Reply to thread

Message: <blockquote data-quote="icotonev" data-source="post: 1117908" data-attributes="member: 60030">Good morning ..! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile    :)" loading="lazy" data-shortname=":)" />The diary is again ..: [SPOILER]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2025Ran by twin9 (ATTENTION: The user is not administrator) on BC-HP_ENVY_DESK (HP HP ENVY TE01-3xxx) (19-02-2025 12:56:40)Running from C:\Users\twin9\OneDrive\Desktop\FRST64.exeLoaded Profiles: twin9 & BICPlatform: Microsoft Windows 11 Home Version 24H2 26100.3194 (X64) Language: English (United States)Default browser: FFBoot Mode: Normal==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>(C:\Program Files (x86)\Garmin\Express\express.exe ->) (The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>(C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe <3>(C:\Users\twin9\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\twin9\AppData\Local\Programs\Opera\116.0.5366.127\opera_crashreporter.exe(explorer.exe ->) (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <31>(explorer.exe ->) (HP Inc. -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\twin9\AppData\Local\Programs\Opera\opera.exe <92>(HP Inc. -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\BridgeCommunication.exe(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.010.0119.0002\FileCoAuth.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.27703.1006.0_x64__8wekyb3d8bbwe\SecHealthUI.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\10.0.27703.1006-0\SecurityHealthHost.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2502.5002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25011.11.0_x64__cw5n1h2txyewy\CrossDeviceService.exe(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exeFailed to access process -> AggregatorHost.exeFailed to access process -> AppHelperCap.exeFailed to access process -> armsvc.exeFailed to access process -> csrss.exeFailed to access process -> csrss.exeFailed to access process -> dasHost.exeFailed to access process -> DiagsCap.exeFailed to access process -> dwm.exeFailed to access process -> fontdrvhost.exeFailed to access process -> fontdrvhost.exeFailed to access process -> IntuitUpdateService.exeFailed to access process -> jhi_service.exeFailed to access process -> LsaIso.exeFailed to access process -> lsass.exeFailed to access process -> MBAMService.exeFailed to access process -> MpDefenderCoreService.exeFailed to access process -> MsMpEng.exeFailed to access process -> NetworkCap.exeFailed to access process -> NgcIso.exeFailed to access process -> NisSrv.exeFailed to access process -> NVDisplay.Container.exeFailed to access process -> NVDisplay.Container.exeFailed to access process -> OfficeClickToRun.exeFailed to access process -> RstMwService.exeFailed to access process -> RtkAudUService64.exeFailed to access process -> RtkBtManServ.exeFailed to access process -> SchedulesMonitor.exeFailed to access process -> SearchFilterHost.exeFailed to access process -> SearchIndexer.exeFailed to access process -> SECOMN64.exeFailed to access process -> SecurityHealthService.exeFailed to access process -> services.exeFailed to access process -> smss.exeFailed to access process -> spoolsv.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> SysInfoCap.exeFailed to access process -> TouchpointAnalyticsClientService.exeFailed to access process -> unsecapp.exeFailed to access process -> wininit.exeFailed to access process -> winlogon.exeFailed to access process -> WmiPrvSE.exeFailed to access process -> WMIRegistrationService.exeFailed to access process -> XtuService.exe==================== Registry (Whitelisted) ===================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [612304 2019-11-18] (NIKON CORPORATION -> Nikon Corporation)HKLM\...\RunOnce: [TzSyncRunOnce] => C:\Windows\System32\tzsync.exe [210944 2025-02-14] (Microsoft Windows -> Microsoft Corporation)HKLM\...\RunOnce: [DEL_ST_CPL] => CMD /C del "C:\WINDOWS\TEMP\ST_CPL.pkg.XML" /F (No File) <==== ATTENTIONHKU\S-1-5-21-1164435273-2498218214-147930515-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5007376 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)HKU\S-1-5-21-1164435273-2498218214-147930515-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3494560 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)HKU\S-1-5-21-1164435273-2498218214-147930515-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31354648 2024-06-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)HKLM\...\Print\Monitors\HP 7212 Status Monitor: C:\WINDOWS\system32\hpinksts7212LM.dll [336904 2014-06-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 6830): C:\WINDOWS\system32\HPDiscoPM7212.dll [764576 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [38824 2021-06-12] (PlotSoft LLC -> Windows (R) Codename Longhorn DDK provider)HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.99\Installer\chrmstp.exe [2025-02-19] (Google LLC -> Google LLC)==================== Scheduled Tasks (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{b26e3d7a-b7be-4e1c-b9b5-173e9fa2a891}: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{b26e3d7a-b7be-4e1c-b9b5-173e9fa2a891}: [DhcpDomain] attlocal.netTcpip\..\Interfaces\{bc5d1807-7475-4c20-8c2b-16c91475a6ca}: [DhcpNameServer] 192.168.1.254Edge: =======Edge DefaultProfile: DefaultEdge Profile: C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-19]Edge Session Restore: Default -> is enabled.Edge Extension: (LastPass: Free Password Manager) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2025-02-19]Edge Extension: (The Camelizer) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bpggaanjmbjoahhknlajnhdhkljekpbg [2024-03-18]Edge Extension: (Browsing Protection by F-Secure) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cpikpibllpjmpnchjajlibnmmomnnhnm [2025-02-19]Edge Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcbmiimfkmkkkffjlopcpdlgclncnknm [2025-02-19]Edge Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2025-02-19]Edge Extension: (McAfee® WebAdvisor) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2025-02-19]Edge Extension: (Google Docs Offline) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-07]Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2025-02-19]Edge Extension: (Edge relevant text changes) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-18]Edge Extension: (Browsing Protection by F-Secure) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2025-02-19]Edge Extension: (Capital One Shopping: Save Now) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2025-02-07]Edge Extension: (McAfee® Web Boost) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lamehkegphbbfdailghaeeleoajilfho [2024-03-18]Edge Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2025-02-19]Edge Extension: (IE Tab) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npjkkakdacjaihjaoeliacmecofghagh [2024-11-17]Edge Extension: (PureVPN Proxy - Best VPN for Edge) - C:\Users\twin9\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pmekdamgipmmgecfoogolgafcdfigoec [2024-03-18]FireFox:========FF DefaultProfile: 5ghekfh6.defaultFF ProfilePath: C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\5ghekfh6.default [2024-03-18]FF ProfilePath: C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\xn56v5jb.default-release [2025-02-19]FF Session Restore: Mozilla\Firefox\Profiles\xn56v5jb.default-release -> is enabled.FF Notifications: Mozilla\Firefox\Profiles\xn56v5jb.default-release -> hxxps://teslamotorsclub.comFF Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\xn56v5jb.default-release\Extensions\<a href="mailto:firefox@ghostery.com.xpi">firefox@ghostery.com.xpi</a> [2024-12-02]FF Extension: (LastPass) - C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\xn56v5jb.default-release\Extensions\<a href="mailto:support@lastpass.com.xpi">support@lastpass.com.xpi</a> [2025-01-21]FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\twin9\AppData\Roaming\Mozilla\Firefox\Profiles\xn56v5jb.default-release\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2024-03-20]FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-15] (Microsoft Corporation -> Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-01-29] (Adobe Inc. -> Adobe Systems Inc.)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-15] (Microsoft Corporation -> Microsoft Corporation)Chrome: =======CHR Profile: C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default [2025-02-19]CHR HomePage: Default -> hxxps://us-mg5.mail.yahoo.com/neo/launch?.rand=17l3si397sm4pCHR StartupUrls: Default -> "hxxp://us.yahoo.com/?fr=fpc-comodo&tag=cs_hp"CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}CHR DefaultSearchKeyword: Default -> duckduckgo.comCHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtabCHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=listCHR Session Restore: Default -> is enabled.CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-02-16]CHR Extension: (Google Docs Offline) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-12]CHR Extension: (The Camelizer) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2024-06-14]CHR Extension: (LastPass: Free Password Manager) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2025-02-19]CHR Extension: (IE Tab) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2024-10-28]CHR Extension: (Browsing Protection by F-Secure) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2025-02-19]CHR Extension: (McAfee® Web Boost) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekeajafkkpokaofllcadenjdckhinm [2024-09-17]CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2025-02-12]CHR Extension: (Ghostery Tracker & Ad Blocker - Privacy AdBlock) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2025-02-19]CHR Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2025-02-19]CHR Extension: (Capital One Shopping: Save Now) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2025-02-12]CHR Extension: (Chrome Web Store Payments) - C:\Users\twin9\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-18]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]Opera: =======OPR DefaultProfile: Default==================== Services (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-19] (Adobe Inc. -> Adobe Inc.)R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13617384 2025-02-08] (Microsoft Corporation -> Microsoft Corporation)S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.010.0119.0002\FileSyncHelper.exe [3532832 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\AppHelperCap.exe [888416 2025-01-10] (HP Inc. -> HP Inc.)R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\DiagsCap.exe [887392 2025-01-10] (HP Inc. -> HP Inc.)R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe [883808 2025-01-10] (HP Inc. -> HP Inc.)R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\SysInfoCap.exe [887904 2025-01-10] (HP Inc. -> HP Inc.)R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-08] (HP Inc. -> HP Inc.)S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)R2 IntuitUpdateServiceV5; C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe [19320 2023-09-15] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed]R3 lmhosts; C:\WINDOWS\System32\svchost.exe [88152 2025-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [53296 2024-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2024-12-19] (Malwarebytes Inc. -> Malwarebytes)S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-11] (Malwarebytes Inc. -> Malwarebytes)R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)S3 NlaSvc; C:\WINDOWS\System32\svchost.exe [88152 2025-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)S3 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [53296 2024-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)R2 nsi; C:\WINDOWS\system32\svchost.exe [88152 2025-02-14] (Microsoft Windows Publisher -> Microsoft Corporation)R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [53296 2024-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_42a8f84195a93e6e\Display.NvContainer\NVDisplay.Container.exe [1275544 2024-10-24] (NVIDIA Corporation -> NVIDIA Corporation)S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.010.0119.0002\OneDriveUpdaterService.exe [3879440 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)R2 SyncBackFreeSchedulesMonitor; C:\Program Files (x86)\2BrightSparks\SyncBackFree\SchedulesMonitor.exe [3448560 2024-07-01] (2BrightSparks Pte. Ltd. -> 2BrightSparks Pte Ltd)R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-31] (Microsoft Windows Publisher -> Microsoft Corporation)===================== Drivers (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 edwntdrv; C:\WINDOWS\system32\edwntdrv.sys [27728 2023-04-07] (Microsoft Windows Hardware Compatibility Publisher -> )R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1617096 2024-05-06] (Intel Corporation -> Intel Corporation)R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-10] (Intel Corporation -> Intel Corporation)R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [232024 2025-02-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)R3 MpKsl87de0ed2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DF738F0-8CED-41DD-B4F5-66EE68568C37}\MpKslDrv.sys [267552 2025-02-19] (Microsoft Windows -> Microsoft Corporation)S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-10-31] (Microsoft Windows -> Microsoft Corporation)R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-31] (Microsoft Windows -> Microsoft Corporation)R0 WinSetupMon; C:\WINDOWS\System32\DRIVERS\WinSetupMon.sys [169408 2025-02-08] (Microsoft Windows -> Microsoft Corporation)R3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_1f9e32519098c0b6\WSDPrint.sys [57344 2025-02-14] (Microsoft Windows -> Microsoft Corporation)R3 WSDScan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_971c769b103df369\WSDScan.sys [61440 2025-02-14] (Microsoft Windows -> Microsoft Corporation)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One month (created) (Whitelisted) =========(If an entry is included in the fixlist, the file/folder will be moved.)2025-02-19 12:56 - 2025-02-19 12:56 - 000025910 _____ C:\Users\twin9\OneDrive\Desktop\FRST.txt2025-02-19 12:52 - 2025-02-19 12:52 - 000031276 _____ C:\Users\twin9\OneDrive\Desktop\Addition-2.txt2025-02-19 12:52 - 2025-02-19 12:52 - 000000197 _____ C:\Users\twin9\OneDrive\Desktop\FRST-2.txt2025-02-19 12:07 - 2025-02-19 12:07 - 000051391 _____ C:\Users\twin9\Downloads\FRST.txt2025-02-19 12:00 - 2025-02-19 12:01 - 000031662 _____ C:\Users\twin9\OneDrive\Desktop\Addition-1.txt2025-02-19 11:59 - 2025-02-19 12:56 - 000000000 ____D C:\FRST2025-02-19 11:59 - 2025-02-19 12:52 - 000058312 _____ C:\Users\twin9\OneDrive\Desktop\FRST-1.txt2025-02-19 11:57 - 2025-02-19 11:57 - 002403840 _____ (Farbar) C:\Users\twin9\OneDrive\Desktop\FRST64.exe2025-02-16 09:21 - 2025-02-16 09:21 - 000000000 ____D C:\Program Files\Common Files\DESIGNER2025-02-14 16:14 - 2025-02-14 16:14 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware2025-02-14 13:55 - 2025-02-14 12:00 - 000000000 ____D C:\Windows.old2025-02-14 13:54 - 2025-02-14 13:54 - 000000000 ____D C:\WINDOWS\ServiceProfiles2025-02-14 13:53 - 2025-02-14 13:53 - 000000000 ____D C:\WINDOWS\InboxApps2025-02-14 13:51 - 2025-02-14 13:51 - 000027617 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json2025-02-14 13:51 - 2025-02-14 13:51 - 000027617 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json2025-02-14 13:51 - 2025-02-14 13:51 - 000005264 _____ C:\WINDOWS\system32\ecoscore_config.json2025-02-14 13:51 - 2025-02-14 13:51 - 000000998 _____ C:\WINDOWS\system32\DeviceFeatureDDF.json2025-02-14 13:50 - 2025-02-14 13:50 - 000000000 ____D C:\Program Files\Reference Assemblies2025-02-14 13:50 - 2025-02-14 13:50 - 000000000 ____D C:\Program Files\MSBuild2025-02-14 13:50 - 2025-02-14 13:50 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies2025-02-14 13:50 - 2025-02-14 13:50 - 000000000 ____D C:\Program Files (x86)\MSBuild2025-02-14 12:03 - 2025-02-19 10:31 - 000836658 _____ C:\WINDOWS\system32\PerfStringBackup.INI2025-02-14 12:02 - 2025-02-14 12:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive2025-02-14 12:00 - 2025-02-19 10:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT2025-02-14 12:00 - 2025-02-14 12:00 - 000000020 ___SH C:\Users\twin9\ntuser.ini2025-02-14 11:59 - 2025-02-14 11:59 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\SystemCertificates2025-02-14 11:59 - 2025-02-14 11:59 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Network2025-02-14 11:59 - 2025-02-14 11:59 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Crypto2025-02-14 11:59 - 2025-02-14 11:59 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network2025-02-14 11:58 - 2025-02-19 10:27 - 000000438 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B22025-02-14 11:56 - 2025-02-19 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy2025-02-14 11:56 - 2025-02-14 14:13 - 000000000 ____D C:\Users\BIC2025-02-14 11:56 - 2025-02-14 12:01 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Windows2025-02-14 11:56 - 2025-02-14 12:00 - 000000000 ____D C:\Users\twin92025-02-14 11:56 - 2025-02-14 11:59 - 000000000 ____D C:\Users\DAP2025-02-14 11:56 - 2025-02-14 11:57 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Spelling2025-02-14 11:56 - 2025-02-14 11:56 - 000509040 _____ C:\WINDOWS\system32\FNTCACHE.DAT2025-02-14 09:43 - 2025-02-14 09:43 - 000226138 _____ C:\Users\twin9\Downloads\Eyeglass Prescription 2024-09-27.pdf2025-02-14 09:41 - 2025-02-14 09:41 - 000234788 _____ C:\Users\twin9\Downloads\Eyeglass & Contact Prescription 2024-09-27.pdf2025-02-13 16:45 - 2025-02-14 12:00 - 000000000 ___DC C:\WINDOWS\Panther2025-02-06 18:13 - 2025-02-19 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox2025-02-03 08:02 - 2025-02-03 08:02 - 017775608 _____ C:\Users\twin9\Downloads\VA_IMG_CONTESS_SPINE_LUMBOSACRAL_MIN_2_VIEWS_14JAN2025.zip2025-01-31 11:27 - 2025-01-31 11:27 - 068195981 _____ C:\Users\twin9\Downloads\VA_IMG_CONTESS_MRI_LUMBAR_SPINE_W_O_CONT_21JAN2025.zip2025-01-28 12:02 - 2025-01-28 12:02 - 000036743 _____ C:\Users\twin9\Downloads\VA-labs-and-tests-details-BRUCE-CONTESS-1-28-2025_120238pm.pdf2025-01-27 14:19 - 2025-01-27 14:19 - 000030808 _____ C:\Users\twin9\Downloads\Form1099R.pdf2025-01-24 17:12 - 2025-01-24 17:12 - 000099004 _____ C:\Users\twin9\Downloads\2024 Collection and Holiday calendar-1.pdf2025-01-24 12:18 - 2025-01-24 12:18 - 000242950 _____ C:\Users\twin9\Downloads\Schwab 1099-R Inherit IRA.pdf2025-01-24 12:17 - 2025-01-24 12:17 - 000242846 _____ C:\Users\twin9\Downloads\Schwab 1099-R Rollover.pdf2025-01-24 12:15 - 2025-01-24 12:15 - 002630145 _____ C:\Users\twin9\Downloads\Schwab Acct 858 Verification.pdf2025-01-24 10:38 - 2025-01-24 10:38 - 003455597 _____ C:\Users\twin9\Downloads\F-14 Tomcat Tales.pdf2025-01-23 10:29 - 2025-01-23 10:29 - 000121089 _____ C:\Users\twin9\Downloads\Online Transfers _ Charles Schwab to CACU.pdf2025-01-22 17:06 - 2025-01-22 17:06 - 000104690 _____ C:\Users\twin9\Downloads\Connected Home Enrollment Details _ USAA.pdf==================== One month (modified) ==================(If an entry is included in the fixlist, the file/folder will be moved.)2025-02-19 12:52 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\AppReadiness2025-02-19 12:51 - 2024-04-01 01:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2025-02-19 12:49 - 2024-03-17 19:37 - 000000000 ____D C:\Users\twin9\AppData\Local\D3DSCache2025-02-19 12:43 - 2024-05-29 12:42 - 000000000 ____D C:\Users\twin9\AppData\Local\Malwarebytes2025-02-19 12:42 - 2024-04-01 01:24 - 000000000 ____D C:\WINDOWS\INF2025-02-19 12:28 - 2024-04-01 01:21 - 000000000 ____D C:\WINDOWS\CbsTemp2025-02-19 12:21 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemTemp2025-02-19 11:34 - 2024-03-17 20:16 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Word2025-02-19 10:34 - 2024-04-01 01:26 - 000000000 ___HD C:\Program Files\WindowsApps2025-02-19 10:28 - 2024-03-17 19:55 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2025-02-19 10:27 - 2024-03-17 19:51 - 000000000 ____D C:\ProgramData\NVIDIA2025-02-19 10:27 - 2024-03-17 18:21 - 000012288 ___SH C:\DumpStack.log.tmp2025-02-18 16:44 - 2024-08-16 21:13 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\MMC2025-02-18 15:32 - 2024-03-17 20:29 - 000000000 ____D C:\WINDOWS\Firmware2025-02-16 12:00 - 2024-03-17 20:15 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Excel2025-02-16 09:21 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\appcompat2025-02-16 09:21 - 2024-04-01 01:26 - 000000000 ____D C:\Program Files\Common Files\microsoft shared2025-02-16 09:21 - 2024-03-17 20:04 - 000000000 ____D C:\Program Files\Microsoft Office2025-02-16 09:13 - 2024-03-17 18:21 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk2025-02-14 13:55 - 2024-07-30 13:29 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin2025-02-14 13:55 - 2024-07-30 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill2025-02-14 13:55 - 2024-07-06 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin2025-02-14 13:55 - 2024-06-04 12:12 - 000000000 ____D C:\WINDOWS\system32\%userprofile%2025-02-14 13:55 - 2024-05-29 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 22025-02-14 13:55 - 2024-05-29 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NX Studio2025-02-14 13:55 - 2024-05-29 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer 22025-02-14 13:55 - 2024-05-29 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon2025-02-14 13:55 - 2024-05-25 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2025-02-14 13:55 - 2024-04-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder2025-02-14 13:55 - 2024-04-01 01:29 - 000000000 ____D C:\WINDOWS\Setup2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\spool2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\oobe2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\NDF2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\AppLocker2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ServiceState2025-02-14 13:55 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports2025-02-14 13:55 - 2024-03-20 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS BitWiper2025-02-14 13:55 - 2024-03-17 20:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools2025-02-14 13:55 - 2022-05-07 00:10 - 000000000 ____D C:\WINDOWS\system32\Hydrogen2025-02-14 13:55 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs2025-02-14 13:55 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated2025-02-14 13:55 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc2025-02-14 13:54 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\schemas2025-02-14 13:54 - 2024-03-18 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP2025-02-14 13:54 - 2022-05-06 23:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs2025-02-14 13:54 - 2022-05-06 23:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform2025-02-14 13:53 - 2024-04-01 02:09 - 000000000 ____D C:\Program Files\Windows Photo Viewer2025-02-14 13:53 - 2024-04-01 02:09 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer2025-02-14 13:53 - 2024-04-01 02:08 - 000000000 ____D C:\WINDOWS\system32\OpenSSH2025-02-14 13:53 - 2024-04-01 02:08 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F122025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\system32\UNP2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ___SD C:\WINDOWS\system32\F122025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\WUModels2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\UUS2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-plocm2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-ploc2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemResources2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\SystemApps2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\vi-VN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ur-PK2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ug-CN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\tt-RU2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\te-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ta-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Sysprep2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\sq-AL2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\setup2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\quz-PE2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\qps-plocm2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\qps-ploc2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\pa-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\or-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\nn-NO2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ne-NP2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\mt-MT2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\mr-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ml-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\mk-MK2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\mi-NZ2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\migwiz2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\lv-LV2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\lt-LT2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\lo-LA2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\lb-LU2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\kok-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\kn-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\km-KH2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\kk-KZ2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ka-GE2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\is-IS2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\id-ID2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\hy-AM2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\hi-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\gu-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\gl-ES2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\gd-GB2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ga-IE2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\fil-PH2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\fa-IR2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\eu-ES2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\et-EE2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\es-MX2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Dism2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\DDFs2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\cy-GB2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Com2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\ca-ES2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\bn-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\be-BY2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\as-IN2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\appraiser2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\am-ET2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\af-ZA2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ShellExperiences2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\ShellComponents2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\Provisioning2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\IME2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\BrowserCore2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\bcastdvr2025-02-14 13:53 - 2024-04-01 01:26 - 000000000 ____D C:\Program Files\Common Files\System2025-02-14 13:53 - 2024-04-01 01:21 - 000000000 ____D C:\WINDOWS\servicing2025-02-14 13:52 - 2024-04-01 02:09 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll2025-02-14 13:52 - 2024-04-01 02:09 - 000028898 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml2025-02-14 13:52 - 2024-04-01 01:26 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll2025-02-14 13:52 - 2024-04-01 01:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll2025-02-14 13:51 - 2024-04-01 01:22 - 000063064 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcLpioDMA.dll2025-02-14 13:51 - 2024-04-01 01:22 - 000062952 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcPseDMA.dll2025-02-14 13:51 - 2024-04-01 01:22 - 000062944 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtPL080.dll2025-02-14 12:17 - 2024-04-01 01:26 - 000000000 ____D C:\ProgramData\USOPrivate2025-02-14 12:17 - 2024-03-17 19:37 - 000000000 ____D C:\Users\twin9\AppData\Local\Packages2025-02-14 12:17 - 2024-03-17 18:22 - 000000000 ____D C:\ProgramData\Packages2025-02-14 12:00 - 2024-04-01 01:26 - 000000000 ___RD C:\Program Files\Windows Defender2025-02-14 12:00 - 2024-03-17 19:37 - 000000000 __RHD C:\Users\Public\AccountPictures2025-02-14 11:59 - 2024-03-17 19:38 - 000000000 ___RD C:\Users\twin9\OneDrive2025-02-14 11:58 - 2024-04-01 01:26 - 000000000 __RHD C:\Users\Public\Libraries2025-02-14 11:58 - 2024-04-01 01:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel2025-02-14 11:57 - 2024-11-17 11:06 - 000000000 ____D C:\Users\Default\AppData\Local\Packages2025-02-14 11:57 - 2024-06-02 10:53 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon2025-02-14 11:57 - 2024-04-01 01:26 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows2025-02-14 11:56 - 2024-04-01 01:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData2025-02-14 11:56 - 2024-03-17 19:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation2025-02-14 09:42 - 2024-03-31 21:09 - 000000000 ____D C:\Users\twin9\Downloads\FireShot2025-02-13 19:12 - 2024-03-19 07:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive2025-02-13 19:12 - 2024-03-17 20:09 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2025-02-13 16:00 - 2024-03-18 21:12 - 000001386 _____ C:\Users\twin9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk2025-02-12 19:31 - 2024-03-17 20:15 - 000000000 ____D C:\Users\twin9\AppData\Roaming\Microsoft\Office2025-02-12 08:16 - 2024-03-17 19:53 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk2025-02-12 08:16 - 2024-03-17 19:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2025-02-11 23:22 - 2024-03-17 21:04 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk2025-02-11 19:15 - 2024-03-17 20:27 - 000000000 ____D C:\WINDOWS\system32\MRT2025-02-11 19:11 - 2024-03-17 20:27 - 209365816 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe==================== Files in the root of some directories ========2024-03-20 14:53 - 2024-03-20 14:53 - 000000066 _____ () C:\Users\twin9\AppData\Roaming\edw_user.ini==================== FLock ==============================2024-05-12 09:59 C:\Config.Msi2024-04-01 01:26 C:\PerfLogs2025-02-14 11:58 C:\WINDOWS\system32\config2024-04-01 01:34 C:\WINDOWS\system32\Configuration2024-04-01 01:26 C:\WINDOWS\system32\DriverState2024-04-01 01:26 C:\WINDOWS\system32\ias2025-02-14 13:55 C:\WINDOWS\system32\MsDtc2024-04-01 01:26 C:\WINDOWS\system32\networklist2025-02-19 12:45 C:\WINDOWS\system32\SleepStudy2025-02-19 12:30 C:\WINDOWS\system32\sru2025-02-14 12:00 C:\WINDOWS\system32\Tasks2025-02-14 13:55 C:\WINDOWS\system32\Tasks_Migrated2025-02-18 16:45 C:\WINDOWS\system32\WDI2025-02-19 10:34 C:\Program Files\WindowsApps2025-02-14 13:55 C:\WINDOWS\LiveKernelReports2024-04-01 01:26 C:\WINDOWS\ModemLogs2025-02-19 12:53 C:\WINDOWS\Prefetch2025-02-14 13:55 C:\WINDOWS\ServiceState2025-02-19 12:21 C:\WINDOWS\SystemTemp2025-02-19 12:19 C:\WINDOWS\Temp2025-02-14 13:53 C:\WINDOWS\WUModels2024-04-01 01:34 C:\WINDOWS\SysWOW64\config2024-04-01 01:34 C:\WINDOWS\SysWOW64\Configuration2024-04-01 01:26 C:\WINDOWS\SysWOW64\Msdtc2024-04-01 01:26 C:\WINDOWS\SysWOW64\NetworkList2024-04-01 01:26 C:\WINDOWS\SysWOW64\sru2024-04-01 01:34 C:\WINDOWS\SysWOW64\Tasks2025-02-14 11:56 C:\WINDOWS\system32\Drivers\DriverData2025-02-14 14:13 C:\Users\BIC2025-02-14 11:59 C:\Users\DAP2025-02-14 12:17 C:\ProgramData\Packages2022-05-07 00:10 C:\ProgramData\WindowsHolographicDevices==================== SigCheck ============================(There is no automatic fix for files that do not pass verification.)ATTENTION: ==> Could not access BCD. The user is not administrator -> The boot configuration data store could not be opened.Access is denied.==================== End of FRST.txt ========================[/SPOILER]</blockquote>

Verification

Top