 21:12 - 000011279 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-08-30 21:09 - 2023-08-30 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-08-30 21:09 - 2023-08-30 21:09 - 000000000 ____D C:\WINDOWS\addins
2023-08-30 21:09 - 2023-08-30 11:30 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-08-30 21:08 - 2023-08-30 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-08-30 21:08 - 2023-08-30 21:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-08-30 21:08 - 2023-08-30 21:08 - 000000000 ____D C:\Program Files\MSBuild
2023-08-30 21:08 - 2023-08-30 21:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-08-30 21:08 - 2023-08-30 21:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-08-30 21:07 - 2023-08-30 21:15 - 000000000 ____D C:\WINDOWS\SysWOW64\it
2023-08-30 21:07 - 2023-08-30 21:15 - 000000000 ____D C:\WINDOWS\system32\it
2023-08-30 21:06 - 2023-08-30 21:06 - 000000000 ____D C:\WINDOWS\Firmware
2023-08-30 21:06 - 2023-08-30 21:06 - 000000000 ____D C:\Program Files (x86)\Razer
2023-08-30 21:05 - 2023-08-30 21:05 - 000000000 ____D C:\WINDOWS\Lenovo
2023-08-30 21:03 - 2023-08-30 21:03 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-08-30 18:07 - 2023-08-30 18:07 - 000002036 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify (2).lnk
2023-08-30 18:07 - 2023-08-30 18:07 - 000001846 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2023-08-30 17:07 - 2023-08-30 18:15 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Spotify
2023-08-30 17:07 - 2023-08-30 18:08 - 000000000 ____D C:\Users\Nathan\AppData\Local\Spotify
2023-08-30 16:24 - 2023-08-30 16:24 - 000000000 ____D C:\Users\Nathan\AppData\Local\FactoryGame
2023-08-30 16:20 - 2023-08-30 16:29 - 000000000 ____D C:\Users\Nathan\AppData\Local\Stardock
2023-08-30 16:20 - 2023-08-30 16:23 - 000000000 ____D C:\Users\Nathan\AppData\Local\Steam
2023-08-30 16:20 - 2023-08-30 16:20 - 000000000 ____D C:\Users\Nathan\AppData\Local\CEF
2023-08-30 16:20 - 2023-08-30 16:20 - 000000000 ____D C:\ProgramData\Stardock
2023-08-30 16:19 - 2023-08-30 16:19 - 000000000 ____D C:\Program Files (x86)\Stardock
2023-08-30 16:10 - 2023-08-30 16:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-08-30 15:46 - 2023-08-30 15:46 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Network
2023-08-30 15:22 - 2023-08-30 15:22 - 000000000 ____D C:\Users\Nathan\AppData\Local\DBG
2023-08-30 15:09 - 2023-08-30 15:09 - 000000000 ____D C:\Users\Nathan\AppData\Local\Comms
2023-08-30 14:33 - 2023-09-07 16:53 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2023-08-30 14:33 - 2023-08-30 14:33 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2023-08-30 14:33 - 2023-08-30 14:33 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2023-08-30 14:32 - 2023-08-30 14:32 - 000000000 ____D C:\Users\Nathan\AppData\Local\Publishers
2023-08-30 14:18 - 2023-09-05 00:32 - 000000000 ____D C:\Users\Nathan\AppData\Local\NVIDIA
2023-08-30 14:18 - 2023-08-30 15:18 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\MMC
2023-08-30 14:18 - 2023-08-30 14:18 - 000000000 ____D C:\Users\Nathan\AppData\Local\Lenovo
2023-08-30 14:17 - 2023-09-09 17:52 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-739449780-1690936981-217154247-1001
2023-08-30 14:17 - 2023-08-31 01:06 - 000000000 ____D C:\Users\Nathan\AppData\Local\PlaceholderTileLogoFolder
2023-08-30 14:17 - 2023-08-30 14:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-08-30 14:16 - 2023-09-12 01:34 - 000000000 ____D C:\Users\Nathan\AppData\Local\D3DSCache
2023-08-30 14:16 - 2023-09-11 19:52 - 000000000 ____D C:\ProgramData\Packages
2023-08-30 14:16 - 2023-09-11 17:40 - 000000000 ____D C:\Users\Nathan\AppData\Local\Packages
2023-08-30 14:16 - 2023-09-05 01:13 - 000000000 ____D C:\Users\Nathan\AppData\Local\AMD
2023-08-30 14:16 - 2023-09-05 00:35 - 000000000 ____D C:\Users\Nathan\AppData\Local\NVIDIA Corporation
2023-08-30 14:16 - 2023-08-31 03:42 - 000000000 ____D C:\Users\Nathan\AppData\Local\ConnectedDevicesPlatform
2023-08-30 14:16 - 2023-08-30 14:16 - 000000020 ___SH C:\Users\Nathan\ntuser.ini
2023-08-30 14:16 - 2023-08-30 14:16 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Adobe
2023-08-30 14:16 - 2023-08-30 14:16 - 000000000 ____D C:\Users\Nathan\AppData\Local\VirtualStore
2023-08-30 11:32 - 2023-08-30 11:32 - 000000000 ____D C:\Program Files\Common Files\DynamicAppDownloader
2023-08-30 11:31 - 2023-09-06 15:14 - 001783922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-30 11:25 - 2023-09-06 15:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-30 11:25 - 2023-08-31 01:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2023-08-30 11:25 - 2023-08-30 11:27 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-08-30 11:25 - 2023-08-30 11:25 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-08-30 11:25 - 2023-08-30 11:25 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-08-30 11:25 - 2023-08-30 11:25 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\SystemCertificates
2023-08-30 11:25 - 2023-08-30 11:25 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\IME
2023-08-30 11:25 - 2023-08-30 11:25 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Crypto
2023-08-30 11:25 - 2021-02-10 10:09 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4260399813-1169388321-3660747376-500
2023-08-30 11:25 - 2020-05-06 20:41 - 000003394 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3643460898-1865012685-2946422182-500
2023-08-30 11:24 - 2023-09-06 07:21 - 000000000 ____D C:\Users\Nathan
2023-08-30 11:24 - 2023-08-30 16:09 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows
2023-08-30 11:24 - 2023-08-30 15:14 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Spelling
2023-08-30 11:24 - 2023-08-30 11:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-08-30 11:19 - 2023-09-11 19:53 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-30 11:19 - 2023-09-05 00:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-08-30 11:19 - 2023-08-30 11:19 - 000000533 _____ C:\WINDOWS\system32\regtest.txt
2023-08-30 11:19 - 2023-08-30 11:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2023-08-30 11:19 - 2023-08-30 11:19 - 000000000 ____D C:\ProgramData\Dolby
2023-08-30 11:18 - 2023-09-12 05:34 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-08-30 11:18 - 2023-09-12 04:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-30 11:18 - 2023-09-04 22:25 - 000000000 ____D C:\ProgramData\Lenovo
2023-08-30 11:18 - 2023-08-30 11:18 - 000392232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-08-30 11:18 - 2023-08-30 11:18 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2023-08-30 11:18 - 2023-08-30 11:18 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-08-30 11:18 - 2023-08-30 11:18 - 000000000 ____D C:\Program Files\AMD
2023-08-30 11:18 - 2019-12-17 08:55 - 000000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX0.dat
2023-08-30 11:18 - 2019-12-10 22:11 - 000000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2023-08-30 04:09 - 2023-08-30 04:11 - 000000000 ___HD C:\$WinREAgent
2023-08-29 18:11 - 2023-08-30 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-08-22 00:44 - 2023-08-22 00:44 - 000069632 _____ C:\Users\Nathan\Desktop\ys.evtx
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-12 08:11 - 2022-07-08 17:07 - 000000000 ____D C:\FRST
2023-09-12 08:08 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-09-12 06:12 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-12 06:12 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-09-12 06:11 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-12 05:41 - 2021-09-25 15:37 - 000000000 ____D C:\Users\Nathan\AppData\LocalLow\Mozilla
2023-09-12 04:57 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF
2023-09-12 04:48 - 2021-09-24 07:39 - 000000000 ___RD C:\Users\Nathan\OneDrive
2023-09-11 20:34 - 2021-09-25 15:45 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2023-09-11 18:24 - 2023-03-28 06:25 - 000000000 ____D C:\SteamLibrary
2023-09-09 07:33 - 2021-02-10 11:13 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-07 16:53 - 2022-05-13 03:27 - 000000000 ____D C:\XboxGames
2023-09-06 15:06 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-09-06 15:05 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-09-06 15:05 - 2020-05-06 20:33 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-06 15:04 - 2022-05-07 07:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-09-06 15:04 - 2022-05-07 07:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-09-06 07:39 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-09-06 07:22 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-09-06 04:37 - 2022-01-24 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2023-09-06 00:25 - 2021-02-10 11:24 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-06 00:24 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-09-06 00:20 - 2021-02-10 11:26 - 000000000 ____D C:\ProgramData\McAfee
2023-09-04 23:38 - 2023-06-29 05:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2023-09-04 22:58 - 2022-01-23 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2023-09-01 15:48 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-09-01 15:48 - 2021-02-10 11:15 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-01 15:47 - 2021-02-10 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-08-30 21:16 - 2023-08-09 03:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2023-08-30 21:16 - 2023-08-02 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2023-08-30 21:16 - 2023-08-02 08:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2023-08-30 21:16 - 2023-08-02 04:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2023-08-30 21:16 - 2023-08-02 04:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DrumThrash
2023-08-30 21:16 - 2023-07-25 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 22
2023-08-30 21:16 - 2023-07-05 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\God of War
2023-08-30 21:16 - 2023-06-27 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Dead Redemption 2
2023-08-30 21:16 - 2023-06-21 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2023-08-30 21:16 - 2023-06-21 03:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker
2023-08-30 21:16 - 2023-06-13 01:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RWY29 Package Manager
2023-08-30 21:16 - 2023-05-31 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2023-08-30 21:16 - 2023-05-17 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2023-08-30 21:16 - 2023-04-25 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fender FUSE
2023-08-30 21:16 - 2023-03-29 02:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2023-08-30 21:16 - 2023-01-15 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
2023-08-30 21:16 - 2022-09-12 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2023-08-30 21:16 - 2022-09-06 06:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities Skylines
2023-08-30 21:16 - 2022-08-30 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2023-08-30 21:16 - 2022-08-13 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2023-08-30 21:16 - 2022-05-07 07:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-08-30 21:16 - 2022-05-07 07:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-08-30 21:16 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-08-30 21:16 - 2022-04-19 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2023-08-30 21:16 - 2022-02-17 03:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monero GUI Wallet
2023-08-30 21:16 - 2022-01-28 07:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naughty Seal Audio
2023-08-30 21:16 - 2022-01-25 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 21:16 - 2022-01-24 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2023-08-30 21:16 - 2022-01-24 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2023-08-30 21:16 - 2022-01-19 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-08-30 21:16 - 2022-01-13 05:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tropico 5
2023-08-30 21:16 - 2021-11-09 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBTExplorer
2023-08-30 21:16 - 2021-11-06 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2023-08-30 21:16 - 2021-10-18 03:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2023-08-30 21:16 - 2021-09-28 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2023-08-30 21:16 - 2021-09-26 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
2023-08-30 21:16 - 2021-09-25 18:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2023-08-30 21:16 - 2021-09-25 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Environment Editor
2023-08-30 21:16 - 2021-09-25 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-08-30 21:16 - 2021-09-24 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2023-08-30 21:15 - 2022-05-07 08:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-08-30 21:15 - 2022-05-07 08:10 - 000023775 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2023-08-30 21:15 - 2022-05-07 07:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-08-30 21:15 - 2022-05-07 07:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WUModels
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Globalization
2023-08-30 21:15 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-08-30 21:08 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-08-30 21:08 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-08-30 21:07 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-08-30 21:07 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-08-30 21:07 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Com
2023-08-30 21:07 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-08-30 16:20 - 2022-03-13 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2023-08-30 16:09 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-08-30 16:09 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-08-30 16:09 - 2020-05-06 20:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-08-30 15:34 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-08-30 14:32 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-08-30 14:31 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-08-30 14:31 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\servicing
2023-08-30 14:16 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-08-30 14:16 - 2021-02-10 11:16 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-08-30 14:16 - 2021-02-10 11:16 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-08-30 14:16 - 2021-02-10 11:16 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-08-30 14:16 - 2021-02-10 11:16 - 000002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-08-30 14:16 - 2021-02-10 11:16 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-08-30 14:16 - 2021-02-10 11:16 - 000002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-08-30 14:16 - 2021-02-10 11:14 - 000000000 ____D C:\WINDOWS\TempInst
2023-08-30 14:16 - 2020-05-06 20:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-08-30 11:30 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-08-30 11:26 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2023-08-30 11:25 - 2023-05-23 19:58 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Acrylic Suite
2023-08-30 11:25 - 2022-11-22 18:59 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2023-08-30 11:25 - 2022-10-25 03:28 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2023-08-30 11:25 - 2022-05-22 20:28 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kali-linux
2023-08-30 11:25 - 2022-02-16 23:13 - 000053006 _____ C:\Users\Nathan\Desktop\Removed Apps.html
2023-08-30 11:25 - 2022-01-26 17:36 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2023-08-30 11:25 - 2022-01-25 11:53 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 11:25 - 2021-12-15 12:45 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pylo
2023-08-30 11:25 - 2021-11-13 18:42 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATLauncher
2023-08-30 11:25 - 2021-10-06 11:23 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2023-08-30 11:25 - 2021-09-26 03:43 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-08-30 11:25 - 2021-09-24 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strumenti di Microsoft Office
2023-08-30 11:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-08-30 11:23 - 2022-05-07 08:01 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-08-30 11:23 - 2022-05-07 08:01 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-08-30 11:23 - 2022-05-07 08:01 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-08-30 11:23 - 2022-05-07 08:01 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-08-30 11:23 - 2022-05-07 08:01 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-08-30 11:23 - 2022-05-07 08:01 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-08-30 11:23 - 2022-05-07 08:01 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-08-30 11:23 - 2022-05-07 08:01 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WaaS
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\OCR
2023-08-30 11:23 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\IME
2023-08-30 11:23 - 2021-02-10 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-08-30 11:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2023-08-30 11:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2023-08-30 11:22 - 2022-05-07 08:10 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-08-30 11:22 - 2022-05-07 08:10 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-08-30 11:22 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-08-30 11:22 - 2021-02-10 11:25 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-08-30 11:22 - 2021-02-10 11:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-08-30 11:22 - 2021-02-10 11:20 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-08-30 11:22 - 2021-02-10 11:15 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-08-30 11:22 - 2021-02-10 11:14 - 000000000 ____D C:\Program Files\Lenovo
2023-08-30 11:22 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Security
2023-08-30 11:21 - 2022-05-07 07:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-08-30 11:21 - 2021-02-10 11:15 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-08-30 11:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-08-30 10:55 - 2021-09-24 07:38 - 000000000 ___SD C:\Users\Nathan\AppData\Roaming\Microsoft\Credentials
2023-08-30 09:21 - 2022-09-29 05:27 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-08-22 00:37 - 2023-06-27 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2023
Ran by Nathan (12-09-2023 08:12:22)
Running from C:\Users\Nathan\Desktop\Bleeping computer forum help\FRST
Microsoft Windows 11 Home Version 23H2 22631.2199 (X64) (2023-08-30 09:30:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-739449780-1690936981-217154247-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-739449780-1690936981-217154247-503 - Limited - Disabled)
Guest (S-1-5-21-739449780-1690936981-217154247-501 - Limited - Disabled)
miles (S-1-5-21-739449780-1690936981-217154247-1004 - Limited - Disabled)
Nathan (S-1-5-21-739449780-1690936981-217154247-1001 - Administrator - Enabled) => C:\Users\Nathan
WDAGUtilityAccount (S-1-5-21-739449780-1690936981-217154247-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
CCleaner (HKLM\...\CCleaner) (Version: 6.15 - Piriform)
Docs (HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\3b575aad77650f0efee7fd7e93d0925d) (Version: 1.0 - Google\Chrome)
Exodus (HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\exodus) (Version: 23.9.11 - Exodus Movement Inc)
Gmail (HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\ae97f8ae7f8c23fe59a9ff589d9506bf) (Version: 1.0 - Google\Chrome)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.182 - Google LLC)
Google Drive (HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\3a65b9418567cb806a433da1a5f10ed8) (Version: 1.0 - Google\Chrome)
Kaspersky (HKLM-x32\...\{3CC8CD12-5F5C-38C0-9557-8D379777C4AF}) (Version: 21.14.5.462 - Kaspersky) Hidden
Kaspersky (HKLM-x32\...\InstallWIX_{3CC8CD12-5F5C-38C0-9557-8D379777C4AF}) (Version: 21.14.5.462 - Kaspersky)
Kaspersky Password Manager (HKLM-x32\...\{1240A166-0790-4BCA-9F39-0C7567BA4808}) (Version: 23.1.0.192 - Kaspersky) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{1240A166-0790-4BCA-9F39-0C7567BA4808}) (Version: 23.1.0.192 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{836E6477-FBFF-3ACE-983C-94E91D6FA845}) (Version: 21.14.5.462 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{836E6477-FBFF-3ACE-983C-94E91D6FA845}) (Version: 21.14.5.462 - Kaspersky)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.7.448769 - Logitech)
Logitech Gaming Software 9.04 (HKLM\...\Logitech Gaming Software) (Version: 9.04.49 - Logitech Inc.)
Microsoft .NET Host - 6.0.21 (x86) (HKLM-x32\...\{A9F8F2E3-D3A4-4D90-9800-F689932ECE89}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.21 (x86) (HKLM-x32\...\{EF4A37DD-21FE-43E9-89D1-1C699CC197AC}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.21 (x86) (HKLM-x32\...\{B8ED272B-5F2D-4FF5-A7CA-C73552D7FB0F}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20170 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.76 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.184.0903.0001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.21 (x86) (HKLM-x32\...\{33e692e6-1f06-4c3d-8981-738c129e0b2c}) (Version: 6.0.21.32717 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.21 (x86) (HKLM-x32\...\{F25834D2-0460-4995-8585-8E41BD074159}) (Version: 48.87.64723 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation)
NVIDIA Graphics Driver 451.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.1.3 - OBS Project)
obs-soundboard version 1.1.0 (HKLM-x32\...\{CD703FE5-1F2C-4837-BD3D-DD840D83C3E3}_is1) (Version: 1.1.0 - cg2121)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20170 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12527.20482 - Microsoft Corporation) Hidden
Sheets (HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\0e4dc416b3c2fb4bbde725af1b1dca66) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\1a3add1183e8d0a3d1613c6e953a47d9) (Version: 1.0 - Google\Chrome)
Stardock Start11 (HKLM-x32\...\Stardock Start11) (Version: 1.4.7.2 - Stardock Software, Inc.)
YouTube (HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\3f87ac14e3e6b878f3c63a710fb7b38d) (Version: 1.0 - Google\Chrome)
 
Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\advancedmicrodevicesinc-2.amdradeonsoftware_10.20.10028.0_x64__0a9344xs7nr4m [2023-08-30] (Advanced Micro Devices Inc.) [Startup Task]
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation)
Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\dolbylaboratories.dolbyatmosforgaming_3.20602.609.0_x64__rz1tebttyb220 [2023-08-30] (Dolby Laboratories)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2308.29.0_x64__k1h2ywk1493x8 [2023-09-09] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.4.18.0_x64__5grkq8ppsgwt4 [2023-08-30] (LENOVO INC) [Startup Task]
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\nvidiacorp.nvidiacontrolpanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-30] (NVIDIA Corp.)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.7554.0_x64__8wekyb3d8bbwe [2023-09-06] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.222.0_x64__dt26b99r8h8gj [2023-08-30] (Realtek Semiconductor Corp)
ShellEx Package -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64 [2023-09-06] (ShellEx Package)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-31] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0 [2023-08-31] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2335.6.0_x64__cv1g1gvanyjgm [2023-09-09] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-08-30] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.911.2432.103_neutral__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-09-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-09-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-09-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileSyncShell64.dll [2023-09-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_a3be7e3b09033125\nvshext.dll [2023-07-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-09-06] (Kaspersky Lab JSC -> AO Kaspersky Lab)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Nathan\Desktop\Personal - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
 
==================== Loaded Modules (Whitelisted) =============
 
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 _____ (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
2023-08-30 14:33 - 2023-09-07 16:53 - 000483328 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\gameplatformservices.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-739449780-1690936981-217154247-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2022-05-07] (Lenovo -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-739449780-1690936981-217154247-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nathan\OneDrive\Immagini\wallpaperflare.com_wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_89A8A90E86A1213AD36B675879214C30"
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-739449780-1690936981-217154247-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AF138AAD-12B3-4AC7-8580-9075764E98D8}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{89DEEBAC-C71E-4E71-A7A5-DB4651B384A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EECBD81A-3C0E-4F28-93B9-0AE41F3EB83F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{91504A54-B7B7-4715-867B-4793570CD98C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BDE671B8-9F7F-4A35-AA6B-AE9B67853FF1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3C17F2D2-D784-4530-9088-5EEFB0DAB57C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25573921-7703-4E0D-980D-12E8FBB83261}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{802CB372-DE23-4369-A415-3CC0F9EFBFA8}] => (Allow) D:\Program Files\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{AA45A1FF-3098-416C-870C-E86507007B01}] => (Allow) D:\Program Files\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC492DF6-2DDA-4B76-9E99-77CF2D22BAB2}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DF3697BD-75A5-47AB-B305-064553BB0B14}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{D87E1852-2F52-4448-BDED-6B5D66E58B1F}C:\windows.old\users\nathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\windows.old\users\nathan\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{AB58D9BC-BC9B-4A33-8A58-E5DFFE5CC1A3}C:\windows.old\users\nathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\windows.old\users\nathan\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{EF38A2A7-FF59-47A3-A13A-F54309D3F9B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3CFEE662-9BA2-43EF-A7B2-37003D58C228}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BD6BE4FC-F552-4A8B-B4A5-491470A03BF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{28A9BD64-F623-47B8-AC5F-94EB109AFA7A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9C80C302-5930-463F-8E13-B56473867838}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EE1615C9-8751-4318-9EC3-9304E343BB9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{215F6C4C-F1DB-422A-9B61-ECF986EE6217}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BEFD7A76-1E04-41DB-B362-BBF14C6076F2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{62A76B7E-94D4-43FD-AF1A-7345E65755ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BAFB1D8F-97D2-4B7D-A686-657295C560FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.219.941.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{16F4BA77-F1F8-4B9E-89D1-59D7015F8045}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{783B4E07-9154-4199-84EA-DCD738438963}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{2A7D5482-D601-4346-9FDD-32DC1BF39181}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{7CB32159-C097-4AEC-A2F7-3C6E8384C704}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{35C3EF26-500F-45B6-9DE8-981F6DDA9FA1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F58CC5D9-F8B3-492A-941D-BBA5BF80DF90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3A12D076-D74E-441B-8BE7-B56681E4D03F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8CF5401-543E-43F6-A490-D55E95254231}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FA989D24-2B2F-487B-9EBB-5FDB73DE8477}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9C1F3D38-F683-41E3-B8DD-B700BB0273A8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FC077F4D-9000-4F9E-85E2-09004A011644}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
06-09-2023 00:46:10 Windows Modules Installer
09-09-2023 13:30:19 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/12/2023 07:26:43 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {6064205A-3656-4877-838D-B68D30BF97A2}
 
Error: (09/12/2023 06:15:43 AM) (Source: Application Error) (EventID: 1000) (User: NAPS-LEGION5)
Description: Faulting application name: mmc.exe, version: 10.0.22621.1610, time stamp: 0x92ea38a0
Faulting module name: KERNELBASE.dll, version: 10.0.22621.2199, time stamp: 0x455ed20e
Exception code: 0xc000041d
Fault offset: 0x000000000006535c
Faulting process id: 0x0x1514
Faulting application start time: 0x0x1d9e52f44259be6
Faulting application path: C:\WINDOWS\system32\mmc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2cc3c2d9-b13a-43a5-aa2a-a1ce87efc995
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/12/2023 06:15:41 AM) (Source: Application Error) (EventID: 1000) (User: NAPS-LEGION5)
Description: Faulting application name: mmc.exe, version: 10.0.22621.1610, time stamp: 0x92ea38a0
Faulting module name: KERNELBASE.dll, version: 10.0.22621.2199, time stamp: 0x455ed20e
Exception code: 0xc0000002
Fault offset: 0x000000000006535c
Faulting process id: 0x0x1514
Faulting application start time: 0x0x1d9e52f44259be6
Faulting application path: C:\WINDOWS\system32\mmc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3e50947b-fefa-4fa0-b882-f8e0fa57aa0e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/12/2023 06:15:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mmc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000002, exception address 00007FFB1B6C535C
Stack:
   at Microsoft.ManagementConsole.Interop.IWaitDialog.RunModal(IntPtr, UInt32, UInt32, Microsoft.ManagementConsole.Interop.IWaitDialogCancelCallback)
   at Microsoft.ManagementConsole.Interop.IWaitDialog.RunModal(IntPtr, UInt32, UInt32, Microsoft.ManagementConsole.Interop.IWaitDialogCancelCallback)
   at Microsoft.ManagementConsole.Executive.WaitDialog.InnerShowDialog(System.Windows.Forms.IWin32Window)
   at Microsoft.ManagementConsole.Executive.WaitDialog.ShowDialog(System.Windows.Forms.IWin32Window)
   at Microsoft.ManagementConsole.Executive.RunningOperationsTable.EnqueueOperation(Microsoft.ManagementConsole.Executive.Operation)
   at Microsoft.ManagementConsole.Executive.ViewHost.HandleClipboardSelection(Microsoft.ManagementConsole.Executive.ViewSelectionDataObject, Boolean)
   at Microsoft.ManagementConsole.Executive.FxComponent.OnClipboardSelect(Microsoft.ManagementConsole.Interop.IDataObject, Boolean)
   at Microsoft.ManagementConsole.Executive.ClipboardSelectNotification.OnNotify(IntPtr, IntPtr, IntPtr)
   at Microsoft.ManagementConsole.Executive.MmcNotifyTarget.Notify(IntPtr, Microsoft.ManagementConsole.Interop.NotificationType, IntPtr, IntPtr)
   at Microsoft.ManagementConsole.Interop.IWaitDialog.RunModal(IntPtr, UInt32, UInt32, Microsoft.ManagementConsole.Interop.IWaitDialogCancelCallback)
   at Microsoft.ManagementConsole.Interop.IWaitDialog.RunModal(IntPtr, UInt32, UInt32, Microsoft.ManagementConsole.Interop.IWaitDialogCancelCallback)
   at Microsoft.ManagementConsole.Executive.WaitDialog.InnerShowDialog(System.Windows.Forms.IWin32Window)
   at Microsoft.ManagementConsole.Executive.WaitDialog.ShowDialog(System.Windows.Forms.IWin32Window)
   at Microsoft.ManagementConsole.Executive.RunningOperationsTable.EnqueueOperation(Microsoft.ManagementConsole.Executive.Operation)
   at Microsoft.ManagementConsole.Executive.ViewHost.HandleClipboardSelection(Microsoft.ManagementConsole.Executive.ViewSelectionDataObject, Boolean)
   at Microsoft.ManagementConsole.Executive.FxComponent.OnClipboardSelect(Microsoft.ManagementConsole.Interop.IDataObject, Boolean)
   at Microsoft.ManagementConsole.Executive.ClipboardSelectNotification.OnNotify(IntPtr, IntPtr, IntPtr)
   at Microsoft.ManagementConsole.Executive.MmcNotifyTarget.Notify(IntPtr, Microsoft.ManagementConsole.Interop.NotificationType, IntPtr, IntPtr)
 
Error: (09/12/2023 05:39:03 AM) (Source: Application Error) (EventID: 1000) (User: NAPS-LEGION5)
Description: Faulting application name: Explorer.EXE, version: 10.0.22621.2199, time stamp: 0xd97b34ff
Faulting module name: Taskbar.View.dll, version: 623.21203.0.0, time stamp: 0x64c7fb8d
Exception code: 0xc0000005
Fault offset: 0x000000000025f5b6
Faulting process id: 0x0x4984
Faulting application start time: 0x0x1d9e4d8a957382e
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy\Taskbar.View.dll
Report Id: 11012840-0605-4a8d-aed8-40cf6f42bab3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/12/2023 05:21:13 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program rundll32.exe version 10.0.22621.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (09/12/2023 03:45:27 AM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll
 
Error: (09/12/2023 03:45:27 AM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa10001, Error: Need user interaction to continue.mcpmanagementservice.dll
 
 
System errors:
=============
Error: (09/12/2023 08:05:31 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}. The error:
"2147942767"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe" -Embedding
 
Error: (09/12/2023 08:05:31 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}. The error:
"2147942767"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe" -Embedding
 
Error: (09/12/2023 06:56:52 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}. The error:
"2147942767"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe" -Embedding
 
Error: (09/12/2023 06:56:52 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}. The error:
"2147942767"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe" -Embedding
 
Error: (09/12/2023 06:56:50 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}. The error:
"2147942767"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe" -Embedding
 
Error: (09/12/2023 06:56:50 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}. The error:
"2147942767"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe" -Embedding
 
Error: (09/12/2023 05:37:56 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}. The error:
"2147942767"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe" -Embedding
 
Error: (09/12/2023 05:37:56 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}. The error:
"2147942767"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\23.184.0903.0001\FileCoAuth.exe" -Embedding
 
 
Windows Defender:
================
Date: 2023-09-05 23:39:13
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-09-05 00:55:38
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-08-30 11:53:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2023-08-30 11:40:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2023-09-12 06:56:51
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\com_antivirus.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO EUCN39WW 09/09/2022
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 7 4800H with Radeon Graphics 
Percentage of memory in use: 60%
Total physical RAM: 15741.32 MB
Available physical RAM: 6231 MB
Total Virtual: 18571.9 MB
Available Virtual: 4011 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:930.16 GB) (Free:443.82 GB) (Model: CT1000P3PSSD8) NTFS
Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:61.32 GB) (Model: WDC WD10SPZX-08Z10) NTFS
 
\\?\Volume{1d8ae3af-a019-43a8-8cc3-1349060d735c}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.32 GB) NTFS
\\?\Volume{8e8fbf36-30d5-4c8e-85ec-dbc27f7f7188}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9095C8F8)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4042D3E0)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 

Attached Files


BC AdBot (Login to Remove)

 

#2 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 2,423 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:02:24 AM

Posted 13 September 2023 - 08:13 AM

Hi Naps284,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

  • Back up any important data, as a precaution, before starting this process.
  • If you are unsure about anything then please ask. This makes the task much easier in the long run.
  • Do not run any other tools or make changes to your system during the removal process.
  • Please do not start a new topic and keep all replies in this thread.
  • Follow the instructions in the sequence advised.
  • Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
  • Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
  • Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
  • Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Please give me some time to examine your logs and I will get back to you as soon as possible.

Dennis


#3 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 2,423 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:02:24 AM

Posted 13 September 2023 - 01:03 PM

Firstly, could you please take a look at these items in the Start menu and let me know if you recognise them.

2023-08-30 21:16 - 2023-08-02 04:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2023-08-30 21:16 - 2023-08-02 04:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DrumThrash
2023-08-30 21:16 - 2023-07-25 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 22
2023-08-30 21:16 - 2023-07-05 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\God of War
2023-08-30 21:16 - 2023-06-27 14:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Dead Redemption 2
2023-08-30 21:16 - 2023-06-21 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2023-08-30 21:16 - 2023-06-21 03:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker
2023-08-30 21:16 - 2023-06-13 01:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RWY29 Package Manager
2023-08-30 21:16 - 2023-05-31 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2023-08-30 21:16 - 2023-05-17 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2023-08-30 21:16 - 2023-04-25 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fender FUSE
2023-08-30 21:16 - 2023-03-29 02:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2023-08-30 21:16 - 2023-01-15 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
2023-08-30 21:16 - 2022-09-12 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2023-08-30 21:16 - 2022-09-06 06:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities Skylines
2023-08-30 21:16 - 2022-08-30 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2023-08-30 21:16 - 2022-08-13 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2023-08-30 21:16 - 2022-04-19 06:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2023-08-30 21:16 - 2022-02-17 03:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monero GUI Wallet
2023-08-30 21:16 - 2022-01-28 07:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naughty Seal Audio
2023-08-30 21:16 - 2022-01-25 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 21:16 - 2022-01-24 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2023-08-30 21:16 - 2022-01-24 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2023-08-30 21:16 - 2022-01-13 05:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tropico 5
2023-08-30 21:16 - 2021-11-09 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBTExplorer
2023-08-30 21:16 - 2021-11-06 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2023-08-30 21:16 - 2021-10-18 03:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2023-08-30 21:16 - 2021-09-28 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2023-08-30 21:16 - 2021-09-26 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
2023-08-30 21:16 - 2021-09-25 18:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.9
2023-08-30 21:16 - 2021-09-25 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Environment Editor
2023-08-30 21:16 - 2021-09-24 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2023-08-22 00:37 - 2023-06-27 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2023-08-30 21:16 - 2023-08-09 03:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2023-08-30 21:16 - 2023-08-02 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2023-08-30 21:16 - 2023-08-02 08:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2023-08-29 18:11 - 2023-08-30 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-08-30 11:25 - 2023-05-23 19:58 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Acrylic Suite
2023-08-30 11:25 - 2022-11-22 18:59 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2023-08-30 11:25 - 2022-10-25 03:28 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2023-08-30 11:25 - 2022-05-22 20:28 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kali-linux
2023-08-30 11:25 - 2022-01-26 17:36 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2023-08-30 11:25 - 2022-01-25 11:53 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 11:25 - 2021-12-15 12:45 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pylo
2023-08-30 11:25 - 2021-11-13 18:42 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATLauncher
2023-08-30 11:25 - 2021-10-06 11:23 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop

Edited by dennis_l, 13 September 2023 - 01:52 PM.

#4 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 2,423 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:02:24 AM

Posted 17 September 2023 - 01:08 PM

Please advise if you still need help?
It has been 4 days since my last post.
If you have not replied within the next 48 hours, I will assume that you no longer need help and this topic will be closed.


#5 Naps284

Naps284
  • Topic Starter

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 18 September 2023 - 03:35 AM

Hey, sorry for not answering immediately. I had some unexpected personal issues in the last few days!
I'll make sure to answer as soon as possible (in the next few hours, if I can)!


#6 Naps284

Naps284
  • Topic Starter

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 18 September 2023 - 04:05 AM

So, I think I do recognize all the items you mentioned above.
 
 
These folders appear empty, tho (option to show hidden items is active). Maybe it would make sense to remove them:
 
2023-08-30 21:16 - 2023-06-21 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2023-08-30 21:16 - 2022-01-25 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 11:25 - 2022-01-25 11:53 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony
 
 
 
 
This one I do also recognize, but I recently heard it's linked to malicious activity. And I also don't need nor want it installed anymore:
 
2023-08-30 21:16 - 2021-09-26 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
 
 
 
 
And also this one, I do recognize it, but I'd like to remove it:
 
2023-08-30 11:25 - 2022-05-22 20:28 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kali-linux

#7 Naps284

Naps284
  • Topic Starter

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 18 September 2023 - 04:06 AM

Oh, by the way, thanks for the quick reply!


Edited by Naps284, 18 September 2023 - 04:07 AM.

#8 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 2,423 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:02:24 AM

Posted 18 September 2023 - 04:49 AM

Let's remove those entries and also check some items, as well as run a clean-up.
We can also reset some areas, including the firewall, as precautionary measures.
Could you please run this FRST script next.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
CreateRestorePoint:
CloseProcesses:
2023-08-30 21:16 - 2023-06-21 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2023-08-30 21:16 - 2022-01-25 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 11:25 - 2022-01-25 11:53 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 21:16 - 2021-09-26 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
2023-08-30 11:25 - 2022-05-22 20:28 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kali-linux
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
File: C:\WINDOWS\System32\Drivers\CH341S64.SYS
File: C:\WINDOWS\SysWOW64\AppRulesStorage-wal
File: C:\WINDOWS\SysWOW64\DnsStorage-shm
File: C:\WINDOWS\SysWOW64\AppRulesStorage-shm
File: C:\WINDOWS\SysWOW64\DnsStorage
File: C:\WINDOWS\SysWOW64\AppRulesStorage
File: C:\WINDOWS\SysWOW64\DnsStorage-wal
ZIP: C:\Windows\Minidump
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S3 LFCIO; \??\C:\swwork\Dowork5\lcfcEcRW\LfcIo64.sys [X]
cmd: type   C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
cmd: netsh winsock reset
cmd: netsh int ip reset C:\resettcpip.txt
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
  • Click on the Fix button just once and wait.
  • If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
The tool will also create a .zip file with today's date and time.
Please upload the file here

Also advise how your computer is running now.


#9 Naps284

Naps284
  • Topic Starter

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 18 September 2023 - 05:30 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2023
Ran by Nathan (18-09-2023 12:11:40) Run:1
Running from C:\Users\Nathan\Desktop\Bleeping computer forum help\FRST
Loaded Profiles: Nathan
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
2023-08-30 21:16 - 2023-06-21 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2023-08-30 21:16 - 2022-01-25 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 11:25 - 2022-01-25 11:53 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony
2023-08-30 21:16 - 2021-09-26 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
2023-08-30 11:25 - 2022-05-22 20:28 - 000000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kali-linux
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
File: C:\WINDOWS\System32\Drivers\CH341S64.SYS
File: C:\WINDOWS\SysWOW64\AppRulesStorage-wal
File: C:\WINDOWS\SysWOW64\DnsStorage-shm
File: C:\WINDOWS\SysWOW64\AppRulesStorage-shm
File: C:\WINDOWS\SysWOW64\DnsStorage
File: C:\WINDOWS\SysWOW64\AppRulesStorage
File: C:\WINDOWS\SysWOW64\DnsStorage-wal
ZIP: C:\Windows\Minidump
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S3 LFCIO; \??\C:\swwork\Dowork5\lcfcEcRW\LfcIo64.sys [X]
cmd: type   C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
cmd: netsh winsock reset
cmd: netsh int ip reset C:\resettcpip.txt
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis" folder move:
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis => moved successfully
 
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony" folder move:
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony => moved successfully
 
"C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony" folder move:
 
C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony => moved successfully
 
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher" folder move:
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher => moved successfully
 
"C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kali-linux" folder move:
 
C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kali-linux => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
 
========================= File: C:\WINDOWS\System32\Drivers\CH341S64.SYS ========================
 
C:\WINDOWS\System32\Drivers\CH341S64.SYS
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.cat
File is digitally signed
MD5: 00166440187A537646E56C429312F6C2
Creation and modification date: 2023-03-21 01:30 - 2023-03-21 01:30
Size: 000084640
Attributes: ----A
Company Name: Microsoft Windows Hardware Compatibility Publisher -> wch.cn
Internal Name: CH341SER For AMD64
Original Name: CH341SER For AMD64
Product: CH341S64.SYS
Description: WDM for CH341 serial, by W.ch
File Version: 3.80
Product Version: 3.80
Copyright: Copyright ©WCH 2001-2023
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\SysWOW64\AppRulesStorage-wal ========================
 
C:\WINDOWS\SysWOW64\AppRulesStorage-wal
Catalog: Error1: CreateFileW function failed
File not signed
MD5: 9B0DA3279646615E7845D6F5A12E7DD7
Creation and modification date: 2023-09-06 00:33 - 2023-09-18 12:08
Size: 004120032
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\SysWOW64\DnsStorage-shm ========================
 
C:\WINDOWS\SysWOW64\DnsStorage-shm
Catalog: Error1: CreateFileW function failed
File not signed
MD5: B7C14EC6110FA820CA6B65F5AEC85911
Creation and modification date: 2023-09-06 00:33 - 2023-09-18 11:40
Size: 000032768
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\SysWOW64\AppRulesStorage-shm ========================
 
C:\WINDOWS\SysWOW64\AppRulesStorage-shm
Catalog: Error1: CreateFileW function failed
File not signed
MD5: 595436B3F79D4BB8F7C9B6B9E394240D
Creation and modification date: 2023-09-06 00:33 - 2023-09-18 11:40
Size: 000032768
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\SysWOW64\DnsStorage ========================
 
C:\WINDOWS\SysWOW64\DnsStorage
Catalog: Error1: CreateFileW function failed
File not signed
MD5: E0C0283F2E2ED57E4221721BB1B7B9D8
Creation and modification date: 2023-09-06 00:33 - 2023-09-06 00:33
Size: 000012288
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\SysWOW64\AppRulesStorage ========================
 
C:\WINDOWS\SysWOW64\AppRulesStorage
Catalog: Error1: CreateFileW function failed
File not signed
MD5: 7033E2DF6B8D95E120775D6635669CD7
Creation and modification date: 2023-09-06 00:33 - 2023-09-12 13:18
Size: 000012288
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\SysWOW64\DnsStorage-wal ========================
 
C:\WINDOWS\SysWOW64\DnsStorage-wal
File not signed
MD5: D41D8CD98F00B204E9800998ECF8427E <==== ATTENTION (File is in use)
Creation and modification date: 2023-09-06 00:33 - 2023-09-06 00:33
Size: 000000000
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0-byte
 
====== End of File: ======
 
================== Zip: ===================
C:\Windows\Minidump -> Size=zero byte
=========== Zip: End ===========
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\LFCIO => removed successfully
LFCIO => service removed successfully
 
========= type   C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json =========
 
{
  "$schema": "schemas/IntegratedServicesRegionPolicySet.Schema.1.1.0.json",
  "version": "1.0",
  "policies": [
    {
      "$comment": "Edge is uninstallable.",
      "guid": "{1bca278a-5d11-4acf-ad2f-f9ab6d7f93a6}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "User can disable web search.",
      "guid": "{6002ce31-b807-4f82-820c-2b92e716ab76}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Narrator scripting extensions are enabled.",
      "guid": "{6033b294-79ff-47eb-bbde-97b4c6479217}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "File Explorer Search is third party extensible.",
      "guid": "{63ef7a1e-95a1-4f7b-9d4c-b5ed8e72fe10}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "First party File Explorer Search is allowed.",
      "guid": "{ad2d9176-ef16-42de-ba5e-5f6e5a07abca}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Featured apps show in Open With dialog.",
      "guid": "{50db02cb-3f22-465b-9205-0e722c2caf0c}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Third party search providers show in search.",
      "guid": "{f2775604-739c-4cd2-8463-eb040f7e8bf7}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Third party search highlight content in search zero input.",
      "guid": "{e462341d-48bf-4a7f-9585-5a4e5b90a079}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "First party search highlight content in search zero input.",
      "guid": "{13feefcf-0f8a-4df0-b85c-417cbcc68d27}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Third parties can customize the Taskbar Gleam.",
      "guid": "{9a9f7273-6d5d-4da8-a8e6-bc3243b84d21}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "First party Taskbar Gleam customization is shown.",
      "guid": "{61bf5046-c5db-4cd3-b6bf-929e5b421a6a}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Search MRU shows third party provider.",
      "guid": "{407a6a2a-4c34-4945-bd24-cd194635abae}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Edge is required for web search.",
      "guid": "{5436f3c3-803e-447d-9bd2-b533888df09f}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "System components are differentiated from apps.",
      "guid": "{b162c44a-5d51-4fb4-aadd-6b8bf3ea4648}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Backup options are restricted.",
      "guid": "{4492387d-5ea5-4e72-9ca0-69067d19502c}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Show files from the MS Office MRU redommendation provider.",
      "guid": "{c053478a-fd9a-4bbf-a794-4ebef4bbf764}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Third party feed is shown in Widgets.",
      "guid": "{16d2b50e-fa7c-4bb1-ab17-01d766530b3b}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Third party Widgets are shown in Widgets feed.",
      "guid": "{93f5099b-feeb-42c1-984b-c34851e100aa}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "First party Widget feed can be disabled.",
      "guid": "{92ca7dcf-f422-4a4b-892e-7883a3ca8d70}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Use default web protocol for Widget links.",
      "guid": "{3d0c862c-bfd8-4350-af2f-4c42884cc3a8}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Restrict Widgets data sharing.",
      "guid": "{0dcb52b1-6b3f-4e95-8049-bf2281ae2eda}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Restrict third-party Widgets data sharing.",
      "guid": "{4323bb73-d394-4c3a-b9df-224ab359844f}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "UTC events should be tagged restricted.",
      "guid": "{dd5d7e7c-3ad7-4e38-b11b-a566f1510d00}",
      "defaultState": "disabled",
      "conditions": {
        "region": {
          "enabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "XBox performance fit data sharing.",
      "guid": "{cd69e9e4-3778-4418-ba1d-bf0116eeeebe}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Shared ODD consent.",
      "guid": "{1f5403a8-5d44-40b9-a002-dda7ce7b0d01}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    },
    {
      "$comment": "Windows CoPilot",
      "guid": "{4ac54d32-0799-405f-9bf4-1fe094cd859c}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "disabled": ["CN", "HK", "MO", "RU", "TW", "UA"]
        }
      }
    },
    {
      "$comment": "Automatic app sign-in",
      "guid": "{1d290cdb-499c-4d42-938a-9b8dceffe998}",
      "defaultState": "enabled",
      "conditions": {
        "region": {
          "disabled": ["AT", "BE", "BG", "CY", "CZ", "DE", "DK", "EE", "ES", "FI", "FR", "GR", "HR", "HU", "IE", "IT", "LT", "LU", "LV", "MT", "NL", "PL", "PT", "RO", "SE", "SI", "SK"]
        }
      }
    }
  ]
}
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
 
========= ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Unknown adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 1:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::b14e:aa38:4a50:bc41%10
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
 
========= End of CMD: =========
 
 
========= ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Unknown adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 1:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : home
   Link-local IPv6 Address . . . . . : fe80::b14e:aa38:4a50:bc41%10
   IPv4 Address. . . . . . . . . . . : 192.168.1.109
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
{6D530CD9-3972-4A46-8F5B-B5BF430C4095} canceled.
1 out of 1 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.1
 
Image Version: 10.0.22631.2199
 
 
[==                         3.8%                           ] 
 
[==                         4.7%                           ] 
 
[===                        5.2%                           ] 
 
[===                        5.8%                           ] 
 
[===                        6.6%                           ] 
 
[====                       7.6%                           ] 
 
[====                       8.6%                           ] 
 
[=====                      9.1%                           ] 
 
[=====                      10.1%                          ] 
 
[======                     11.1%                          ] 
 
[=======                    12.1%                          ] 
 
[=======                    13.0%                          ] 
 
[========                   13.8%                          ] 
 
[========                   14.4%                          ] 
 
[========                   14.8%                          ] 
 
[========                   14.9%                          ] 
 
[========                   15.4%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  17.1%                          ] 
 
[==========                 18.1%                          ] 
 
[===========                19.1%                          ] 
 
[===========                19.7%                          ] 
 
[===========                19.8%                          ] 
 
[============               20.8%                          ] 
 
[============               21.4%                          ] 
 
[============               22.1%                          ] 
 
[=============              22.5%                          ] 
 
[=============              23.0%                          ] 
 
[=============              23.7%                          ] 
 
[==============             24.7%                          ] 
 
[==============             25.4%                          ] 
 
[==============             25.7%                          ] 
 
[===============            26.0%                          ] 
 
[===============            27.0%                          ] 
 
[================           27.8%                          ] 
 
[================           27.9%                          ] 
 
[================           28.1%                          ] 
 
[================           28.3%                          ] 
 
[================           28.3%                          ] 
 
[================           28.6%                          ] 
 
[================           28.8%                          ] 
 
[================           28.9%                          ] 
 
[================           29.3%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.7%                          ] 
 
[=================          30.2%                          ] 
 
[=================          30.5%                          ] 
 
[=================          30.7%                          ] 
 
[=================          30.8%                          ] 
 
[=================          30.9%                          ] 
 
[=================          30.9%                          ] 
 
[==================         31.1%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.6%                          ] 
 
[==================         31.9%                          ] 
 
[==================         32.3%                          ] 
 
[==================         32.4%                          ] 
 
[==================         32.6%                          ] 
 
[==================         32.8%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.5%                          ] 
 
[===================        33.7%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.4%                          ] 
 
[====================       34.5%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.8%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.1%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.4%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.8%                          ] 
 
[====================       35.8%                          ] 
 
[=====================      36.4%                          ] 
 
[=====================      36.9%                          ] 
 
[=====================      37.6%                          ] 
 
[======================     38.3%                          ] 
 
[======================     39.0%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    41.0%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.9%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  44.8%                          ] 
 
[========================== 45.7%                          ] 
 
[========================== 46.5%                          ] 
 
[===========================47.5%                          ] 
 
[===========================48.5%                          ] 
 
[===========================49.3%                          ] 
 
[===========================50.3%                          ] 
 
[===========================50.9%                          ] 
 
[===========================51.8%                          ] 
 
[===========================51.9%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.5%                          ] 
 
[===========================57.4%=                         ] 
 
[===========================58.1%=                         ] 
 
[===========================58.9%==                        ] 
 
[===========================58.9%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================77.4%============              ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27561869 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 366811755 B
Windows/system/drivers => 144851520 B
Edge => 0 B
Chrome => 522899653 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 65940 B
NetworkService => 88124 B
Nathan => 168723438 B
 
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:24:10 ====

#10 Naps284

Naps284
  • Topic Starter

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 18 September 2023 - 05:32 AM

I can't find the zip file (with today's date and time) you requested. Should it be in the same folder?


EDIT:
I found it now! It was on the desktop instead of inside the subfolder where I put FRST.
I just uploaded and submitted it through the link you sent me.


Edited by Naps284, 18 September 2023 - 05:57 AM.

#11 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 2,423 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:02:24 AM

Posted 18 September 2023 - 06:25 AM

Ok thanks.
Please do this next.

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
zip: C:\Windows\Logs\CBS\CBS.log
End::
  • Click on the Fix button just once and wait.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
The tool will also create a .zip file on the Desktop with today's date and time.
Please attach this to your next reply. If the file is too large Zip and upload the file here .

----------------------------------------------------------------------------------------------------------------------
Then please run a full scan with ESET Online Scanner., as an extra check.

  • Download ESET Online Scanner from here and save it to your Desktop.
  • Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
  • Select your desired language from the drop-down menu and click Get started.
  • Click Yes if a User Account window appears.
  • In the Terms of use screen, click Accept if you agree to the Terms of use.
  • Click Get started in the welcome screen.
  • Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
  • Click Computer scan, in the Welcome back screen.
  • Choose Full scan on the next screen.
  • Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
  • Please note that this process can take several hours to complete.
  • At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
  • On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
  • ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
  • You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
  • On the next screen, you can leave feedback about the program if you wish.
  • There is an option to delete the application's data on closing, but we can but we can do this later.
  • If you left feedback, click Submit and Close. If not, click Close.
  • Copy and paste the contents of the ESETScan.txt file in your next reply.

#12 Naps284

Naps284
  • Topic Starter

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 18 September 2023 - 06:52 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2023
Ran by Nathan (18-09-2023 13:49:24) Run:2
Running from C:\Users\Nathan\Desktop\Bleeping computer forum help\FRST
Loaded Profiles: Nathan
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
zip: C:\Windows\Logs\CBS\CBS.log
End::
*****************
 
================== Zip: ===================
C:\Windows\Logs\CBS\CBS.log -> copied successfully to C:\Users\Nathan\Desktop\18.09.2023_13.49.24.zip
=========== Zip: End ===========
 
==== End of Fixlog 13:49:25 ====

Attached Files


#13 Naps284

Naps284
  • Topic Starter

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 18 September 2023 - 06:58 AM

I am now running the full scan with ESET Online Scanner.
I will answer as soon as it completes!

Thank you again for your help!


#14 Naps284

Naps284
  • Topic Starter

  • Avatar image
  • Members
  • 17 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Switzerland
  • Local time:03:24 AM

Posted 18 September 2023 - 07:52 AM

I have a question:
Is it a good idea to set a higher priority for the three processes of ESET Online Scanner in the Task Manager to make the scan run faster? Notice that the scan is already running.

--------------

The scan started at about 13:55 (local time).
It took until about 14:25 to download the latest module updates.
As of now (14:50), it has scanned about 195'000.

--------------

 

Number of files (checked manually using TreeSize Free): 

622'535 (C:)
553944 (D:)
 
Total:
1'176'479

 


#15 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 2,423 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:02:24 AM

Posted 18 September 2023 - 07:58 AM

I'd just let it run it's course.

It often takes a long while to scan, as it's very thorough.


Back to Virus, Trojan, Spyware, and Malware Removal Help


3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·