Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Ethereum mailing list breach exposes 35,000 to crypto draining attack

Featured Deal: Upgrade your iPad with an Apple Magic Keyboard Folio for under $90

Latest Buyer's Guide:    Best web browsers with built in VPN: Boost online privacy

Generic User Avatar

Brand new laptop Infected

Started by gregg.greener , Yesterday, 10:47 AM

  • Please log in to reply
8 replies to this topic

#1 gregg.greener

gregg.greener

  • Avatar image
  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:02:55 AM

Posted Yesterday, 10:47 AM

New laptop has is shutting down and has security log files dated from a year ago.  I received some help for Windows 11 forum and ran speccy and minitool box, the advisor helping me suggested I come here.

 

249.pngSummary
 
Operating System
Windows 11 Home 64-bit
 
 
CPU
Intel Core i9: 
47 °C
Raptor Lake 10nm Technology
 
 
RAM
16.0GB Unknown @ 2593MHz (42-42-42-82)
 
 
Motherboard
Micro-Star International Co., Ltd. MS-17L5 (U3E1): 
53 °C
 
Graphics
Generic PnP Monitor (1920x1080@144Hz)
 
ED320QR S (1920x1080@60Hz)
 
ONA18HO015C (1920x1080@60Hz)
 
Intel Iris Xe Graphics (MSI)
 
4091MB NVIDIA GeForce RTX 4070 Laptop GPU (MSI): 
43 °C
SLI Disabled
 
 
Storage
953GB NVMe WD PC SN560 SDDPNQE-1T00-1032 (Unknown (SSD))
 
 
Optical Drives
No optical disk drives detected
 
 
Audio

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by gcgre (04-07-2024 09:18:53)
Running from C:\Users\gcgre\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3810 (X64) (2024-06-28 01:28:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1158046985-802832744-925710807-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1158046985-802832744-925710807-503 - Limited - Disabled)
gcgre (S-1-5-21-1158046985-802832744-925710807-1001 - Administrator - Enabled) => C:\Users\gcgre
Guest (S-1-5-21-1158046985-802832744-925710807-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1158046985-802832744-925710807-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 for Gamers (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 for Gamers (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20895 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{6b617af3-c8f4-45a8-bf47-b32ffb4da1cc}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{bb9d349f-b87b-4026-b336-1604708bd09c}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{A3A258AC-BF95-41DA-8693-807E4A5BF10D}) (Version: 24.3.26.8 - Intel) Hidden
Intel® Chipset Device Software (HKLM\...\{E6CC1C02-638D-44F5-8BAE-E455453F80BA}) (Version: 10.1.19468.8385 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{8af15a1a-f70d-4968-84c0-97df0607c3e6}) (Version: 10.1.19468.8385 - Intel® Corporation)
Intel® Computing Improvement Program (HKLM\...\{2D924248-D4EE-45BA-BDDB-1FA8828CF5CA}) (Version: 2.4.10852 - Intel Corporation)
Intel® Serial IO (HKLM\...\{47D5774F-BBF9-401C-B909-B056C0391B39}) (Version: 30.100.2237.26 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2237.26 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{D162161F-8200-475E-A86A-693E7C951444}) (Version: 24.3.26.8 - Intel)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16327.20264 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.87 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.87 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16327.20264 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 127.0.2 (x64 en-US)) (Version: 127.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 127.0.2 - Mozilla)
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2023.0619.01 - MSI)
MSI NBFoundation Service (HKLM-x32\...\{640EFA76-B899-476B-B2DF-D0CCF11D6083}}_is1) (Version: 2.0.2306.1501 - MSI)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.24.2.6 - NortonLifeLock Inc)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.114 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.114 - NVIDIA Corporation)
NVIDIA Graphics Driver 536.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.67 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20264 - Microsoft Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9536.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.10.0720.2022 - Realtek)
Speccy (HKLM\...\Speccy) (Version: 1.33 - Piriform)
Verbatim_SureFireGaming_Product (HKLM\...\{35CB65C6-A7E3-4EE7-AD40-738D70A72164}) (Version: 1.0.3.11 - Verbatim) Hidden
Verbatim_SureFireGaming_Product (HKLM-x32\...\{d601832a-0d94-46ce-9b19-78e8a5887313}) (Version: 1.0.3.11 - Verbatim) Hidden
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
 
Packages:
=========
 
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-27] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_20.0.1011.0_x64__8j3eq9eme6ctt [2024-06-27] (INTEL CORP)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23306.1292.0_x64__8wekyb3d8bbwe [2024-07-02] (Microsoft Corporation)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.30.0_x64__w1wdnht996qgy [2024-07-02] (LinkedIn) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-07-03] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-07-02] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-07-02] (Microsoft Corporation)
Microsoft.D3DMappingLayers -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2406.1.0_x64__8wekyb3d8bbwe [2024-07-03] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24052.57.0_x64__cw5n1h2txyewy [2024-07-03] (Microsoft Windows) [Startup Task]
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.38.0_x64__kzh8wxbdkxb8p [2024-07-03] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.10.1.0_x64__w2gh52qy24etm [2024-06-29] (A-Volute)
Norton Security -> C:\Program Files\Norton Security\Engine\22.24.2.6 [2024-07-04] (NortonLifeLock Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-06-27] (NVIDIA Corp.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.20006.0_x64__8wekyb3d8bbwe [2024-06-27] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.327.0_x64__dt26b99r8h8gj [2024-06-27] (Realtek Semiconductor Corp)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-06-29] (Microsoft Corporation)
WinDbg -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe [2024-07-03] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-04] (Microsoft Windows)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\gcgre\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{DD49F9F5-1103-4AD1-9657-1D5856227307}\InprocServer32 -> C:\Users\gcgre\AppData\Local\Mozilla Firefox\notificationserver.dll => No File
ShellIconOverlayIdentifiers: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_3590cae657f3464b\nvshext.dll [2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-05-23 23:54 - 2024-05-23 23:54 - 003164160 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 23:24 - 2022-05-06 23:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1158046985-802832744-925710807-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 10.255.0.0 - 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSI Foundation Service => 2
MSCONFIG\Services: MSI_Center_Service => 2
MSCONFIG\Services: MSI_VoiceControl_Service => 2
MSCONFIG\Services: Mystic_Light_Service => 2
MSCONFIG\Services: NahimicService => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D8CD8E90-2331-4AAC-847B-5A9D0541A9AB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CAED8347-077F-461C-BCE2-B1E2CA1BB363}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{67623847-6806-41C4-9811-EB935B93E8B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{BD1BFE43-70A3-43BD-A15D-0E2838FAA0C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{77A3AF50-8349-413A-9853-2F65C6B48922}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{62F828D8-50A3-415C-9705-A0C25EAEF20E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{46FC69D3-FE3F-466F-848C-E55A1D7E3A8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{CD32A03B-E5E1-41F9-AEB1-CE18AE0C9D68}] => (Allow) C:\Program Files (x86)\BlueStacks X_msi5\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{3BB52BD6-8A96-4929-BB09-2D9E9752E208}] => (Allow) C:\Program Files (x86)\BlueStacks X_msi5\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{D6969961-C0A4-461E-BC1F-2B5BFFC868FD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA2BEC15-D9F2-47CD-9CC3-D7BF7863336C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99BA31FC-5EA9-42A2-8FA1-6BE526253330}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9B28ABD5-41C3-4F17-A027-D4636F77FF2C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F2A20032-43E7-4627-8E86-16C8610812C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DAFC0DAC-17E9-4F37-B71A-20A1F6163F3F}] => (Allow) LPort=32683
FirewallRules: [{573F9907-126C-482F-98EB-23B3F6DA0B65}] => (Allow) LPort=26822
FirewallRules: [{4C06310F-22F7-45E4-A89C-EF6F04D2A0E2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E2FE4270-51CF-4899-AAEF-25B49FADB9DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A4124EB4-186E-4270-8FD8-DC5711335D6F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A124808-D001-42AD-A5F0-7970A2C5D2C2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{44BEA77B-8C89-4EA6-9DF7-B88F8CDDDAD6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{94671006-3637-4479-A164-5AD1D285DE6F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C52399D6-3780-453E-A1F4-F3CD0DEEF6B7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:931.04 GB) (Free:852.19 GB) (92%)
 
==================== Faulty Device Manager Devices ============
 
Name: Nahimic mirroring device
Description: Nahimic mirroring device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Nahimic
Service: Nahimic_Mirroring
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/04/2024 05:41:00 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
Error: (07/03/2024 10:46:10 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: Explorer.EXE, version: 10.0.22621.3733, time stamp: 0xc47c2769
Faulting module name: shcore.dll, version: 10.0.22621.3733, time stamp: 0xfea019d5
Exception code: 0xc0000005
Fault offset: 0x000000000002e0a4
Faulting process id: 0x0x22a0
Faulting application start time: 0x0x1dacdab290d962c
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\System32\shcore.dll
Report Id: 8157ce39-214b-4504-866a-d40478ade617
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/03/2024 06:58:24 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program drvinst.exe version 10.0.22621.3672 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/03/2024 06:46:57 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: SystemSettings.exe, version: 10.0.22621.3672, time stamp: 0x052f4222
Faulting module name: ux-phui.dll, version: 4.0.383.0, time stamp: 0x66182c91
Exception code: 0xc0000005
Fault offset: 0x000000000000326d
Faulting process id: 0x0x3314
Faulting application start time: 0x0x1dacdabaac78de4
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ux-phui.dll
Report Id: 8ed797a4-8ba6-4c2b-a7cf-f8c5aedd23fd
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (07/03/2024 04:52:42 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: splwow64.exe, version: 10.0.22621.3672, time stamp: 0xb644d59d
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000374
Fault offset: 0x000000000010c8f9
Faulting process id: 0x0x3658
Faulting application start time: 0x0x1dacd9b974b1b8f
Faulting application path: C:\Windows\splwow64.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 50818fa3-f441-483c-a767-5d66f50b17ef
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/03/2024 04:37:24 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x0xfe4
Faulting application start time: 0x0x1dacd9901c6399f
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 017b073c-c244-49f9-b126-7e238be85da2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/03/2024 01:59:30 AM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: SystemSettings.exe, version: 10.0.22621.3672, time stamp: 0x052f4222
Faulting module name: ux-phui.dll, version: 4.0.383.0, time stamp: 0x66182c91
Exception code: 0xc0000005
Fault offset: 0x000000000000326d
Faulting process id: 0x0x1bc8
Faulting application start time: 0x0x1dacd1eed523d8c
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ux-phui.dll
Report Id: b8c65481-750c-425d-b0c4-7d72e27d3753
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (07/03/2024 01:02:44 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
 
System errors:
=============
Error: (07/04/2024 09:02:14 AM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x0000019c (0x0000000000000050, 0xffffb68248e32080, 0x0000000000000000, 0x0000000000000000)C:\Windows\Minidump\070424-48718-01.dmp27806c59-504f-4067-966d-4707970cce2e
 
Error: (07/04/2024 09:01:28 AM) (Source: volmgr) (EventID: 162) (User: )
Description: Dump file generation succeded.
 
Error: (07/04/2024 09:02:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:40:52 AM on ‎7/‎4/‎2024 was unexpected.
 
Error: (07/04/2024 05:20:51 AM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x0000019c (0x0000000000000010, 0xffffa98e69868080, 0x0000000000000001, 0x0000000000000000)C:\Windows\Minidump\070424-48890-01.dmp5b7a7bf7-50df-409e-82af-e3b1b6593edf
 
Error: (07/04/2024 05:20:05 AM) (Source: volmgr) (EventID: 162) (User: )
Description: Dump file generation succeded.
 
Error: (07/04/2024 05:20:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:07:21 AM on ‎7/‎4/‎2024 was unexpected.
 
Error: (07/03/2024 10:08:24 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {ceeaae2e-1614-41d0-9182-cfebb969c561}, had event 74
 
Error: (07/03/2024 09:48:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
 
Windows Defender:
================
Date: 2024-07-03 01:11:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-03 00:15:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-02 22:46:45
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-06-29 01:51:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-06-29 01:43:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2024-07-04 09:14:55
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.2.6\symamsi.dll that did not meet the Windows signing level requirements. 
 
Date: 2024-07-04 09:13:32
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.2.6\symamsi.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends International, LLC. E17L5IMS.114 01/29/2024
Motherboard: Micro-Star International Co., Ltd. MS-17L5
Processor: 13th Gen Intel® Core™ i9-13900H
Percentage of memory in use: 49%
Total physical RAM: 16087.35 MB
Available physical RAM: 8087.57 MB
Total Virtual: 19031.35 MB
Available Virtual: 9050.62 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.04 GB) (Free:852.19 GB) (Model: NVMe WD PC SN560 SDDPNQE-1T00-1032) NTFS
 
\\?\Volume{d546ea9d-8f1c-4ab3-8faf-2c3fd20fdc50}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.28 GB) NTFS
\\?\Volume{82789c6c-7ce8-46d8-bb3a-6f1580717d9a}\ (BIOS_RVY) (Fixed) (Total:21.53 GB) (Free:0.69 GB) NTFS
\\?\Volume{43177c95-b8d1-49d3-9c24-82b8a5d43a0d}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 3C180FB2)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.07.2024
Ran by gcgre (administrator) on MSI (Micro-Star International Co., Ltd. Pulse 17 B13VGK) (04-07-2024 09:18:05)
Running from C:\Users\gcgre\OneDrive\Desktop\FRST64.exe
Loaded Profiles: gcgre
Platform: Microsoft Windows 11 Home Version 23H2 22631.3810 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> Micro-Star INT'L CO., LTD.) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.38.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe <6>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_b4463a9eb4e1c069\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_b4463a9eb4e1c069\ipf_helper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_a4d6ae741278ead3\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_346bd04e375689ec\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_b4463a9eb4e1c069\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_cbcebe813d4324dc\AS\IAS\IntelAudioService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_4e93878658043b21\OneApp.IGCC.WinService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_5b1252b3763da959\IntelCpHDCPSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_3590cae657f3464b\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0def78d8fd7b6e2b\RtkAudUService64.exe <2>
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 -> ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.10.1.0_x64__w2gh52qy24etm\Nahimic3.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.30.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0def78d8fd7b6e2b\RtkAudUService64.exe [1974728 2024-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKU\S-1-5-21-1158046985-802832744-925710807-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4905504 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_5] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui /instversion "22.23.5" (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe [2024-06-27] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {67443115-E72F-42D1-A291-5112FDE429CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1558984 2024-06-25] (Adobe Inc. -> Adobe Inc.)
Task: {1AD877C4-A23F-4392-9737-8CAA837723CB} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{81A687AA-7CF2-4FC8-A078-9AEC38A05E06} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe [4623976 2024-06-13] (Google LLC -> Google LLC)
Task: {C562938C-1EBE-4FA2-9606-10E1B02BFFF5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4916640 2024-04-15] (Intel Corporation -> Intel Corporation)
Task: {040FFCD7-4CA5-4FA1-9B07-DB2A91A9B1D5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4916640 2024-04-15] (Intel Corporation -> Intel Corporation)
Task: {8E0F270D-94BA-4B3C-BAFB-58F34EE44A97} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {6EF2E597-CBE3-4C7D-B1E5-B3FA9E35D030} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB8EB4CA-C26D-4EEC-9833-B33501D305F0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DDF711F-0C3D-44F6-A9C8-A2E41DD4CC44} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {A7C10DA7-0F89-4BD2-AB9E-854ED82CBD15} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {344051A2-23AA-4FF8-9C3D-F61B433F701E} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [190816 2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8DDA36D-F089-49B5-9408-43E1E1C2AFA2} - System32\Tasks\Microsoft\Windows\Application Experience\PcaWallpaperAppDetect => C:\Windows\system32\rundll32.exe [73728 2024-06-27] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\PcaSvc.dll,PcaWallpaperAppDetect
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {04EC0480-45DE-47FE-9944-FC2E250A17BD} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1158046985-802832744-925710807-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676936 2024-06-24] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {9B0D230D-EC61-4224-AD9D-BDC8520F5C51} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34888 2024-06-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {6D5FC19A-3BCA-4C32-B032-BAA3F35BC4B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent AFDF8DD2B82F8BB8 => C:\Users\gcgre\AppData\Local\Mozilla Firefox\default-browser-agent.exe  do-task "AFDF8DD2B82F8BB8" (No File)
Task: {36EFFC7E-7DE5-4CB0-BAE7-49E8BAECF406} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [2522720 2023-06-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {8581E46B-2213-4151-AFAA-70E40D9BC5A9} - System32\Tasks\NahimicTask32 => C:\Windows\System32\..\SysWOW64\NahimicSvc32.exe [1117448 ] (A-Volute SAS -> Nahimic)
Task: {6080B21B-CFDC-4DDD-895E-C8B2B297DB05} - System32\Tasks\NahimicTask64 => C:\Windows\System32\.\NahimicSvc64.exe [1437448 ] (A-Volute SAS -> Nahimic)
Task: {62711EF1-697F-4DF3-8F75-9541443EB33E} - System32\Tasks\Norton 360\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {6D3CCF72-6743-4F84-B853-CA87A970DBA9} - System32\Tasks\Norton 360\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {350F4C8E-1663-4F11-865D-E45675C2B15C} - System32\Tasks\Norton 360\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {0971F571-D4BF-426C-8EF0-2B752DA9C2E9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.24.2.6\WSCStub.exe [646520 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {E88E6002-7BFA-4594-936A-F6377E89C51F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2023-07-27] (Nvidia Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8797F491-2DB3-4AC1-9CD3-47B95E2EC927} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3B84F7B0-EC32-418E-A286-7E7432CF3620} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {632512B3-B26F-450B-AAEB-89C9923749C8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C94CD661-5265-44A2-819E-25D21962E2B2} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E417FDF0-BC9F-454F-88A3-C5B906F4BD29} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3479C9B9-ECF1-4964-A1D4-D17813ED8A53} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4A0307C2-E6C1-4993-A449-88015056FEE2} - System32\Tasks\OmApSvcBroker => C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe [844944 2023-05-26] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {10799326-57C1-48FB-8EF3-26C55B0CE48A} - System32\Tasks\OneDC_Updater => C:\Users\gcgre\Documents\temp\OneDC_Updater\OneDC_Updater.exe  OneDragonCenter (No File)
Task: {6FE091A6-43C8-4AB1-9286-1F81BB9DCD4B} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7CB4C4C-DF91-462F-9C82-6C05095BFB8C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1158046985-802832744-925710807-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {D69A226B-AF06-4722-A474-C688E2904817} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 for Gamers\Upgrade.exe [2353000 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {A5C007CE-F642-4D5D-B2D7-2EE0AFA62856} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [200704 2024-06-27] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{15bedfaf-6b9b-49c1-82df-d6f1544d62d7}: [DhcpNameServer] 192.168.1.254 75.153.171.124
Tcpip\..\Interfaces\{16e705f3-9c98-4316-93b2-fe8ccff0f5d2}: [DhcpNameServer] 192.168.1.254 75.153.171.124
Tcpip\..\Interfaces\{686E1526-5487-4579-9D5C-7D997F0C562C}: [NameServer] 10.255.0.0
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\gcgre\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-04]
Edge Extension: (Norton Safe Web) - C:\Users\gcgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2024-06-28]
Edge Extension: (Browsing Protection by F-Secure) - C:\Users\gcgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cpikpibllpjmpnchjajlibnmmomnnhnm [2024-07-03]
Edge Extension: (Google Docs Offline) - C:\Users\gcgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-27]
Edge Extension: (Edge relevant text changes) - C:\Users\gcgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-06-27]
Edge Extension: (AdGuard AdBlocker) - C:\Users\gcgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2024-06-27]
 
FireFox:
========
FF DefaultProfile: 3b2iv76j.default
FF ProfilePath: C:\Users\gcgre\AppData\Roaming\Mozilla\Firefox\Profiles\phqpncm0.default-release-1 [2024-07-04]
FF ProfilePath: C:\Users\gcgre\AppData\Roaming\Mozilla\Firefox\Profiles\3b2iv76j.default [2024-06-27]
FF ProfilePath: C:\Users\gcgre\AppData\Roaming\Mozilla\Firefox\Profiles\3y1uh1nz.default-release [2024-07-04]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-06-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\gcgre\AppData\Local\Google\Chrome\User Data\Default [2024-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\gcgre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gcgre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-06-27]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-06-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749256 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_a4d6ae741278ead3\ipfsvc.exe [557264 2023-09-14] (Intel Corporation -> Intel Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [44056 2024-06-20] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [292888 2024-06-20] (Intel Corporation -> Intel)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncHelper.exe [3518992 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
S2 Intel® Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel® Corporation)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_cbcebe813d4324dc\AS\IAS\IntelAudioService.exe [528928 2023-07-27] (Intel Corporation -> Intel)
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_b4463a9eb4e1c069\ipf_uf.exe [3006144 2023-08-26] (Intel Corporation -> Intel Corporation)
R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [92768 2023-05-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [171248 2023-05-11] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
S4 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe [95472 2023-05-11] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI Sendevsvc; C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe [311536 2023-05-11] (Micro-Star International CO., LTD. -> )
S4 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [150176 2022-08-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S4 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36880 2023-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S4 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [37616 2022-04-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S4 NahimicService; C:\Windows\system32\NahimicService.exe [1909512 2023-11-14] (A-Volute SAS -> Nahimic)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe [344888 2024-03-04] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe [1059176 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.116.0609.0005\OneDriveUpdaterService.exe [3858464 2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_3590cae657f3464b\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_3590cae657f3464b\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88179; C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-06] (Microsoft Windows -> ASIX Electronics Corp.)
R3 AX88179A; C:\Windows\System32\DriverStore\FileRepository\axusbeth.inf_amd64_00da554e0fe424fd\AxUsbEth.sys [168048 2024-06-11] (WDKTestCert asix,133111579530933026 -> ASIX Electronics Corp.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.23.5.106\Definitions\BASHDefs\20221102.011\BHDrvx64.sys [1705040 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\ccSetx64.sys [198288 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44576 2024-07-04] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 CtaChildDriver; C:\Windows\System32\drivers\CtaChildDriver.sys [40400 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527976 2024-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159848 2024-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 fse; C:\Windows\System32\drivers\fse.sys [218608 2024-06-27] (Microsoft Windows -> Microsoft Corporation)
S3 GSCAuxDriver; C:\Windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_1cdec79b010cf065\GSCAuxDriverx64.sys [93648 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 GSCx64; C:\Windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_b9e8b3b7b7afc367\TeeDriverGSCW8x64.sys [263632 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-18] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-18] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1605304 2022-08-30] (Intel Corporation -> Intel Corporation)
S3 ibtuart; C:\Windows\System32\DriverStore\FileRepository\ibtuart.inf_amd64_2287497d0a09910d\ibtuart.sys [1018432 2023-07-27] (Intel Corporation -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.23.5.106\Definitions\IPSDefs\20240703.066\IDSvia64.sys [1554432 2024-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 IntcSdwBus; C:\Windows\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_d3d4da2eb15364e3\IntcSdwBus.sys [516672 2023-07-27] (Intel Corporation -> Intel® Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_9d17fea24a602101\IntcUSB.sys [912928 2023-07-27] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2023-07-27] (Intel Corporation -> Intel Corporation)
S3 Intel_NF_I2C; C:\Windows\System32\DriverStore\FileRepository\intel_nf_i2c_child.inf_amd64_a329fd450939b60d\Intel_NF_I2C.sys [207352 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_bbf43e4f318d6971\ipf_acpi.sys [88152 2023-08-26] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_b4463a9eb4e1c069\ipf_cpu.sys [85696 2023-08-26] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_b4463a9eb4e1c069\ipf_lf.sys [484544 2023-08-26] (Intel Corporation -> Intel Corporation)
S3 LT6911Au; C:\Windows\System32\DriverStore\FileRepository\lt6911au.inf_amd64_2f08ac6e600a0ba1\LT6911Au.sys [63520 2023-07-27] (Intel Corporation -> Intel® Corporation)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19000 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 NahimicBTLink; C:\Windows\System32\drivers\NahimicBTLink.sys [86200 2022-08-18] (A-Volute SAS -> Windows ® Win 7 DDK provider)
S3 Nahimic_Mirroring; C:\Windows\System32\drivers\Nahimic_Mirroring.sys [86224 2022-08-18] (A-Volute SAS -> Windows ® Win 7 DDK provider)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\nsvst.sys [57120 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2023-07-27] (Nvidia Corporation -> NVIDIA Corporation)
R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [240152 2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_01420634915f2c11\rt68cx21x64.sys [722792 2023-01-30] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1618020.006\SRTSP64.SYS [960640 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1618020.006\SRTSPX64.SYS [52864 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1618020.006\SYMEFASI64.SYS [2180248 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1618020.006\SymELAM.sys [36016 2024-03-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100344 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.23.5.106\SymPlatform\SymEvnt.sys [934912 2024-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1618020.006\Ironx64.SYS [306872 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1618020.006\symnets.sys [492720 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2024-06-27] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22080 2024-06-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602520 2024-06-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-06-27] (Microsoft Windows -> Microsoft Corporation)
S3 WINIO; C:\Program Files (x86)\MSI\MSI NBFoundation Service\KernCoreLib64.sys [25656 2018-11-15] (Micro-Star International CO., LTD. -> )
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1618020.006\wpCtrlDrv.sys [1016792 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-04 09:18 - 2024-07-04 09:18 - 000033087 _____ C:\Users\gcgre\OneDrive\Desktop\FRST.txt
2024-07-04 09:17 - 2024-07-04 09:18 - 000000000 ____D C:\FRST
2024-07-04 09:09 - 2024-07-04 09:09 - 002395648 _____ (Farbar) C:\Users\gcgre\OneDrive\Desktop\FRST64.exe
2024-07-04 09:07 - 2024-07-04 09:07 - 000003834 _____ C:\Windows\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2024-07-04 08:19 - 2024-07-04 08:19 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-07-04 08:19 - 2024-07-04 08:19 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-07-04 08:19 - 2024-07-04 08:19 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-07-04 08:19 - 2024-07-04 08:19 - 000000000 ____D C:\Users\gcgre\AppData\Local\Intel
2024-07-04 08:19 - 2024-05-23 23:54 - 000048472 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2024-07-04 08:18 - 2024-07-04 08:18 - 000001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-07-04 08:18 - 2024-07-04 08:18 - 000000000 ____D C:\Program Files (x86)\Intel
2024-07-04 08:16 - 2024-07-04 08:16 - 003773920 _____ (Intel) C:\Users\gcgre\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe
2024-07-04 06:34 - 2024-07-04 06:34 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2024-07-04 06:08 - 2024-07-04 09:08 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2024-07-04 06:08 - 2024-07-04 06:08 - 000003374 _____ C:\Windows\system32\Tasks\Norton WSC Integration
2024-07-04 06:08 - 2024-07-04 06:08 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2024-07-04 05:20 - 2024-07-04 09:02 - 000000000 ____D C:\Windows\Minidump
2024-07-04 04:59 - 2024-07-04 04:59 - 000000000 ____H C:\Users\gcgre\OneDrive\Documents\Default.rdp
2024-07-04 01:38 - 2024-07-04 01:38 - 000072684 _____ C:\Users\gcgre\Downloads\MTB.txt
2024-07-04 00:57 - 2024-07-04 00:57 - 000956928 _____ (Farbar) C:\Users\gcgre\Downloads\MiniToolBox (1).exe
2024-07-04 00:52 - 2024-07-04 00:52 - 000956928 _____ (Farbar) C:\Users\gcgre\Downloads\MiniToolBox.exe
2024-07-04 00:45 - 2024-07-04 00:47 - 000000000 ____D C:\Program Files\Speccy
2024-07-04 00:45 - 2024-07-04 00:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2024-07-04 00:43 - 2024-07-04 00:43 - 018824928 _____ (Piriform Software Ltd) C:\Users\gcgre\Downloads\spsetup133.exe
2024-07-03 23:18 - 2024-07-03 23:18 - 000000000 ____D C:\ProgramData\Dbg
2024-07-03 23:17 - 2024-07-03 23:17 - 000000000 ____D C:\Users\gcgre\AppData\Local\IsolatedStorage
2024-07-03 19:07 - 2024-07-03 19:07 - 000025684 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-03 19:06 - 2024-07-03 19:06 - 000025684 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-07-03 18:55 - 2023-07-07 15:13 - 007684016 _____ (HP Inc.) C:\Windows\system32\HPScanTEDrv_x64.dll
2024-07-03 18:55 - 2023-07-07 15:13 - 005381512 _____ (HP Inc.) C:\Windows\SysWOW64\HPScanTEDrv.dll
2024-07-03 18:55 - 2023-07-07 15:13 - 001350528 _____ (HP Inc.) C:\Windows\system32\HPScanTEDrv_x64_DiscoveryLibDyn.dll
2024-07-03 18:55 - 2023-07-07 15:13 - 000992128 _____ (HP Inc.) C:\Windows\SysWOW64\DiscoveryLibDyn.dll
2024-07-03 18:55 - 2023-07-07 15:13 - 000699272 _____ (HP Inc., LP) C:\Windows\system32\HPWia2Drv.dll
2024-07-03 18:55 - 2023-07-07 15:13 - 000168880 _____ (TODO: <Company name>) C:\Windows\system32\HPWIAExtensionUI.dll
2024-07-03 17:04 - 2024-07-03 18:58 - 000000000 ____D C:\ProgramData\HP
2024-07-03 16:49 - 2024-07-03 16:49 - 000000000 ____D C:\Users\gcgre\AppData\Local\ElevatedDiagnostics
2024-07-03 16:46 - 2024-07-03 16:46 - 000000000 ____D C:\Users\gcgre\OneDrive\Documents\Custom Office Templates
2024-07-03 00:17 - 2024-07-03 00:17 - 000000000 ____D C:\Windows\Firmware
2024-07-02 23:24 - 2024-07-02 23:24 - 000001246 _____ C:\Users\gcgre\OneDrive\Desktop\11.txt
2024-07-02 23:23 - 2024-07-02 23:23 - 022555159 _____ C:\Users\gcgre\Downloads\fd1daf0d-b77a-49b1-aa0d-48d99a4e54b2.MOV
2024-07-02 22:57 - 2024-07-02 22:57 - 000000000 ____D C:\Users\gcgre\AppData\Local\Backup
2024-07-02 22:55 - 2024-07-02 23:08 - 006809784 _____ C:\Users\gcgre\Downloads\takeout-20240703T044255Z-001.zip
2024-07-02 22:55 - 2024-07-02 22:55 - 009284373 _____ C:\Users\gcgre\Downloads\takeout-20240703T044255Z-001 (1).zip
2024-07-02 22:55 - 2024-07-02 22:55 - 000045145 _____ C:\Users\gcgre\Downloads\takeout-20240703T044214Z-001.zip
2024-06-29 01:55 - 2024-07-02 22:46 - 000000000 ____D C:\Users\gcgre\AppData\Local\Nahimic
2024-06-29 01:55 - 2024-06-29 01:55 - 000000000 ____D C:\ProgramData\Nahimic
2024-06-29 01:50 - 2024-06-29 01:50 - 000000000 ____D C:\Windows\system32\%userprofile%
2024-06-28 23:39 - 2024-07-04 08:29 - 000000000 ____D C:\Users\gcgre\AppData\Local\Norton
2024-06-28 12:25 - 2024-06-28 12:25 - 000000000 ____D C:\Users\gcgre\AppData\Local\CEF
2024-06-28 06:40 - 2024-06-28 08:13 - 000007638 _____ C:\Users\gcgre\AppData\Local\resmon.resmoncfg
2024-06-28 04:20 - 2024-06-28 04:20 - 000000000 ____D C:\Users\Public\Downloads\Norton
2024-06-28 02:18 - 2024-07-03 16:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-06-28 02:18 - 2024-06-29 01:50 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-06-28 02:18 - 2024-06-29 01:50 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-06-28 02:18 - 2024-06-29 01:50 - 000000000 ___RD C:\Users\Default\OneDrive
2024-06-28 02:18 - 2024-06-28 02:18 - 000000000 ___HD C:\OneDriveTemp
2024-06-28 02:16 - 2024-07-03 16:51 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\Word
2024-06-28 02:16 - 2024-07-03 16:36 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\UProof
2024-06-28 02:16 - 2024-06-28 02:16 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\Proof
2024-06-28 00:51 - 2024-07-03 22:47 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\MMC
2024-06-28 00:48 - 2024-06-28 00:48 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\com.adobe.dunamis
2024-06-28 00:48 - 2024-06-28 00:48 - 000000000 ____D C:\Users\gcgre\AppData\LocalLow\Adobe
2024-06-28 00:48 - 2024-06-28 00:48 - 000000000 ____D C:\Users\gcgre\AppData\Local\SolidDocuments
2024-06-28 00:48 - 2024-06-28 00:48 - 000000000 ____D C:\Users\gcgre\.ms-ad
2024-06-28 00:48 - 2024-06-28 00:48 - 000000000 ____D C:\ProgramData\Adobe
2024-06-28 00:47 - 2024-07-03 18:59 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-06-28 00:47 - 2024-07-03 00:02 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-06-28 00:46 - 2024-06-28 00:46 - 000000000 ____D C:\Program Files\Adobe
2024-06-28 00:45 - 2024-06-28 00:46 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-06-28 00:43 - 2024-06-28 02:30 - 000000000 ____D C:\Users\gcgre\AppData\Local\Adobe
2024-06-28 00:39 - 2024-07-03 16:43 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\Excel
2024-06-28 00:39 - 2024-06-28 02:16 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\Office
2024-06-28 00:39 - 2024-06-28 00:39 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\AddIns
2024-06-28 00:34 - 2024-06-28 00:34 - 000000000 ____D C:\Users\gcgre\AppData\Local\OneDrive
2024-06-27 22:23 - 2024-07-04 05:03 - 000000000 ____D C:\Windows\system32\en-CA
2024-06-27 21:59 - 2024-07-04 06:08 - 000000000 ____D C:\Program Files\Common Files\AV
2024-06-27 21:50 - 2024-07-02 23:53 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-06-27 21:50 - 2024-06-27 23:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-06-27 21:50 - 2024-06-27 23:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-06-27 21:50 - 2024-06-27 21:50 - 000002337 _____ C:\Users\gcgre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-06-27 21:50 - 2024-06-27 21:50 - 000002045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2024-06-27 21:50 - 2024-06-27 21:50 - 000001142 _____ C:\Users\gcgre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-06-27 21:50 - 2024-06-27 21:50 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-06-27 21:50 - 2024-06-27 21:50 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-06-27 21:50 - 2024-06-27 21:50 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Mozilla
2024-06-27 21:50 - 2024-06-27 21:50 - 000000000 ____D C:\Users\gcgre\AppData\Local\Mozilla Firefox
2024-06-27 21:50 - 2024-06-27 21:50 - 000000000 ____D C:\Users\gcgre\AppData\Local\Mozilla
2024-06-27 21:49 - 2024-06-27 21:49 - 000372088 _____ (Mozilla) C:\Users\gcgre\Downloads\Firefox Installer.exe
2024-06-27 21:48 - 2024-06-27 21:48 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-27 21:48 - 2024-06-27 21:48 - 000000000 ____D C:\Users\gcgre\AppData\Local\Google
2024-06-27 21:48 - 2024-06-27 21:48 - 000000000 ____D C:\Program Files\Google
2024-06-27 21:47 - 2024-06-27 21:47 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
2024-06-27 21:47 - 2024-06-27 21:47 - 000000000 ____D C:\Program Files (x86)\Google
2024-06-27 21:42 - 2024-06-27 21:42 - 008420232 _____ (Google LLC) C:\Users\gcgre\Downloads\ChromeSetup.exe
2024-06-27 21:28 - 2024-06-27 21:28 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-06-27 21:27 - 2022-11-23 21:00 - 005138512 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw12.sys
2024-06-27 21:27 - 2022-11-23 21:00 - 001470544 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter12.dll
2024-06-27 21:25 - 2024-06-27 21:25 - 000000000 ____D C:\Windows\system32\MRT
2024-06-27 21:22 - 2024-07-04 08:09 - 000000000 ____D C:\Users\gcgre\AppData\Local\NVIDIA
2024-06-27 21:19 - 2024-06-27 21:19 - 000000000 ____D C:\Users\gcgre\AppData\Local\Comms
2024-06-27 21:18 - 2024-06-27 21:19 - 000000000 ____D C:\Users\gcgre\AppData\Local\Publishers
2024-06-27 20:24 - 2024-07-04 09:02 - 000000000 ___RD C:\Users\gcgre\OneDrive
2024-06-27 20:23 - 2024-07-04 00:38 - 000000000 ____D C:\Users\gcgre\AppData\Local\DBG
2024-06-27 20:23 - 2024-06-29 01:50 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1158046985-802832744-925710807-1001
2024-06-27 20:23 - 2024-06-29 00:24 - 000002431 _____ C:\Users\gcgre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nahimic Companion.lnk
2024-06-27 20:23 - 2024-06-27 20:23 - 000000000 ____D C:\Users\gcgre\AppData\Local\PlaceholderTileLogoFolder
2024-06-27 20:23 - 2024-06-27 20:23 - 000000000 ____D C:\Users\gcgre\AppData\Local\NhNotifSys
2024-06-27 20:22 - 2024-07-04 08:17 - 000000000 ____D C:\Users\gcgre\AppData\Local\D3DSCache
2024-06-27 20:22 - 2024-07-04 06:11 - 000000000 ____D C:\Users\gcgre\AppData\Local\Packages
2024-06-27 20:22 - 2024-07-03 18:47 - 000000000 ____D C:\Users\gcgre\AppData\Local\CrashDumps
2024-06-27 20:22 - 2024-06-28 12:25 - 000000000 ____D C:\Users\gcgre\AppData\Local\NVIDIA Corporation
2024-06-27 20:22 - 2024-06-28 00:48 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Adobe
2024-06-27 20:22 - 2024-06-27 21:18 - 000000000 ____D C:\Users\gcgre\AppData\Local\ConnectedDevicesPlatform
2024-06-27 20:22 - 2024-06-27 20:22 - 000003642 _____ C:\Windows\system32\Tasks\OneDC_Updater
2024-06-27 20:22 - 2024-06-27 20:22 - 000000000 ___SD C:\Users\gcgre\AppData\Roaming\Microsoft\Crypto
2024-06-27 20:22 - 2024-06-27 20:22 - 000000000 ____D C:\Users\gcgre\OneDrive\Documents\temp
2024-06-27 20:22 - 2024-06-27 20:22 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\Vault
2024-06-27 20:22 - 2024-06-27 20:22 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\Network
2024-06-27 20:22 - 2024-06-27 20:22 - 000000000 ____D C:\Users\gcgre\AppData\LocalLow\Intel
2024-06-27 20:22 - 2024-06-27 20:22 - 000000000 ____D C:\Users\gcgre\AppData\Local\VirtualStore
2024-06-27 20:22 - 2024-06-27 20:22 - 000000000 ____D C:\ProgramData\Portrait Displays
2024-06-27 20:17 - 2024-07-04 05:03 - 000000000 ____D C:\Windows\InboxApps
2024-06-27 20:17 - 2024-06-27 23:44 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-06-27 20:17 - 2024-06-27 20:18 - 000000000 ____D C:\Windows\SysWOW64\DDFs
2024-06-27 20:13 - 2024-06-27 20:13 - 000060462 _____ C:\Windows\SysWOW64\ctac.json
2024-06-27 20:12 - 2024-06-27 20:12 - 000060462 _____ C:\Windows\system32\ctac.json
2024-06-27 19:36 - 2024-06-27 19:36 - 000000000 ___SD C:\Users\gcgre\AppData\Roaming\Microsoft\SystemCertificates
2024-06-27 19:35 - 2024-07-04 09:02 - 000000000 ____D C:\Users\gcgre
2024-06-27 19:35 - 2024-06-28 04:06 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\Spelling
2024-06-27 19:35 - 2024-06-27 20:22 - 000000000 ____D C:\Users\gcgre\AppData\Roaming\Microsoft\Windows
2024-06-27 19:35 - 2024-06-27 19:35 - 000000020 ___SH C:\Users\gcgre\ntuser.ini
2024-06-27 19:35 - 2024-06-27 19:35 - 000000000 ___SD C:\Users\gcgre\AppData\Roaming\Microsoft\Protect
2024-06-27 19:35 - 2024-06-27 19:35 - 000000000 ___SD C:\Users\gcgre\AppData\Roaming\Microsoft\Credentials
2024-06-27 19:28 - 2024-06-27 19:28 - 000003176 _____ C:\Windows\system32\Tasks\MSI Task Host - LEDKeeper2_Host
2024-06-27 19:28 - 2024-06-27 19:28 - 000000000 _SHDL C:\Documents and Settings
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-07-04 09:17 - 2022-05-06 23:22 - 000000000 ____D C:\Windows\INF
2024-07-04 09:12 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SystemTemp
2024-07-04 09:12 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\AppReadiness
2024-07-04 09:06 - 2023-06-02 15:39 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-07-04 09:02 - 2023-07-27 11:00 - 000000000 ____D C:\ProgramData\NVIDIA
2024-07-04 09:02 - 2023-06-02 15:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-07-04 09:02 - 2023-06-02 15:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-07-04 09:02 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\ServiceState
2024-07-04 09:02 - 2022-05-06 23:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-04 09:01 - 2023-11-01 12:00 - 004380079 ____N C:\Windows\Minidump\070424-48718-01.dmp
2024-07-04 09:01 - 2023-06-02 15:32 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-07-04 09:01 - 2023-06-02 15:30 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-04 08:41 - 2023-07-27 12:31 - 000000000 ____D C:\ProgramData\Common
2024-07-04 08:19 - 2023-07-27 10:49 - 000000000 ____D C:\ProgramData\Package Cache
2024-07-04 08:18 - 2023-07-27 10:58 - 000000000 ____D C:\ProgramData\Intel
2024-07-04 08:18 - 2023-07-27 10:50 - 000000000 ____D C:\Program Files\Intel
2024-07-04 06:44 - 2022-05-06 23:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-04 06:31 - 2022-05-06 23:24 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2024-07-04 06:29 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SystemResources
2024-07-04 06:29 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\security
2024-07-04 06:29 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-07-04 06:29 - 2022-05-06 23:20 - 000552960 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2024-07-04 06:29 - 2022-05-06 23:20 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\AppIdPolicyEngineApi.dll
2024-07-04 06:29 - 2022-05-06 23:20 - 000225280 _____ (Microsoft Corporation) C:\Windows\system32\appmgmts.dll
2024-07-04 06:29 - 2022-05-06 23:20 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll
2024-07-04 06:29 - 2022-05-06 23:20 - 000147439 _____ C:\Windows\system32\gpedit.msc
2024-07-04 06:29 - 2022-05-06 23:20 - 000120458 _____ C:\Windows\system32\secpol.msc
2024-07-04 06:29 - 2022-05-06 23:20 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2024-07-04 06:29 - 2022-05-06 23:20 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\AuditPolicyGPInterop.dll
2024-07-04 06:29 - 2022-05-06 23:20 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2024-07-04 06:29 - 2022-05-06 23:20 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2024-07-04 06:29 - 2022-05-06 23:20 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll
2024-07-04 06:29 - 2022-05-06 23:20 - 000043566 _____ C:\Windows\system32\rsop.msc
2024-07-04 06:29 - 2022-05-06 23:17 - 000000000 ____D C:\Windows\CbsTemp
2024-07-04 06:11 - 2023-06-02 15:32 - 000000000 ____D C:\ProgramData\Packages
2024-07-04 06:11 - 2022-05-06 23:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-04 06:08 - 2023-07-27 11:40 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2024-07-04 06:08 - 2022-05-06 23:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2024-07-04 05:20 - 2023-11-01 12:00 - 002441179 ____N C:\Windows\Minidump\070424-48890-01.dmp
2024-07-04 05:20 - 2023-07-27 11:30 - 000000000 ____D C:\ProgramData\OmApSvcBroker
2024-07-04 05:06 - 2022-05-06 23:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-07-04 05:06 - 2022-05-06 23:17 - 000786432 _____ C:\Windows\system32\config\BBI
2024-07-04 05:05 - 2023-06-02 15:30 - 000609392 _____ C:\Windows\system32\FNTCACHE.DAT
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\UUS
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\oobe
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\ShellComponents
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\Provisioning
2024-07-04 05:03 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\bcastdvr
2024-07-03 19:07 - 2023-06-02 15:34 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-07-03 16:34 - 2023-06-02 15:31 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-07-03 00:23 - 2023-06-02 15:42 - 000000000 ____D C:\Windows\system32\zh-HANT
2024-07-03 00:23 - 2023-06-02 15:41 - 000000000 ____D C:\Windows\system32\zh-HANS
2024-07-03 00:23 - 2022-05-07 00:10 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-07-03 00:23 - 2022-05-07 00:10 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-07-03 00:23 - 2022-05-07 00:01 - 000000000 ____D C:\Windows\SysWOW64\winrm
2024-07-03 00:23 - 2022-05-07 00:01 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2024-07-03 00:23 - 2022-05-07 00:01 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2024-07-03 00:23 - 2022-05-07 00:01 - 000000000 ____D C:\Windows\system32\winrm
2024-07-03 00:23 - 2022-05-07 00:01 - 000000000 ____D C:\Windows\system32\slmgr
2024-07-03 00:23 - 2022-05-07 00:01 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ___SD C:\Windows\system32\F12
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ___SD C:\Windows\system32\dsc
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\Com
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\Sysprep
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\migwiz
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\Dism
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\Com
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\OCR
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\IME
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Program Files\Common Files\System
2024-07-03 00:23 - 2022-05-06 23:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-07-03 00:23 - 2022-05-06 23:17 - 000000000 ____D C:\Windows\servicing
2024-07-03 00:22 - 2022-05-07 00:01 - 000000000 ____D C:\Windows\SysWOW64\WCN
2024-07-03 00:22 - 2022-05-07 00:01 - 000000000 ____D C:\Windows\system32\WCN
2024-07-02 22:46 - 2023-06-02 16:30 - 000000000 ____D C:\Windows\Panther
2024-06-29 01:55 - 2023-07-27 11:55 - 000003108 _____ C:\Windows\system32\Tasks\NahimicTask32
2024-06-29 01:55 - 2023-07-27 11:55 - 000003088 _____ C:\Windows\system32\Tasks\NahimicTask64
2024-06-29 01:55 - 2023-07-27 10:55 - 000000000 ____D C:\ProgramData\A-Volute
2024-06-29 01:51 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\appcompat
2024-06-28 23:39 - 2023-07-27 11:40 - 000000000 ____D C:\ProgramData\Norton
2024-06-28 07:57 - 2023-07-27 11:30 - 000000000 ____D C:\MSI
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ___SD C:\Windows\system32\UNP
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SystemApps
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\setup
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-06-27 23:44 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\BrowserCore
2024-06-27 23:25 - 2023-07-27 11:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-06-27 22:43 - 2023-06-02 15:57 - 000000000 ____D C:\Program Files\Microsoft Office
2024-06-27 22:32 - 2022-05-07 00:10 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2024-06-27 22:32 - 2022-05-07 00:10 - 000024383 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2024-06-27 21:23 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\SecurityHealth
2024-06-27 21:22 - 2023-06-02 15:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-06-27 21:18 - 2023-07-27 11:29 - 000000000 ____D C:\ProgramData\MSI
2024-06-27 20:22 - 2023-06-02 15:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-06-27 20:21 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\AppLocker
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\gl-ES
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\eu-ES
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\SysWOW64\ca-ES
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\vi-VN
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\lv-LV
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\lt-LT
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\id-ID
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\gl-ES
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\eu-ES
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\et-EE
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\es-MX
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\DDFs
2024-06-27 20:18 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\ca-ES
2024-06-27 20:17 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\DiagTrack
2024-06-27 20:16 - 2022-05-06 23:25 - 000209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2024-06-27 20:16 - 2022-05-06 23:24 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2024-06-27 19:30 - 2023-06-02 15:31 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-27 19:30 - 2023-06-02 15:31 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-27 19:30 - 2022-05-06 23:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2024-06-27 19:28 - 2023-07-27 11:30 - 000002238 _____ C:\Windows\system32\Tasks\OmApSvcBroker
2024-06-27 19:28 - 2023-07-27 11:01 - 000003398 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-06-27 19:28 - 2023-07-27 11:01 - 000003152 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-06-27 19:28 - 2023-07-27 11:01 - 000002948 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-06-27 19:28 - 2023-07-27 11:01 - 000002948 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-06-27 19:28 - 2023-07-27 11:01 - 000002948 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-06-27 19:28 - 2023-07-27 11:01 - 000002948 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-06-27 19:28 - 2023-07-27 11:01 - 000002914 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
 
==================== Files in the root of some directories ========
 
2024-06-28 06:40 - 2024-06-28 08:13 - 000007638 _____ () C:\Users\gcgre\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by gcgre (04-07-2024 09:18:53)
Running from C:\Users\gcgre\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3810 (X64) (2024-06-28 01:28:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1158046985-802832744-925710807-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1158046985-802832744-925710807-503 - Limited - Disabled)
gcgre (S-1-5-21-1158046985-802832744-925710807-1001 - Administrator - Enabled) => C:\Users\gcgre
Guest (S-1-5-21-1158046985-802832744-925710807-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1158046985-802832744-925710807-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 for Gamers (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 for Gamers (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20895 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{6b617af3-c8f4-45a8-bf47-b32ffb4da1cc}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{bb9d349f-b87b-4026-b336-1604708bd09c}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 126.0.6478.127 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{A3A258AC-BF95-41DA-8693-807E4A5BF10D}) (Version: 24.3.26.8 - Intel) Hidden
Intel® Chipset Device Software (HKLM\...\{E6CC1C02-638D-44F5-8BAE-E455453F80BA}) (Version: 10.1.19468.8385 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{8af15a1a-f70d-4968-84c0-97df0607c3e6}) (Version: 10.1.19468.8385 - Intel® Corporation)
Intel® Computing Improvement Program (HKLM\...\{2D924248-D4EE-45BA-BDDB-1FA8828CF5CA}) (Version: 2.4.10852 - Intel Corporation)
Intel® Serial IO (HKLM\...\{47D5774F-BBF9-401C-B909-B056C0391B39}) (Version: 30.100.2237.26 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2237.26 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{D162161F-8200-475E-A86A-693E7C951444}) (Version: 24.3.26.8 - Intel)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16327.20264 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 126.0.2592.87 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.87 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.116.0609.0005 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16327.20264 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 127.0.2 (x64 en-US)) (Version: 127.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 127.0.2 - Mozilla)
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2023.0619.01 - MSI)
MSI NBFoundation Service (HKLM-x32\...\{640EFA76-B899-476B-B2DF-D0CCF11D6083}}_is1) (Version: 2.0.2306.1501 - MSI)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.24.2.6 - NortonLifeLock Inc)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.114 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.114 - NVIDIA Corporation)
NVIDIA Graphics Driver 536.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.67 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20264 - Microsoft Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9536.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.10.0720.2022 - Realtek)
Speccy (HKLM\...\Speccy) (Version: 1.33 - Piriform)
Verbatim_SureFireGaming_Product (HKLM\...\{35CB65C6-A7E3-4EE7-AD40-738D70A72164}) (Version: 1.0.3.11 - Verbatim) Hidden
Verbatim_SureFireGaming_Product (HKLM-x32\...\{d601832a-0d94-46ce-9b19-78e8a5887313}) (Version: 1.0.3.11 - Verbatim) Hidden
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
 
Packages:
=========
 
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-27] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_20.0.1011.0_x64__8j3eq9eme6ctt [2024-06-27] (INTEL CORP)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23306.1292.0_x64__8wekyb3d8bbwe [2024-07-02] (Microsoft Corporation)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.30.0_x64__w1wdnht996qgy [2024-07-02] (LinkedIn) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-07-03] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-07-02] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-07-02] (Microsoft Corporation)
Microsoft.D3DMappingLayers -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2406.1.0_x64__8wekyb3d8bbwe [2024-07-03] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24052.57.0_x64__cw5n1h2txyewy [2024-07-03] (Microsoft Windows) [Startup Task]
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.38.0_x64__kzh8wxbdkxb8p [2024-07-03] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.10.1.0_x64__w2gh52qy24etm [2024-06-29] (A-Volute)
Norton Security -> C:\Program Files\Norton Security\Engine\22.24.2.6 [2024-07-04] (NortonLifeLock Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-06-27] (NVIDIA Corp.)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11060.20006.0_x64__8wekyb3d8bbwe [2024-06-27] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.327.0_x64__dt26b99r8h8gj [2024-06-27] (Realtek Semiconductor Corp)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-06-29] (Microsoft Corporation)
WinDbg -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe [2024-07-03] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-04] (Microsoft Windows)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\gcgre\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{DD49F9F5-1103-4AD1-9657-1D5856227307}\InprocServer32 -> C:\Users\gcgre\AppData\Local\Mozilla Firefox\notificationserver.dll => No File
ShellIconOverlayIdentifiers: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncShell64.dll [2024-06-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_3590cae657f3464b\nvshext.dll [2023-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-05-23 23:54 - 2024-05-23 23:54 - 003164160 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-02] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-06 23:24 - 2022-05-06 23:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1158046985-802832744-925710807-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 10.255.0.0 - 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSI Foundation Service => 2
MSCONFIG\Services: MSI_Center_Service => 2
MSCONFIG\Services: MSI_VoiceControl_Service => 2
MSCONFIG\Services: Mystic_Light_Service => 2
MSCONFIG\Services: NahimicService => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D8CD8E90-2331-4AAC-847B-5A9D0541A9AB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CAED8347-077F-461C-BCE2-B1E2CA1BB363}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{67623847-6806-41C4-9811-EB935B93E8B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{BD1BFE43-70A3-43BD-A15D-0E2838FAA0C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{77A3AF50-8349-413A-9853-2F65C6B48922}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{62F828D8-50A3-415C-9705-A0C25EAEF20E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{46FC69D3-FE3F-466F-848C-E55A1D7E3A8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{CD32A03B-E5E1-41F9-AEB1-CE18AE0C9D68}] => (Allow) C:\Program Files (x86)\BlueStacks X_msi5\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{3BB52BD6-8A96-4929-BB09-2D9E9752E208}] => (Allow) C:\Program Files (x86)\BlueStacks X_msi5\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{D6969961-C0A4-461E-BC1F-2B5BFFC868FD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA2BEC15-D9F2-47CD-9CC3-D7BF7863336C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99BA31FC-5EA9-42A2-8FA1-6BE526253330}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9B28ABD5-41C3-4F17-A027-D4636F77FF2C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F2A20032-43E7-4627-8E86-16C8610812C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DAFC0DAC-17E9-4F37-B71A-20A1F6163F3F}] => (Allow) LPort=32683
FirewallRules: [{573F9907-126C-482F-98EB-23B3F6DA0B65}] => (Allow) LPort=26822
FirewallRules: [{4C06310F-22F7-45E4-A89C-EF6F04D2A0E2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E2FE4270-51CF-4899-AAEF-25B49FADB9DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A4124EB4-186E-4270-8FD8-DC5711335D6F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A124808-D001-42AD-A5F0-7970A2C5D2C2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{44BEA77B-8C89-4EA6-9DF7-B88F8CDDDAD6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{94671006-3637-4479-A164-5AD1D285DE6F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C52399D6-3780-453E-A1F4-F3CD0DEEF6B7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:931.04 GB) (Free:852.19 GB) (92%)
 
==================== Faulty Device Manager Devices ============
 
Name: Nahimic mirroring device
Description: Nahimic mirroring device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Nahimic
Service: Nahimic_Mirroring
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/04/2024 05:41:00 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
Error: (07/03/2024 10:46:10 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: Explorer.EXE, version: 10.0.22621.3733, time stamp: 0xc47c2769
Faulting module name: shcore.dll, version: 10.0.22621.3733, time stamp: 0xfea019d5
Exception code: 0xc0000005
Fault offset: 0x000000000002e0a4
Faulting process id: 0x0x22a0
Faulting application start time: 0x0x1dacdab290d962c
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\System32\shcore.dll
Report Id: 8157ce39-214b-4504-866a-d40478ade617
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/03/2024 06:58:24 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program drvinst.exe version 10.0.22621.3672 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (07/03/2024 06:46:57 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: SystemSettings.exe, version: 10.0.22621.3672, time stamp: 0x052f4222
Faulting module name: ux-phui.dll, version: 4.0.383.0, time stamp: 0x66182c91
Exception code: 0xc0000005
Fault offset: 0x000000000000326d
Faulting process id: 0x0x3314
Faulting application start time: 0x0x1dacdabaac78de4
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ux-phui.dll
Report Id: 8ed797a4-8ba6-4c2b-a7cf-f8c5aedd23fd
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (07/03/2024 04:52:42 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: splwow64.exe, version: 10.0.22621.3672, time stamp: 0xb644d59d
Faulting module name: ntdll.dll, version: 10.0.22621.3733, time stamp: 0x67ca8829
Exception code: 0xc0000374
Fault offset: 0x000000000010c8f9
Faulting process id: 0x0x3658
Faulting application start time: 0x0x1dacd9b974b1b8f
Faulting application path: C:\Windows\splwow64.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 50818fa3-f441-483c-a767-5d66f50b17ef
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/03/2024 04:37:24 PM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x0xfe4
Faulting application start time: 0x0x1dacd9901c6399f
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 017b073c-c244-49f9-b126-7e238be85da2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/03/2024 01:59:30 AM) (Source: Application Error) (EventID: 1000) (User: MSI)
Description: Faulting application name: SystemSettings.exe, version: 10.0.22621.3672, time stamp: 0x052f4222
Faulting module name: ux-phui.dll, version: 4.0.383.0, time stamp: 0x66182c91
Exception code: 0xc0000005
Fault offset: 0x000000000000326d
Faulting process id: 0x0x1bc8
Faulting application start time: 0x0x1dacd1eed523d8c
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ux-phui.dll
Report Id: b8c65481-750c-425d-b0c4-7d72e27d3753
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (07/03/2024 01:02:44 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).
 
 
System errors:
=============
Error: (07/04/2024 09:02:14 AM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x0000019c (0x0000000000000050, 0xffffb68248e32080, 0x0000000000000000, 0x0000000000000000)C:\Windows\Minidump\070424-48718-01.dmp27806c59-504f-4067-966d-4707970cce2e
 
Error: (07/04/2024 09:01:28 AM) (Source: volmgr) (EventID: 162) (User: )
Description: Dump file generation succeded.
 
Error: (07/04/2024 09:02:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:40:52 AM on ‎7/‎4/‎2024 was unexpected.
 
Error: (07/04/2024 05:20:51 AM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x0000019c (0x0000000000000010, 0xffffa98e69868080, 0x0000000000000001, 0x0000000000000000)C:\Windows\Minidump\070424-48890-01.dmp5b7a7bf7-50df-409e-82af-e3b1b6593edf
 
Error: (07/04/2024 05:20:05 AM) (Source: volmgr) (EventID: 162) (User: )
Description: Dump file generation succeded.
 
Error: (07/04/2024 05:20:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:07:21 AM on ‎7/‎4/‎2024 was unexpected.
 
Error: (07/03/2024 10:08:24 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {ceeaae2e-1614-41d0-9182-cfebb969c561}, had event 74
 
Error: (07/03/2024 09:48:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
 
Windows Defender:
================
Date: 2024-07-03 01:11:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-03 00:15:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-07-02 22:46:45
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-06-29 01:51:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-06-29 01:43:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2024-07-04 09:14:55
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.2.6\symamsi.dll that did not meet the Windows signing level requirements. 
 
Date: 2024-07-04 09:13:32
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.2.6\symamsi.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends International, LLC. E17L5IMS.114 01/29/2024
Motherboard: Micro-Star International Co., Ltd. MS-17L5
Processor: 13th Gen Intel® Core™ i9-13900H
Percentage of memory in use: 49%
Total physical RAM: 16087.35 MB
Available physical RAM: 8087.57 MB
Total Virtual: 19031.35 MB
Available Virtual: 9050.62 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:931.04 GB) (Free:852.19 GB) (Model: NVMe WD PC SN560 SDDPNQE-1T00-1032) NTFS
 
\\?\Volume{d546ea9d-8f1c-4ab3-8faf-2c3fd20fdc50}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.28 GB) NTFS
\\?\Volume{82789c6c-7ce8-46d8-bb3a-6f1580717d9a}\ (BIOS_RVY) (Fixed) (Total:21.53 GB) (Free:0.69 GB) NTFS
\\?\Volume{43177c95-b8d1-49d3-9c24-82b8a5d43a0d}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 3C180FB2)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


BC AdBot (Login to Remove)

 

#2 gregg.greener

gregg.greener
  • Topic Starter

  • Avatar image
  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:02:55 AM

Posted Yesterday, 01:04 PM

No sure if this has any relevance, but my kids desktop that was on my home network was infected with multiple trojans Windows defender was able to quarantine some but not all.  I have taken that computer offline and will destroy the hard drive is it possible that my home network has something or someone malicious on it? 


#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted Yesterday, 02:44 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#4 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted Yesterday, 04:01 PM

Greetings.

There is no evidence of malicious software on your system. However, there are a few other issues we can take a look at.
  • What driver were you having problems with?
  • At some point did you have an external drive drive attached?
  • Did you intend to run Norton as your security program or was it simply that it was included with the computer when you purchased it?
Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
Zip: C:\Windows\Minidump
CustomCLSID: HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{DD49F9F5-1103-4AD1-9657-1D5856227307}\InprocServer32 -> C:\Users\gcgre\AppData\Local\Mozilla Firefox\notificationserver.dll => No File 
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File 
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_5] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui /instversion "22.23.5" (No File) 
Task: {8E0F270D-94BA-4B3C-BAFB-58F34EE44A97} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Task: {6D5FC19A-3BCA-4C32-B032-BAA3F35BC4B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent AFDF8DD2B82F8BB8 => C:\Users\gcgre\AppData\Local\Mozilla Firefox\default-browser-agent.exe  do-task "AFDF8DD2B82F8BB8" (No File) 
Task: {10799326-57C1-48FB-8EF3-26C55B0CE48A} - System32\Tasks\OneDC_Updater => C:\Users\gcgre\Documents\temp\OneDC_Updater\OneDC_Updater.exe  OneDragonCenter (No File) 
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 32683).OwningProcess
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder on the Desktop with today's date, example: 07.30.2023_13.24.50.zip. Please upload the file here.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Responses
  • Fixlog
  • Uploaded zip file

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 gregg.greener

gregg.greener
  • Topic Starter

  • Avatar image
  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:02:55 AM

Posted Yesterday, 05:09 PM

Hi there,

Yes the Norton came with the system, should i disable it and run the windows?  The hard drive attached is just a multi usb / HDMI  port.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by gcgre (04-07-2024 16:01:55) Run:1
Running from C:\Users\gcgre\OneDrive\Desktop
Loaded Profiles: gcgre
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Zip: C:\Windows\Minidump
CustomCLSID: HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{DD49F9F5-1103-4AD1-9657-1D5856227307}\InprocServer32 -> C:\Users\gcgre\AppData\Local\Mozilla Firefox\notificationserver.dll => No File 
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File 
HKU\S-1-5-18\...\Run: [Norton Download ManagerFORCE_UPGRADE_22_23_5] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui /instversion "22.23.5" (No File) 
Task: {8E0F270D-94BA-4B3C-BAFB-58F34EE44A97} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Task: {6D5FC19A-3BCA-4C32-B032-BAA3F35BC4B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent AFDF8DD2B82F8BB8 => C:\Users\gcgre\AppData\Local\Mozilla Firefox\default-browser-agent.exe  do-task "AFDF8DD2B82F8BB8" (No File) 
Task: {10799326-57C1-48FB-8EF3-26C55B0CE48A} - System32\Tasks\OneDC_Updater => C:\Users\gcgre\Documents\temp\OneDC_Updater\OneDC_Updater.exe  OneDragonCenter (No File) 
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 32683).OwningProcess
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
================== Zip: ===================
C:\Windows\Minidump -> copied successfully to C:\Users\gcgre\OneDrive\Desktop\04.07.2024_16.02.05.zip
=========== Zip: End ===========
HKU\S-1-5-21-1158046985-802832744-925710807-1001_Classes\CLSID\{DD49F9F5-1103-4AD1-9657-1D5856227307} => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Norton Download ManagerFORCE_UPGRADE_22_23_5" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E0F270D-94BA-4B3C-BAFB-58F34EE44A97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E0F270D-94BA-4B3C-BAFB-58F34EE44A97}" => removed successfully
C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D5FC19A-3BCA-4C32-B032-BAA3F35BC4B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D5FC19A-3BCA-4C32-B032-BAA3F35BC4B6}" => removed successfully
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent AFDF8DD2B82F8BB8 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent AFDF8DD2B82F8BB8" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10799326-57C1-48FB-8EF3-26C55B0CE48A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10799326-57C1-48FB-8EF3-26C55B0CE48A}" => removed successfully
C:\Windows\System32\Tasks\OneDC_Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDC_Updater" => removed successfully
 
========= Get-Process -Id (Get-NetTCPConnection -LocalPort 32683).OwningProcess =========
 
Get-NetTCPConnection : No MSFT_NetTCPConnection objects found with property 'LocalPort' equal to '32683'.  Verify the 
value of the property and retry.
At C:\FRST\tmp.ps1:1 char:18
+ Get-Process -Id (Get-NetTCPConnection -LocalPort 32683).OwningProcess
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (32683:UInt16) [Get-NetTCPConnection], CimJobException
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_LocalPort,Get-NetTCPConnection
 
Get-Process : Cannot bind argument to parameter 'Id' because it is null.
At C:\FRST\tmp.ps1:1 char:17
+ Get-Process -Id (Get-NetTCPConnection -LocalPort 32683).OwningProcess
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-Process], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.GetProcessC 
   ommand
 
 
========= End of Powershell: =========
 
 
========= Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess =========
 
Get-NetTCPConnection : No MSFT_NetTCPConnection objects found with property 'LocalPort' equal to '26822'.  Verify the 
value of the property and retry.
At C:\FRST\tmp.ps1:1 char:18
+ Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess
+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (26822:UInt16) [Get-NetTCPConnection], CimJobException
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_LocalPort,Get-NetTCPConnection
 
Get-Process : Cannot bind argument to parameter 'Id' because it is null.
At C:\FRST\tmp.ps1:1 char:17
+ Get-Process -Id (Get-NetTCPConnection -LocalPort 26822).OwningProcess
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-Process], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.GetProcessC 
   ommand
 
 
========= End of Powershell: =========
 
 
========= sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
 
Image Version: 10.0.22631.3810
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 16:03:21 ====

#6 gregg.greener

gregg.greener
  • Topic Starter

  • Avatar image
  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:02:55 AM

Posted Yesterday, 05:16 PM

Is it possible to have event logs dated before i purchased the computer?  The driver I was having problems with was Nahimic3, that is how I discovered all the security logs dated a year ago.  

 

thank you for taking the time to look at this!


#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 58,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted Yesterday, 06:50 PM

Greetings.

You are most welcome. 

C:\Windows\Minidump -> copied successfully to C:\Users\gcgre\OneDrive\Desktop\04.07.2024_16.02.05.zip
The tool will create a zipped folder on the Desktop with today's date, example: 07.30.2023_13.24.50.zip. Please upload the file here

Would it be possible for you to upload the zip file?

I have not heard of that kind of backdating but I would like to look at it.

I would prefer to uninstall Norton for now. You can reinstall it later if you wish.

Please do this.

===================================================

FullEventLogView by Nirsoft

--------------------
  • Download FullEventLogView by Nirsoft and save it to your Desktop
  • Right click on the folder, select Extract All... and extract the folder onto your Desktop
  • Open the fulleventlogview-x64 folder, right click on FullEventLogView (Application), then select Run as administrator
  • Monitor the lower left hand corner of the screen until the Loading... no longer appears and an item(s) total is listed
  • Click Edit, then Select All
  • Click File, then Save Selected Items
  • Save the file onto your Desktop as NirsoftEV.txt
  • Please zip and upload the file here
===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------
  • Download Revo Uninstaller Free Portable and save it to your Desktop
  • Right click on the folder and select Extract All..., then click Extract
  • Double click on the RevoUninstaller-Portable folder
  • Right click on RevoUPort and select Run as administrator
  • Click OK on the License Agreement
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
 Norton 360 for Gamers
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Farbar Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: Norton;Symantec
  • Click Search Files
  • When completed click OK and a Search.txt document will open on your desktop
  • Zip and upload the file here
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
CloseProcesses:
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
StartPowershell:
Set-MpPreference -OnAccessProtectionEnabled $True
Set-MpPreference -RealTimeProtectionEnabled $True
Set-MpPreference -AMRunningMode $Normal
Get-MpPreference
EndPowershell:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • A SystemSummary file will be created on your Desktop. Please zip and upload the file here.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Uploaded Minidump zip file
  • Nirsoft report
  • Norton uninstalled?
  • Search.txt
  • Fixlog
  • Uploaded SystemSummary report

Edited by Oh My!, Yesterday, 06:53 PM.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#8 gregg.greener

gregg.greener
  • Topic Starter

  • Avatar image
  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:02:55 AM

Posted Yesterday, 10:10 PM

Hi Gary,

 

I the files have been zipped and sent to the link you provided.  The Nirsoft dump was interesting the guest account was enabled by an administrator for insecure logons, and before I updated anything there was multiple remote login requests,

Is that normal? 

Also Norton stalled out while unstalling for over a hour, there is still some files....

 

Again Thank you for taking all this time to assist me, much appreciated.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.07.2024
Ran by gcgre (04-07-2024 20:32:56) Run:2
Running from C:\Users\gcgre\OneDrive\Desktop
Loaded Profiles: gcgre
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CloseProcesses:
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
StartPowershell:
Set-MpPreference -OnAccessProtectionEnabled $True
Set-MpPreference -RealTimeProtectionEnabled $True
Set-MpPreference -AMRunningMode $Normal
Get-MpPreference
EndPowershell:
End::
*****************
 
Processes closed successfully.
 
========= msinfo32 /nfo SystemSummary.nfo /categories +systemsummary =========
 
0
 
========= End of CMD: =========
 
 
========= Powershell: =========
 
 
 
AllowDatagramProcessingOnWinServer                    : False
AllowNetworkProtectionDownLevel                       : False
AllowNetworkProtectionOnWinServer                     : False
AllowSwitchToAsyncInspection                          : False
ApplyDisableNetworkScanningToIOAV                     : False
AttackSurfaceReductionOnlyExclusions                  : 
AttackSurfaceReductionRules_Actions                   : 
AttackSurfaceReductionRules_Ids                       : 
AttackSurfaceReductionRules_RuleSpecificExclusions    : 
AttackSurfaceReductionRules_RuleSpecificExclusions_Id : 
BruteForceProtectionAggressiveness                    : 0
BruteForceProtectionConfiguredState                   : 0
BruteForceProtectionExclusions                        : 
BruteForceProtectionLocalNetworkBlocking              : False
BruteForceProtectionMaxBlockTime                      : 0
BruteForceProtectionSkipLearningPeriod                : False
CheckForSignaturesBeforeRunningScan                   : False
CloudBlockLevel                                       : 0
CloudExtendedTimeout                                  : 0
ComputerID                                            : 9FD965AB-E73E-474A-9D3E-1F3EEAFF73D7
ControlledFolderAccessAllowedApplications             : 
ControlledFolderAccessProtectedFolders                : 
DefinitionUpdatesChannel                              : 0
DisableArchiveScanning                                : False
DisableAutoExclusions                                 : False
DisableBehaviorMonitoring                             : False
DisableBlockAtFirstSeen                               : False
DisableCacheMaintenance                               : False
DisableCatchupFullScan                                : True
DisableCatchupQuickScan                               : True
DisableCoreServiceECSIntegration                      : False
DisableCoreServiceTelemetry                           : False
DisableCpuThrottleOnIdleScans                         : True
DisableDatagramProcessing                             : False
DisableDnsOverTcpParsing                              : False
DisableDnsParsing                                     : False
DisableEmailScanning                                  : True
DisableFtpParsing                                     : False
DisableGradualRelease                                 : False
DisableHttpParsing                                    : False
DisableInboundConnectionFiltering                     : False
DisableIOAVProtection                                 : False
DisableNetworkProtectionPerfTelemetry                 : False
DisablePrivacyMode                                    : False
DisableQuicParsing                                    : False
DisableRdpParsing                                     : False
DisableRealtimeMonitoring                             : False
DisableRemovableDriveScanning                         : True
DisableRestorePoint                                   : True
DisableScanningMappedNetworkDrivesForFullScan         : True
DisableScanningNetworkFiles                           : False
DisableScriptScanning                                 : False
DisableSmtpParsing                                    : False
DisableSshParsing                                     : False
DisableTamperProtection                               : False
DisableTlsParsing                                     : False
EnableControlledFolderAccess                          : 0
EnableConvertWarnToBlock                              : False
EnableDnsSinkhole                                     : True
EnableEcsConfiguration                                : False
EnableFileHashComputation                             : False
EnableFullScanOnBatteryPower                          : False
EnableLowCpuPriority                                  : False
EnableNetworkProtection                               : 0
EnableUdpReceiveOffload                               : False
EnableUdpSegmentationOffload                          : False
EngineUpdatesChannel                                  : 0
ExclusionExtension                                    : 
ExclusionIpAddress                                    : 
ExclusionPath                                         : 
ExclusionProcess                                      : 
ForceUseProxyOnly                                     : False
HideExclusionsFromLocalUsers                          : True
HighThreatDefaultAction                               : 0
IntelTDTEnabled                                       : 
LowThreatDefaultAction                                : 0
MAPSReporting                                         : 2
MeteredConnectionUpdates                              : False
ModerateThreatDefaultAction                           : 0
NetworkProtectionReputationMode                       : 0
OobeEnableRtpAndSigUpdate                             : False
PerformanceModeStatus                                 : 1
PlatformUpdatesChannel                                : 0
ProxyBypass                                           : 
ProxyPacUrl                                           : 
ProxyServer                                           : 
PUAProtection                                         : 1
QuarantinePurgeItemsAfterDelay                        : 90
QuickScanIncludeExclusions                            : 0
RandomizeScheduleTaskTimes                            : True
RealTimeScanDirection                                 : 0
RemediationScheduleDay                                : 0
RemediationScheduleTime                               : 02:00:00
RemoteEncryptionProtectionAggressiveness              : 0
RemoteEncryptionProtectionConfiguredState             : 0
RemoteEncryptionProtectionExclusions                  : 
RemoteEncryptionProtectionMaxBlockTime                : 0
RemoveScanningThreadPoolCap                           : False
ReportDynamicSignatureDroppedEvent                    : False
ReportingAdditionalActionTimeOut                      : 10080
ReportingCriticalFailureTimeOut                       : 10080
ReportingNonCriticalTimeOut                           : 1440
ScanAvgCPULoadFactor                                  : 50
ScanOnlyIfIdleEnabled                                 : True
ScanParameters                                        : 1
ScanPurgeItemsAfterDelay                              : 15
ScanScheduleDay                                       : 0
ScanScheduleOffset                                    : 120
ScanScheduleQuickScanTime                             : 00:00:00
ScanScheduleTime                                      : 02:00:00
SchedulerRandomizationTime                            : 4
ServiceHealthReportInterval                           : 60
SevereThreatDefaultAction                             : 0
SharedSignaturesPath                                  : 
SharedSignaturesPathUpdateAtScheduledTimeOnly         : False
SignatureAuGracePeriod                                : 0
SignatureBlobFileSharesSources                        : 
SignatureBlobUpdateInterval                           : 60
SignatureDefinitionUpdateFileSharesSources            : 
SignatureDisableUpdateOnStartupWithoutEngine          : False
SignatureFallbackOrder                                : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod                           : 120
SignatureScheduleDay                                  : 8
SignatureScheduleTime                                 : 01:45:00
SignatureUpdateCatchupInterval                        : 1
SignatureUpdateInterval                               : 0
SubmitSamplesConsent                                  : 1
ThreatIDDefaultAction_Actions                         : 
ThreatIDDefaultAction_Ids                             : 
ThrottleForScheduledScanOnly                          : True
TrustLabelProtectionStatus                            : 0
UILockdown                                            : False
UnknownThreatDefaultAction                            : 0
PSComputerName                                        : 
 
 
 
 
========= End of Powershell: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:33:57 ====

#9 gregg.greener

gregg.greener
  • Topic Starter

  • Avatar image
  • Members
  • 18 posts
  • OFFLINE
    •  
  • Local time:02:55 AM

Posted Yesterday, 10:18 PM

Is it normal to be running from from the one drive? IE Running from "C:\Users\gcgre\OneDrive\Desktop" I dont really use it so is it safe to delete?


Back to Virus, Trojan, Spyware, and Malware Removal Help


4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·